Zero-day vulnerability in Adobe Flash Player

Type confusion
CVE-2017-11292

According to Kaspersky Lab, the vulnerability has being exploited by the BlackOasis threat actor. The recent attacks leveraging today's zero-day sent malicious Office documents to victims, which came with an embedded ActiveX object that contained the Flash CVE-2017-11292 exploit.

Known malware:

FINSPY

Vulnerability details

Advisory: SB2017101602 - Remote code execution in Adobe Flash Player

Vulnerable component: Adobe Flash Player

CVE-ID: CVE-2017-11292

CVSSv3 score: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:H/RL:O/RC:C

CWE-ID: CWE-704 - Incorrect Type Conversion or Cast (Type Conversion)

Description:

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a type confusion error when processing .swf files. A remote unauthenticated attacker can create a specially crafted .swf file, trick the victim into opening it and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Note: this vulnerability is being actively exploited in the wild.

Latest references in media:

- Ukraine ‘s SBU Security Service reportedly stopped VPNFilter attack at chlorine station [2018-07-13 10:10:08]

- Justice Department announces actions to disrupt the VPNFilter botnet [2018-05-24 09:37:15]

- Kaspersky – Sofacy ‘s campaigns overlap with other APT groups’ operations [2018-03-12 10:35:55]

- Russia-linked Sofacy APT group shift focus from NATO members to towards the Middle East and Central Asia [2018-02-21 21:31:11]

- Russian Fancy Bear APT Group improves its weapons in ongoing campaigns [2017-12-23 14:50:15]

- Russia-Linked APT28 group observed using DDE attack to deliver malware [2017-11-09 08:02:36]

- Windows 10 Exploit Guard Boosts Endpoint Defenses [2017-11-01 18:30:10]

- Security Affairs newsletter Round 134 – News of the week [2017-10-29 10:30:07]

- Latest Russia-linked APT28 campaign targeting security experts [2017-10-24 08:41:14]

- Windows Defender Exploit Guard: Reduce the attack surface against next-generation malware [2017-10-23 18:11:18]

- Windows Defender Exploit Guard: Reducing the attack surface with next-generation host intrusion prevention [2017-10-23 15:05:55]

- APT28 group is rushing to exploit recent CVE-2017-11292 Flash 0-Day before users apply the patches [2017-10-22 13:30:07]

- Hackers race to use Flash exploit before vulnerable systems are patched | ZDNet [2017-10-20 18:50:03]

- Russian Hackers Exploit Recently Patched Flash Vulnerability [2017-10-20 13:20:29]

- Russian Cyberspies Are Rushing to Exploit Recent Flash 0-Day Before It Goes Cold [2017-10-20 11:02:17]

- Adobe releases emergency fix for Flash Player zero-day exploited in the wild [2017-10-17 12:00:06]

- BlackOasis APT exploits Flash zero-day to download FinFisher spyware | TheINQUIRER [2017-10-17 10:30:28]

- BlackOasis APT leverages new Flash zero-day exploit to deploy FinSpy [2017-10-17 09:11:24]

- Adobe patches zero-day vulnerability used to plant gov't spying software | ZDNet [2017-10-17 08:50:04]

- Flash 0-day in the wild – patch now! [2017-10-17 08:11:37]

- Fresh Adobe Zero-Day Spotted in the Wild [2017-10-16 23:20:04]

- Adobe Patches Flash ZeroDay Used To Plant Surveillance Software [2017-10-16 20:51:08]

- Here's a timeless headline: Adobe rushes out emergency Flash fix after hacker exploits bug [2017-10-16 20:50:01]

- New Adobe Flash ZeroDay Used To Plant Surveillance Software [2017-10-16 20:40:03]

- Government Hacker Using New Flash Zero-Day Exploit to Install FinFisher/FinSpy Spyware On High-Profile Targets [2017-10-16 18:00:03]

- Adobe Patches Flash Zero Day Exploited by Black Oasis APT [2017-10-16 17:50:06]

- Middle East Group Uses Flash Zero-Day to Deliver Spyware [2017-10-16 17:41:12]

- Adobe Patches Flash Zero-Day Used by BlackOasis APT [2017-10-16 17:14:27]

- BlackOasis APT and new targeted attacks leveraging zero-day exploit [2017-10-16 16:44:46]

- Adobe Patches Flash Zero-Day Exploited in Targeted Attacks [2017-10-16 16:23:56]

Vulnerability Scanning SaaS

Vulnerability scanning SaaS service is online 3-rd generation vulnerability scanner with scheduled assessments and vulnerability subscription. You can use service to check security of your network perimeter.