Adobe patched "Pwn2Own contest flaw and DNS rebinding issues"

Adobe published an advisory covering issues, including a fix for the Pwn2Own flaw that we previously discussed here. Adobe’s details are published here. One of the issues that was patched was discovered by myself and fellow researcher (and co-worker at Ernst & Young’s Advanced Security Center) Rob Carter, see the picture to the right of […]

Adobe published an advisory covering issues, including a fix for the Pwn2Own flaw that we previously discussed here. Adobe’s details are published here. One of the issues that was patched was discovered by myself and fellow researcher (and co-worker at Ernst & Young’s Advanced Security Center) Rob Carter, see the picture to the right of Rob and I rollin’ with large stacks of Euros (not really, it was actually like 10 Euros, aka $10,000.00 with the way the dollar is these days) in Amsterdam during Black Hat Europe. The flaw we discovered is a DNS Rebinding flaw that’s a bit unique. It takes advantage of some DNS canonicalization issues, and I really feel like it may be useful in other attack vectors as well. My good friend Rob has already posted the details on his “Farfromr00tin” blog, and the analysis is quite good, so I will paraphrase this here.

Full Article

Adobe, DNS, Domain, Microsoft, Internet Explorer, Browser, Domain Name, Flaw, Rob, Flash, Security Update, Patch

About The Author

Deepak Gupta is a IT & Web Consultant. He is the founder and CEO of diTii.com & DIT Technologies, where he's engaged in providing Technology Consultancy, Design and Development of Desktop, Web and Mobile applications using various tools and softwares. Sign-up for the Email for daily updates. Google+ Profile.