The vulnerability is called "endless zero-day".
The vulnerability was exploited in Taidoor campaign primarily targeting government organizations located in Taiwan.
Trojan.Pidief.J
Vulnerability details
Advisory: SB2010060401 - Multiple vulnerabilities in Adobe Flash Player
Vulnerable component: Adobe Flash Player
CVE-ID: CVE-2010-1297
CVSSv3 score: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:H/RL:O/RC:C
CWE-ID: CWE-119 - Memory corruption
Description:
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing .swf files. A remote attacker can create a specially crafted .swf file, trick the victim into opening it, cause heap-based buffer overflow and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in compromise of vulnerable system.
Note: this vulnerability is being actively exploited.
Public Exploits:
- Adobe Flash Player - 'newfunction' Invalid Pointer Use (Metasploit) (2) [Exploit-DB]
- Adobe Flash Player - 'newfunction' Invalid Pointer Use (Metasploit) (1) [Exploit-DB]
- Adobe Acrobat Reader and Flash Player - 'newclass' Invalid Pointer Exploit [Exploit-DB]
- Adobe Flash and Reader - Live Malware (PoC) [Exploit-DB]
- Adobe Flash and Reader - Live Malware (PoC) [Exploit-DB]
External links:
http://www.adobe.com/support/security/advisories/apsa10-01.html
http://www.adobe.com/support/security/bulletins/apsb10-15.html
https://www.symantec.com/connect/blogs/analysis-zero-day-exploit-adobe-flash-and-reader
https://www.symantec.com/connect/blogs/zero-day-attack-wild-adobe-flash-reader-and-acrobat
https://success.trendmicro.com/solution/1055909
https://nakedsecurity.sophos.com/2010/06/08/mitigations-flash-vulnerability-cve20101297/
https://access.redhat.com/security/cve/cve-2010-1297
http://stopmalvertising.com/malware-reports/analysis-of-budget.pdf-exploit.swf.cve-2010-1297.a.html
http://seclists.org/metasploit/2010/q2/416
https://blogs.forcepoint.com/security-labs/adobe-0-day-vulnerability-flash-adobe-reader-and-acrobat-...
https://www.greyhathacker.net/?p=201
http://www.topitvideos.com/adobe-cve-2010-1297-pdf-exploit-demonstation/
http://developers-club.com/posts/96879/
https://blogs.forcepoint.com/security-labs/month-threat-webscape-june-2010
http://calhoun.nps.edu/bitstream/handle/10945/5016/10Dec_Post.pdf?sequence=1
http://www.pandasecurity.com/mediacenter/security/cloud-av-free-blocks-adobe-0-day/