Zero-day vulnerability in Adobe Flash Player

Integer overflow
CVE-2015-8651

Known malware:

Exploit kits: Angler, Neutrino, Nuclear Pack and RIG

Vulnerability details

Advisory: SB2015122801 - Multiple vulnerabilities in Adobe Flash Player

Vulnerable component: Adobe Flash Player

CVE-ID: CVE-2015-8651

CVSSv3 score: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:F/RL:O/RC:C

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Description:

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to integer overflow. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation results in arbitrary code execution on the vulnerable system.

Note: the vulnerability was being actively exploited.

Latest references in media:

- Rig Exploit Kit Now Using CVE-2018-8174 to Deliver Monero Miner [2018-06-01 01:13:09]

- Matrix Ransomware being distributed through malvertising [2017-10-29 15:00:15]

- Matrix Ransomware Being Distributed by the RIG Exploit Kit [2017-10-27 22:42:48]

- No slowdown in Cerber ransomware activity as 2016 draws to a close [2016-12-22 05:06:47]

- Exploit kits remain a cybercrime staple against outdated software тАУ 2016 threat landscape review series [2017-01-23 23:37:34]

- Neptune exploit kit used to deliver Monero cryptocurrency miners via malvertising [2017-08-23 10:12:35]

- Neptune Exploit Kit Dropping Cryptocurrency Miners Through Malvertisements [2017-08-23 00:02:54]

- Hiking Club Malvertisements Drop Monero Miners Via Neptune Exploit Kit [2017-08-22 16:14:54]

- US-CERT issues North Korean cyberattack patch warning [2017-06-15 20:50:36]

- Crouching cyber, Hidden Cobra: Crack North Korean hack team ready to strike, says US-CERT [2017-06-14 22:10:01]

- The FBI and DHS have issued alert over DeltaCharlie, a DDoS Botnet Malware being used by North Korean hacking group 'Hidden Cobra.' [2017-06-14 14:30:10]

- Stegano Exploit Kit now uses the Diffie-Hellman Algorithm [2017-05-20 21:40:26]

- Stegano Exploit Kit Adopts the Diffie-Hellman Algorithm [2017-05-19 14:10:29]

- Will Astrum Fill the Vacuum in the Exploit Kit Landscape? [2017-05-18 16:51:27]

- Exploit Kit Activity Quiets, But Is Far From Silent [2017-04-14 12:10:09]

- RATANKBA: Delving into Large-scale Watering Holes against Enterprises [2017-02-27 13:10:38]

- Cyber Threat Intelligence Shows Majority of Cybercrime is NOT Sophisticated [2017-01-20 17:28:50]

- New campaign leverages RIG Exploit kit to deliver the Cerber Ransomware [2017-01-17 05:17:42]

- New RIG Campaign Distributes Cerber Ransomware [2017-01-17 05:12:35]

- Security Alert: RIG EK Exploits Outdated Popular Apps, Spreads Cerber Ransomware [2017-01-15 15:40:13]

- Cerber Ransomware Doesn't Delete Shadow Volume Copies Anymore, Prioritizes Office Docs [2016-12-22 23:57:35]

- Masterful malvertisers pwn Channel 9, Sky, MSN in stealth attacks [2016-12-08 07:40:01]

- Stegano exploit kit spreading via malicious ads on a number of popular websites is targeting millions of daily visitors. [2016-12-07 09:14:09]

- Adobe Flash Player flaws remain the most used by Exploit Kits [2016-12-06 21:24:26]

- Flash Player Remains Main Target of Exploit Kits: Report [2016-12-06 16:44:11]

- New Stegano Exploit Kit Hides Malvertising Code in Image Pixels [2016-12-06 16:18:57]

- RIG Picks Up Where Neutrino Left Off, Pushes CrypMIC Ransomware [2016-09-21 15:34:36]

- Web pests pour two exploit kits into one cup [2016-08-17 08:37:38]

- Experts published IE Exploit code and crooks added it to Neutrino EK []

- IE Exploit Added to Neutrino After Experts Publish PoC []

- Exploit Kits Quickly Adopt Exploit Thanks to Open Source Release []

- RIG Exploit Kit Exposes Millions to SmokeLoader Backdoor []

External links:

https://helpx.adobe.com/security/products/flash-player/apsb16-01.html
https://blogs.forcepoint.com/security-labs/popular-site-leads-angler-ek-cve-2015-8651-flash-player-e...
https://www.symantec.com/security_response/writeup.jsp?docid=2015-122818-3536-99&tabid=2
https://blogs.forcepoint.com/security-labs/popular-site-leads-angler-ek-cve-2015-8651-flash-player-e...
https://krebsonsecurity.com/tag/cve-2015-8651/
https://blogs.technet.microsoft.com/mmpc/2016/06/20/reverse-engineering-dubniums-flash-targeting-exp...
https://krebsonsecurity.com/tag/cve-2015-8651/
https://www.scmagazine.com/adobe-issues-critical-flash-player-patch/article/533434/
http://vulnerablespace.blogspot.com/2016/06/malware-analysing-and-repurposing-rigs.html
https://blog.qualys.com/laws-of-vulnerabilities/2015/12/28/last-adobe-0-day-patched-for-the-year
https://www.reddit.com/r/ReverseEngineering/comments/43a1i5/an_analysis_on_the_principle_of_cve20158...
http://www.securityweek.com/adobe-issues-emergency-patch-flash-zero-day-under-attack
http://securityaffairs.co/wordpress/43131/cyber-crime/adobe-flash-zero-day.html
http://securityaffairs.co/wordpress/54120/reports/exploit-kits-top-flaws.html
https://blog.malwarebytes.com/threat-analysis/exploits-threat-analysis/2016/07/a-look-into-some-rig-...
http://www.darkreading.com/vulnerabilities---threats/here-are-4-vulnerabilities-ransomware-attacks-a...
https://www.recordedfuture.com/recent-ransomware-vulnerabilities/
http://resources.infosecinstitute.com/most-exploited-vulnerabilities-by-whom-when-and-how/#gref
http://neurogadget.net/2016/12/08/adobe-flash-player-bugs-issues-exploits-computers/48666
http://thehackernews.com/2015/12/adobe-flash-security-update.html
http://www.theregister.co.uk/2015/12/28/adobe_flash_security_update/
https://www.solutionary.com/resource-center/blog/2015/12/adobe-flash-player-vulnerability/
http://wccftech.com/flash-player-receives-emergency-security-patch/
http://news.softpedia.com/news/adobe-fixes-flash-zero-day-bug-discovered-by-huawei-498184.shtml

Vulnerability Scanning SaaS

Vulnerability scanning SaaS service is online 3-rd generation vulnerability scanner with scheduled assessments and vulnerability subscription. You can use service to check security of your network perimeter.