According to Kaspersky Lab, the vulnerability has being exploited by the BlackOasis threat actor. The recent attacks leveraging today's zero-day sent malicious Office documents to victims, which came with an embedded ActiveX object that contained the Flash CVE-2017-11292 exploit.
Vulnerable component: Adobe Flash Player
CVSSv3 score: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:H/RL:O/RC:C
CWE-ID: CWE-704 - Incorrect Type Conversion or Cast (type confusion)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a type confusion error when processing .swf files. A remote unauthenticated attacker can create a specially crafted .swf file, trick the victim into opening it and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Note: this vulnerability is being actively exploited in the wild.
Latest references in media:
- Kaspersky тАУ Sofacy тАШs campaigns overlap with other APT groupsтАЩ operations [2018-03-12 10:35:55]
- Russian Fancy Bear APT Group improves its weapons in ongoing campaigns [2017-12-23 14:50:15]
- Russia-Linked APT28 group observed using DDE attack to deliver malware [2017-11-09 08:02:36]
- Windows 10 Exploit Guard Boosts Endpoint Defenses [2017-11-01 18:30:10]
- Security Affairs newsletter Round 134 тАУ News of the week [2017-10-29 10:30:07]
- Latest Russia-linked APT28 campaign targeting security experts [2017-10-24 08:41:14]
- Windows Defender Exploit Guard: Reduce the attack surface against next-generation malware [2017-10-23 18:11:18]
- Hackers race to use Flash exploit before vulnerable systems are patched | ZDNet [2017-10-20 18:50:03]
- Russian Hackers Exploit Recently Patched Flash Vulnerability [2017-10-20 13:20:29]
- Russian Cyberspies Are Rushing to Exploit Recent Flash 0-Day Before It Goes Cold [2017-10-20 11:02:17]
- Adobe releases emergency fix for Flash Player zero-day exploited in the wild [2017-10-17 12:00:06]
- BlackOasis APT exploits Flash zero-day to download FinFisher spyware | TheINQUIRER [2017-10-17 10:30:28]
- BlackOasis APT leverages new Flash zero-day exploit to deploy FinSpy [2017-10-17 09:11:24]
- Adobe patches zero-day vulnerability used to plant gov't spying software | ZDNet [2017-10-17 08:50:04]
- Flash 0-day in the wild – patch now! [2017-10-17 08:11:37]
- Fresh Adobe Zero-Day Spotted in the Wild [2017-10-16 23:20:04]
- Adobe Patches Flash ZeroDay Used To Plant Surveillance Software [2017-10-16 20:51:08]
- Here's a timeless headline: Adobe rushes out emergency Flash fix after hacker exploits bug [2017-10-16 20:50:01]
- New Adobe Flash ZeroDay Used To Plant Surveillance Software [2017-10-16 20:40:03]
- Adobe Patches Flash Zero Day Exploited by Black Oasis APT [2017-10-16 17:50:06]
- Middle East Group Uses Flash Zero-Day to Deliver Spyware [2017-10-16 17:41:12]
- Adobe Patches Flash Zero-Day Used by BlackOasis APT [2017-10-16 17:14:27]
- BlackOasis APT and new targeted attacks leveraging zero-day exploit [2017-10-16 16:44:46]
- Adobe Patches Flash Zero-Day Exploited in Targeted Attacks [2017-10-16 16:23:56]
Vulnerability scanning SaaS service is online 3-rd generation vulnerability scanner with scheduled assessments and vulnerability subscription. You can use service to check security of your network perimeter.