A Zero-day exploit has been identified that redirects the Adobe Flash Player to malware infected servers. The threat is expanding.

Investigations are continuing around a known Zero-Day exploit of Adobe Flash Player versions 9.0.124.0 and older.

According to a Security Focus advisory recently released; “Adobe Flash Player is prone to an unspecified remote code-execution vulnerability.

An attacker may exploit this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions.

Adobe Flash Player 9.0.115.0 and 9.0.124.0 are vulnerable; other versions may also be affected.”

The exploit consists of redirection scripts posted in infected websites. The script does a quick check of the version of Flash Player installed, based on the result it then runs an associated .SWF file (shockwave) to take control of the users computer

A further announcement from Security Focus expands on the threat indicating that though the exploit was firstly discovered in a couple of Chinese language websites, it looks to be spreading. According to Security Focus; “Continued investigation reveals that this issue is fairly widespread. Malicious code is being injected into other third-party domains (approximately 20,000 web pages), most likely through SQL-injection attacks. The code then redirects users to sites hosting malicious Flash files exploiting this issue.”

Adobe have briefly acknowledged the issue.

In direct response to this issue Symantec have raised their ThreatCon indicator to 2 (medium: increased alertness). An indication that malicious code threats have reached a moderate risk level.

Network administrators should be aware of the issue and be prepared to block ip addresses in firewalls and proxy servers as they come to hand.