Zero-day Vulnerability Database

Change view

Zero-day vulnerabilities discovered: 62

Multiple vulnerabilities in Adobe Flash Player
CVE-2016-7892

Use-after-free error

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to use-after-free error when processing .swf files. A remote attacker can create a specially crafted SWF file, trick the victim into opening it, cause memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability results in compromise of vulnerable system.

Note: this vulnerability is being actively exploited in the wild.

Software: Adobe Flash Player

Remote code execution in Adobe Flash Player
CVE-2016-7855

Use-after-free error

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to use-after-free error when handling .swf files. A remote attacker can trick the victim to visit a website or open a file with malicious Flash file and execute arbitrary code on the target system with privileges of the current user.

Note: this vulnerability was being actively exploited in the wild.

i

The vulnerability was disclosed by Neel Mehta and Billy Leonard of the Google Threat Analysis Group.

The vulnerability was exploited by Russian hacker group APT28.

Software: Adobe Flash Player

The vulnerability was disclosed by Neel Mehta and Billy Leonard of the Google Threat Analysis Group.

The vulnerability was exploited by Russian hacker group APT28.

Remote code execution in Adobe Flash Player
CVE-2016-4171

Memory corruption

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error when handling .swf files. A remote attacker can create a specially crafted SWF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.

Note: the vulnerability was being actively exploited.


i

The vulnerability was reported by Anton Ivanovn of Kaspersky.
Used by ScarCruft hacking team in Operation Daybreak and Operation Erebus as suggested by Kaspersky Lab.

It has been used in targeted attacks carried out by a new ScarCruft APT group operating primarily against high-profile victims in China, South Korea, India, Russia, Nepal, Romania, and Kuwait.

Software: Adobe Flash Player

The vulnerability was reported by Anton Ivanovn of Kaspersky.
Used by ScarCruft hacking team in Operation Daybreak and Operation Erebus as suggested by Kaspersky Lab.

It has been used in targeted attacks carried out by a new ScarCruft APT group operating primarily against high-profile victims in China, South Korea, India, Russia, Nepal, Romania, and Kuwait.

Remote code execution in Adobe Flash Player
CVE-2016-4117

Type confusion

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to type confusion error when processing .swf files. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability results in arbitrary code execution.

Note: the vulnerability was being actively exploited.
i

The vulnerability was reported by Genwei Jiang.
The zero-day was used by the Pawn Storm and APT3 cyber espionage groups in Operation Erebus campaign and seen in payloads included with CryptXXX, Cerber and DMA Locker ransomware, as well as the Gootkit Trojan.

Software: Adobe Flash Player

Known/fameous malware:

Exploit kit: Angler, Magnitude, Neutrino, RIG.

The vulnerability was reported by Genwei Jiang.
The zero-day was used by the Pawn Storm and APT3 cyber espionage groups in Operation Erebus campaign and seen in payloads included with CryptXXX, Cerber and DMA Locker ransomware, as well as the Gootkit Trojan.

Microsoft Security Update for Adobe Flash Player
CVE-2016-1019

Type confusion

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to type confusion error when handling .swf files. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability results in arbitrary code execution.

Note: the vulnerability was being actively exploited.
i

The weakness was presented by Kafeine (EmergingThreats/Proofpoint), Genwei Jiang (FireEye, Inc.) and Clement Lecigne (Google).

According to FireEye, on April 2, Kafeine provided details on a version of the Magnitude Exploit Kit that was originally believed to be exploiting known Adobe Flash vulnerabilities.

Software: Adobe Flash Player

Known/fameous malware:

Magnitude, Neutrino and Nuclear Pack Exploit Kit.
Cerber and DMA Locker ransomware.

The weakness was presented by Kafeine (EmergingThreats/Proofpoint), Genwei Jiang (FireEye, Inc.) and Clement Lecigne (Google).

According to FireEye, on April 2, Kafeine provided details on a version of the Magnitude Exploit Kit that was originally believed to be exploiting known Adobe Flash vulnerabilities.

Multiple vulnerabilities in Adobe Flash Player
CVE-2016-1010

Integer overflow

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to integer overflow. A remote attacker can create a specially crafted Web site, trick the victim into visiting it and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability results in arbitrary code execution.

Note: the vulnerability was being actively exploited.
i

The vulnerability was reported by Anton Ivanov from Kaspersky Lab. The vulnerability was used by the ScarCruft group in Operation Daybreak campaign.

Software: Adobe Flash Player

Known/fameous malware:

Used in Angler Exploit Kit.

The vulnerability was reported by Anton Ivanov from Kaspersky Lab. The vulnerability was used by the ScarCruft group in Operation Daybreak campaign.

Multiple vulnerabilities in Adobe Flash Player
CVE-2016-0984

Use-after-free error

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a use-after-free error when processing malicious .swf content. A remote attacker can create a specially crafted .SWF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability may result in complete compromise of vulnerable system.

According to Kasperksy Lab report, this vulnerability has bein actively exploited in the wild by BlackOasis APT actor.

i

According to Kaspersky Lab, this vulnerability has being exploited in the wild by BlackOasis actor in June 2015.

Software: Adobe Flash Player

According to Kaspersky Lab, this vulnerability has being exploited in the wild by BlackOasis actor in June 2015.

Multiple vulnerabilities in Adobe Flash Player
CVE-2015-8651

Integer overflow

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to integer overflow. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation results in arbitrary code execution on the vulnerable system.

Note: the vulnerability was being actively exploited.

Software: Adobe Flash Player

Known/fameous malware:

Exploit kits: Angler, Neutrino, Nuclear Pack and RIG

Remote code execution in Adobe Flash Player
CVE-2015-7645

Type confusion

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to type confusion error. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation results in arbitrary code execution on the vulnerable system.

Note: the vulnerability was being actively exploited.

i

Was used in Pawn Storm Campaign Targeting Foreign Affairs Ministries. Exploited by the Fancy Bear APT.
The vulnerability was reported by Peter Pi of Trend Micro.

Software: Adobe Flash Player

Known/fameous malware:

Exploit Kits: Angler, Hunter, Magnitude, Neutrino, Nuclear Pack, RIG, Spartan.

Was used in Pawn Storm Campaign Targeting Foreign Affairs Ministries. Exploited by the Fancy Bear APT.
The vulnerability was reported by Peter Pi of Trend Micro.

Two remote code execution vulnerabilities in Adobe Flash Player
CVE-2015-5123

тАЬUse-after-freeтАЭ error

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to use-after-free error in the ActionScript 3 BitmapData class. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation results in arbitrary code execution on the vulnerable system.

Note: the vulnerability was being actively exploited.

i

The exploit code was revealed after Hacking Team data leak.

Software: Adobe Flash Player

Known/fameous malware:

SWF_EKSPLOYT.EDF. (TrendMicro).

The exploit code was revealed after Hacking Team data leak.

Two remote code execution vulnerabilities in Adobe Flash Player
CVE-2015-5122

тАЬUse-after-freeтАЭ error

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to use-after-free error in the ActionScript 3 opaqueBackground class. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation results in arbitrary code execution on the vulnerable system.

Note: the vulnerability was being actively exploited.

i

The exploit code was revealed after Hacking Team data leak. The exploit was used against Japanese organizations.
The vulnerability was reported by Dhanesh Kizhakkinan of FireEye as well as Peter Pi of TrendMicro.

Software: Adobe Flash Player

Known/fameous malware:

Exploit kits: Angler EK - 2015-07-11 Neutrino - 2015-07-13 Nuclear Pack - 2015-07-14 RIG - 2015-07-14 Magnitude - 2015-07-15 NullHole - 2015-07-22 Spartan - 2015-09-11

The exploit code was revealed after Hacking Team data leak. The exploit was used against Japanese organizations.
The vulnerability was reported by Dhanesh Kizhakkinan of FireEye as well as Peter Pi of TrendMicro.

Remote code execution in Adobe Flash Player
CVE-2015-5119

Use-after-free error

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to use-after-free error when processing .swf files. A remote attacker can create a specially crafted Web-site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of  the vulnerability results in arbitrary code execution on the vulnerable system.

Note: the vulnerability was being actively exploited.

i

The exploit code was revealed after Hacking Team data leak. Was also used in phishing campaigns conducted by two Chinese advanced persistent threat (APT) groups: APT3 and APT18.
The vulnerability was reported by Google Project Zero and Morgan Marquis-Boire.

Software: Adobe Flash Player

The exploit code was revealed after Hacking Team data leak. Was also used in phishing campaigns conducted by two Chinese advanced persistent threat (APT) groups: APT3 and APT18.
The vulnerability was reported by Google Project Zero and Morgan Marquis-Boire.

Remote code execution in Adobe Flash Player
CVE-2015-3113

Heap-based buffer overflow

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to heap-based buffer overflow when processing .swf files. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation results in arbitrary code execution on the vulnerable system.

Note: the vulnerability was being actively exploited.

i

Exploited by a China-based cyberespionage group. Operation Clandestine Wolf тАУ Adobe Flash Zero-Day in APT3 Phishing Campaign.

Software: Adobe Flash Player

Known/fameous malware:

Magnitude exploit kit.

Exploited by a China-based cyberespionage group. Operation Clandestine Wolf тАУ Adobe Flash Zero-Day in APT3 Phishing Campaign.

Multiple vulnerabilities in Adobe Flash Player
CVE-2015-3043

Memory corruption

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation results in arbitrary code execution on the vulnerable system.

Note: the vulnerability was being actively exploited.

i

Attackers exploited the vulnerabilities together to attack a government entity to and steal politically sensitive data that is a known target of the Russian group (APT campaign).

Software: Adobe Flash Player

Attackers exploited the vulnerabilities together to attack a government entity to and steal politically sensitive data that is a known target of the Russian group (APT campaign).

Multiple vulnerabilities in Adobe Flash Player
CVE-2015-0313

Use-after-free error

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to use-after-free error when processing .swf content. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation results in arbitrary code execution on the vulnerable system.

Note: the vulnerability was being actively exploited.

i

The vulnerability was used during malwertising campaign against visitors of dailymotion.com.

Software: Adobe Flash Player

Known/fameous malware:

SWF_EXPLOIT.MJST
Hanjuan Exploit Kit

The vulnerability was used during malwertising campaign against visitors of dailymotion.com.

Remote code execution in Adobe Flash Player
CVE-2015-0311

Use-after-free error

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to use-after-free error when processing .swf files. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation results in arbitrary code execution on the vulnerable system.

Note: the vulnerability was being actively exploited.

i

The vulnerability was discovered by French security researcher тАЬKafeineтАЭ.
It was actively being exploited in the wild via drive-by-download attacks against systems running Internet Explorer and Firefox on Windows 8.1 and below. It was used by Angler EK and infected at least 1,800 known domains.

Software: Adobe Flash Player

Known/fameous malware:

SWF/Exploit.CVE-2015-0311.N(2)
Trojan.Swifi (Symantec)
Angler EK

The vulnerability was discovered by French security researcher тАЬKafeineтАЭ.
It was actively being exploited in the wild via drive-by-download attacks against systems running Internet Explorer and Firefox on Windows 8.1 and below. It was used by Angler EK and infected at least 1,800 known domains.

Security bypass in Adobe Flash Player
CVE-2015-0310

Security bypass

The vulnerability allows a remote attacker to circumvent memory address randomization on the target system.

The weakness exists due to memory leak error. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption, bypass memory address randomization on the Windows platform and obtain sensitive information.

Note: the vulnerability was being actively exploited.

i

The vulnerability was discovered and reported by security researcher Kafeine.
The vulnerability was used in attacks against older versions of Flash Player.

Software: Adobe Flash Player

Known/fameous malware:

Angler EK.

The vulnerability was discovered and reported by security researcher Kafeine.
The vulnerability was used in attacks against older versions of Flash Player.

Multiple vulnerabilities in Adobe Flash Player
CVE-2014-9163

Stack-based buffer overflow

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to stack-based buffer overflow when processing .swf files. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.

Note: the vulnerability was being actively exploited.
i

The vulnerability was discovered by the researcher тАШbilouтАЩ, who reported the bug through HPтАЩs Zero Day Initiative (ZDI).

Has been used in a watering hole attack against US Defense and Financial Services firms, where it was hosted on the compromised Forbes.com website.

Software: Adobe Flash Player

Known/fameous malware:

Trojan.Win32.Bergard.A.

The vulnerability was discovered by the researcher тАШbilouтАЩ, who reported the bug through HPтАЩs Zero Day Initiative (ZDI).

Has been used in a watering hole attack against US Defense and Financial Services firms, where it was hosted on the compromised Forbes.com website.

Multiple vulnerabilities in Adobe Flash Player
CVE-2014-8439

Use-after-free error

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to use-after-free error when processing .swf files. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.

Note: the vulnerability was being actively exploited.
i

An Adobe Flash vulnerability was discovered in October and promptly patched. The exploits in the Nuclear and Angler kits were detected by the French researcher Kafeine shortly after the company released an update on Oct.14. Despite a patch on 14, October 2014, the vulnerability was not completely mitigated. The vulnerability was patched again in November, 25.


Software: Adobe Flash Player

Known/fameous malware:

Troj/SWFExp-CD.
Exploit kits: Angler, Nuclear, and Astrum.

An Adobe Flash vulnerability was discovered in October and promptly patched. The exploits in the Nuclear and Angler kits were detected by the French researcher Kafeine shortly after the company released an update on Oct.14. Despite a patch on 14, October 2014, the vulnerability was not completely mitigated. The vulnerability was patched again in November, 25.


Remote code execution in Adobe Acrobat and Adobe Reader
CVE-2014-0546

Security bypass

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to improper input validation when processing .pdf files. A remote attacker can create a specially crafted file, trick the victim into opening it, bypass sandbox restrictions and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.

Note: the vulnerability was being actively exploited.
i

The vulnerability was discovered by Costin Raiu and Vitaly Kamluk of Kaspersky Labs.

Exploited by Animal Farm group.

Software: Adobe Reader

The vulnerability was discovered by Costin Raiu and Vitaly Kamluk of Kaspersky Labs.

Exploited by Animal Farm group.

Remote code execution in Adobe Flash Player
CVE-2014-0515

Buffer overflow

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to buffer overflow, caused by improper bounds checking by the pixel bender component. A remote attacker can create a specially crafted SWF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.

Note: the vulnerability was being actively exploited.
i

A sample of the first exploit was detected on April 14, while a sample of the second came on April 16. The first exploit was initially recorded by KSN on April 9, when it was detected by a generic heuristic signature.

The disclosed vulnerability was actively exploited and relates to attack via the website of Syrian Ministry of Justice in September, 2013.

Software: Adobe Flash Player

Known/fameous malware:

Exploit:SWF/CVE-2014-0515

A sample of the first exploit was detected on April 14, while a sample of the second came on April 16. The first exploit was initially recorded by KSN on April 9, when it was detected by a generic heuristic signature.

The disclosed vulnerability was actively exploited and relates to attack via the website of Syrian Ministry of Justice in September, 2013.

Multiple vulnerabilities in Adobe Flash Player
CVE-2014-0502

Double free

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to double free error when processing .swf files. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.

Note: the vulnerability was being actively exploited.
i

Wen Guanxing of Venustech, The Google Security Team and FireEye were working at the vulnerability.
FireEye dubbed the attack exploiting the vulnerability "Operation GreedyWonk".
The vulnerability was exploited to compromise sites of:

  • Peterson Institute for International
  • Economics American Research Center in Egypt
  • Smith Richardson Foundation
TrendMicro uses CVE-2014-0498 in some reports to cover exploit used in Operation GreedyWonk. But we believe this is the same vulnerability and we will refer to it as CVE-2014-0502.

Software: Adobe Flash Player

Known/fameous malware:

Elderwood exploit kit.

Wen Guanxing of Venustech, The Google Security Team and FireEye were working at the vulnerability.
FireEye dubbed the attack exploiting the vulnerability "Operation GreedyWonk".
The vulnerability was exploited to compromise sites of:
  • Peterson Institute for International
  • Economics American Research Center in Egypt
  • Smith Richardson Foundation
TrendMicro uses CVE-2014-0498 in some reports to cover exploit used in Operation GreedyWonk. But we believe this is the same vulnerability and we will refer to it as CVE-2014-0502.

Remote code execution in Adobe Flash Player
CVE-2014-0497

Integer underflow

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to integer underflow when processing .swf files. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.

Note: the vulnerability was being actively exploited.
i

Exploited by DarkHotel APT.

The vulnerability survived for 84 days after update in November 2013.

Software: Adobe Flash Player

Exploited by DarkHotel APT.

The vulnerability survived for 84 days after update in November 2013.

Two remote code execution vulnerabilities in Adobe Flash Player
CVE-2013-5331

Type confusion

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to type confusion error. A remote attacker can create a specially crafted Web site or . swf file, trick the victim into visiting it and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.

Note: the vulnerability was being actively exploited.
i

The vulnerability was reported by Adobe as being exploited in the wild. The attackers used Microsoft Word documents with embedded malicious Flash (.swf) content.

Software: Adobe Flash Player

Known/fameous malware:

Troj/SWFExp-CH (Sophos)
Trojan horse Exploit_c.YZX (AVG)
Exploit.Win32.CVE-2013 (Ikarus)
HEUR:Exploit.SWF.CVE-2013-5331.a (Kaspersky)
Exploit:Win32/CVE-2013-5331 (Microsoft)
SWF/Exploit.CVE-2013-5331.A trojan (Eset)
Trojan.Mdropper (Symantec)

The vulnerability was reported by Adobe as being exploited in the wild. The attackers used Microsoft Word documents with embedded malicious Flash (.swf) content.

Directory traversal in Adobe ColdFusion
CVE-2013-3336

Directory traversal

The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.

The weakness exists due to improper validation of the user-supplied input. A remote attacker can create specially crafted HTTP request containing "dot dot" sequences (/../) and view contents of arbitrary files on vulnerable system.

Successful exploitation of the vulnerability may allow an attacker to obtain potentially sensitive information and compromise vulnerable system.

Note: the vulnerability was being actively exploited.

Software: ColdFusion

Multiple vulnerabilities in Adobe Flash Player
CVE-2013-0648

Arbitrary code execution

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to an error in the ExternalInterface ActionScript feature. A remote attacker can create specially crafted Web site serving malicious Flash (SWF) content, trick the victim into visiting it and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.

Note: the vulnerability was being actively exploited.

Software: Adobe Flash Player

Multiple vulnerabilities in Adobe Flash Player
CVE-2013-0643

Arbitrary code execution

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to an error when handling permissions of the Flash Player Firefox sandbox. A remote attacker can create specially crafted Web site serving malicious Flash (SWF) content, trick the victim into visiting it, bypass the sandbox restrictions and execute arbitrary code outside the sandbox with privileges of the current user.

Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.

Note: the vulnerability was being actively exploited.

Software: Adobe Flash Player

Two remote code execution vulnerabilities in Adobe Acrobat and Adobe Reader
CVE-2013-0641

Buffer overflow

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to buffer overflow when handling malicious files. A remote attacker can create specially crafted PDF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.

Note: the vulnerability was being actively exploited.
i

The sandbox vulnerability was dubbed as "666" by FireEye. CVE-2013-0640 and CVE-2013-0641 have been exploited in MiniDuke, Zegost, PlugX Malware Campaign attacks.

Software: Adobe Reader

The sandbox vulnerability was dubbed as "666" by FireEye. CVE-2013-0640 and CVE-2013-0641 have been exploited in MiniDuke, Zegost, PlugX Malware Campaign attacks.

Two remote code execution vulnerabilities in Adobe Acrobat and Adobe Reader
CVE-2013-0640

Memory corruption

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error when handling malicious files. A remote attacker can create specially crafted PDF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.

Note: the vulnerability was being actively exploited.
i

The sandbox vulnerability was dubbed as "666" by FireEye. CVE-2013-0640 and CVE-2013-0641 have been exploited in MiniDuke, Zegost, PlugX Malware Campaign attacks.

Software: Adobe Reader

The sandbox vulnerability was dubbed as "666" by FireEye. CVE-2013-0640 and CVE-2013-0641 have been exploited in MiniDuke, Zegost, PlugX Malware Campaign attacks.

Two remote code execution vulnerabilities in Adobe Flash Player
CVE-2013-0634

Memory corruption

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error in Flash Player for Firefox. A remote attacker can create specially crafted .swf file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.

Note: the vulnerability was being actively exploited.
i

The vulnerability was discovered by Shadowserver Foundation.

The exploit was used in a cyber espionage campaign dubbed тАЬLadyBoyle".

Software: Adobe Flash Player

The vulnerability was discovered by Shadowserver Foundation.

The exploit was used in a cyber espionage campaign dubbed тАЬLadyBoyle".

Two remote code execution vulnerabilities in Adobe Flash Player
CVE-2013-0633

Buffer overflow

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to buffer overflow in ActiveX version of Flash Player. A remote attacker can create specially crafted .swf file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.

Note: the vulnerability was being actively exploited.
i

The vulnerability was reported to Adobe by Sergey Golovanov and Alexander Polyakov of Kaspersky.
The vulnerability was being used in a series of targeted attacks mostly against human rights activists and political dissidents from Africa and the Middle East.

Software: Adobe Flash Player

Known/fameous malware:

Exploit: SWF/CVE-2013-0633.

The vulnerability was reported to Adobe by Sergey Golovanov and Alexander Polyakov of Kaspersky.
The vulnerability was being used in a series of targeted attacks mostly against human rights activists and political dissidents from Africa and the Middle East.

Multiple vulnerabilities in Adobe ColdFusion
CVE-2013-0625

Authentication bypass

The vulnerability allows a remote attacker to bypass authentication and execute arbitrary code on the target system.

The vulnerability exists due to improper authentication, when password is not configured. A remote unauthenticated attacker can bypass authentication process and execute arbitrary code on the target system.

Note: the vulnerability was being actively exploited.

Software: ColdFusion

Multiple vulnerabilities in Adobe ColdFusion
CVE-2013-0629

Authentication bypass

The vulnerability allows a remote attacker to bypass authentication.

The vulnerability exists due to an error in authentication process, when a password is not configured. A remote unauthenticated attacker can gain unauthorized access to restricted directories.

Successful exploitation of this vulnerability results in unauthorized gaining access to the directories.

Note: the vulnerability was being actively exploited.

Software: ColdFusion

Multiple vulnerabilities in Adobe ColdFusion
CVE-2013-0631

Information disclosure

The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.

The weakness exists due to improper access control. A remote attacker can gain access to important data.

Note: the vulnerability was being actively exploited.

Software: ColdFusion

Multiple vulnerabilities in Adobe ColdFusion
CVE-2013-0632

Authentication bypass

The vulnerability allows a remote attacker to bypass authentication and gain unauthorized access to vulnerable system.

The vulnerability exists due to an error within administrator.cfc. A remote unauthenticated attacker can access Adobe ColdFusion application using a default empty password, login to the RDS component and leverage this session to access administrative web interface.

Successful exploitation of this vulnerability results in unauthorized access to Adobe ColdFusion.

Note: the vulnerability was being actively exploited.
i

The vulnerability was used to compromise website of the Washington state Administrative Office of the Courts (AOC).

Software: ColdFusion

The vulnerability was used to compromise website of the Washington state Administrative Office of the Courts (AOC).

Remote code execution in Adobe Flash Player
CVE-2012-1535

Memory corruption

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error when parsing malicious files. A remote attacker can create a specially crafted Flash (.swf) file embedded in a Microsoft Word (.doc) file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.

Note: the vulnerability was being actively exploited.
i

The vulnerability was reported by Alexander Gavrun. The exploit was used by Aurora Group.

Software: Adobe Flash Player

Known/fameous malware:

Exploit:SWF/CVE-2012-1535.A.

The vulnerability was reported by Alexander Gavrun. The exploit was used by Aurora Group.

Remote code execution in Adobe Flash Player
CVE-2012-0779

Type Confusion

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to object type confusion error when processing .swf files. A remote attacker can create a specially crafted .swf file, trick the victim into opening it and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.

Note: the vulnerability was being actively exploited.
i

This vulnerability has been exploited in the wild as part of the "World Uyghur Congress Invitation.doc" e-mail attack.

Software: Adobe Flash Player

Known/fameous malware:

TROJ_SCRIPBRID.A; backdoor BKDR_INJECT.EVL.

This vulnerability has been exploited in the wild as part of the "World Uyghur Congress Invitation.doc" e-mail attack.

Multiple vulnerabilities in Adobe Flash Player
CVE-2012-0767

Cross-site scripting

The vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-input.A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in userтАЩs browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Note: the vulnerability was being actively exploited.
i

The vulnerability was used to target Webmail accounts.

Software: Adobe Flash Player

The vulnerability was used to target Webmail accounts.

Remote code execution in Adobe Acrobat and Adobe Reader
CVE-2011-4369

Memory corruption

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error in the PRC component. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the system with privileges of the current user.

Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.

Note: the vulnerability was being actively exploited.

Software: Adobe Reader

Known/fameous malware:

EvilBunny

Remote code execution in Adobe Acrobat and Adobe Reader
тАЛCVE-2011-2462

Memory corruption

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error when handling Universal 3D (U3D) data. A remote attacker can create a specially crafted .pdf file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the system with privileges of the current user.

Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.

Note: the vulnerability was being actively exploited.
i

This 0-day vulnerability was discovered by Lockheed MartinтАЩs Computer Incident Response Team and was found that it is part of a targeted attack. The sample of the exploit analyzed by the researchers appears to come from BarclayтАЩs bank in New York City.

Software: Adobe Reader

Known/fameous malware:

Trojan Sykipot.

This 0-day vulnerability was discovered by Lockheed MartinтАЩs Computer Incident Response Team and was found that it is part of a targeted attack. The sample of the exploit analyzed by the researchers appears to come from BarclayтАЩs bank in New York City.

Multiple vulnerabilities in Adobe Flash Player
CVE-2011-2444

Cross-site scripting

The vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-input passed via a crafted URL. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in userтАЩs browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Note: the vulnerability was being actively exploited in click-jacking campaigns.

i

Reported by Huzaifa S. Sidhpurwala.
That vulnerability shares some traits with an earlier Flash flaw that was used to target Gmail accounts in June.

Software: Adobe Flash Player

Reported by Huzaifa S. Sidhpurwala.
That vulnerability shares some traits with an earlier Flash flaw that was used to target Gmail accounts in June.

Remote code execution in Adobe Flash Player
CVE-2011-2110

Memory corruption

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to an array indexing error in the ActionScript3 AVM2 verification logic. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.

Note: the vulnerability was being actively exploited.
i

This is the same vulnerability that was used for attacks against Korean based organizations.
The vulnerability wasd exploited to compromise legitimate websites (including an Indian government site, a US airport site, and an aerospace site).

Software: Adobe Flash Player

This is the same vulnerability that was used for attacks against Korean based organizations.
The vulnerability wasd exploited to compromise legitimate websites (including an Indian government site, a US airport site, and an aerospace site).

Cross-site scripting in Adobe Flash Player
CVE-2011-2107

Cross-site scripting

The vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-input. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in userтАЩs browser in context of website hosting an .swf file.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Note: the vulnerability was being actively exploited.
i

The pay for an exploit might be around $5k-$10k at the moment.

Software: Adobe Flash Player

The pay for an exploit might be around $5k-$10k at the moment.

Multiple vulnerabilities in Adobe Flash Player
CVE-2011-0627

Memory corruption

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error in the Flash Player authplay.dll component. A remote attacker can create a specially crafted Flash (.swf) file embedded in a Microsoft Word (.doc) or Microsoft Excel (.xls) file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.

Note: this vulnerability is being actively exploited.
i

There are reports of malware attempting to exploit this vulnerability via a Flash (.swf) file embedded in a Microsoft Word (.doc) or Microsoft Excel (.xls) file delivered as an email attachment targeting the Windows platform.

Software: Adobe Flash Player

There are reports of malware attempting to exploit this vulnerability via a Flash (.swf) file embedded in a Microsoft Word (.doc) or Microsoft Excel (.xls) file delivered as an email attachment targeting the Windows platform.

Multiple vulnerabilities in Adobe Flash Player
CVE-2011-0618

Integer Overflow

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to integer overflow. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.

Note: the vulnerability was being actively exploited.
i

According to Symantec the first exploitation of the vulnerability was discovered on 2010-01-03.

Software: Adobe Flash Player

Known/fameous malware:

Bloodhound.Exploit.412

According to Symantec the first exploitation of the vulnerability was discovered on 2010-01-03.

Remote code execution in Adobe Flash Player
CVE-2011-0611

Memory corruption

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error in authplay.dll component. A remote attacker can create a specially Flash (.swf) file embedded in a Microsoft Word (.doc) file, trick the victim into opening it, trigger memory corruption, and execute arbitrary code on the system with privileges of the current user.

Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.

Note: the vulnerability was being actively exploited.
i

The vulnerability has being used during 1 month before disclosure. The campaign started with spam emails enticing users to open its attachment, typically a Microsoft Word document (or a zip file of a Microsoft Word document), which contained inside the malicious Flash exploit.

Software: Adobe Flash Player

Known/fameous malware:

Microsoft - Exploit:SWF/CVE-2011-0611.C, NOD32 - JS/Exploit.Pdfka.OXL.Gen, Symantec - Trojan.Pidief, Ikarus - Exploit.JS.ShellCode.

The vulnerability has being used during 1 month before disclosure. The campaign started with spam emails enticing users to open its attachment, typically a Microsoft Word document (or a zip file of a Microsoft Word document), which contained inside the malicious Flash exploit.

Remote code execution Adobe Flash Player
CVE-2011-0609

Memory corruption

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error in authplay.dll component. A remote attacker can create a specially Flash (.swf) file embedded in a Microsoft Excel (.xls) file, trick the victim into opening it, trigger memory corruption, and execute arbitrary code on the system with privileges of the current user.

Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.

Note: the vulnerability was being actively exploited.
i

The vulnerability was used o target RSA. Two phishing emails with Microsoft Excel document with exploit were sent to two different groups of employees. The document with exploit code was named "2011 Recruitment plan.xls".

Software: Adobe Flash Player

Known/fameous malware:

Exploit:SWF/CVE-2011-0609
Kaspersky Lab products detected the variants as тАЬTrojan-ropper.MSExcel.SWFDropтАЭ.

The vulnerability was used o target RSA. Two phishing emails with Microsoft Excel document with exploit were sent to two different groups of employees. The document with exploit code was named "2011 Recruitment plan.xls".

Remote code execution in Adobe Flash Player
CVE-2010-3654

Memory corruption

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to boundary when processing .swf files in Adobe Flash Player. A remote attacker can create a specially crafted. swf file, trick the victim into opening it, cause memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Note: this vulnerability is being actively exploited via specially crafted .pdf files.

i

The vulnerability has been exploited during Sykipot campaigns and Luckycat attacks.

Software: Adobe Flash Player

The vulnerability has been exploited during Sykipot campaigns and Luckycat attacks.

Multiple vulnerabilities in Adobe Shockwave Player
CVE-2010-3653

Memory corruption

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing Adobe Director file with a specific value in an "rcsL" field causing an array-indexing error. A remote attacker can create a specially crafted Adobe Director file, trick the victim into opening it, cause memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability results in compromise of vulnerable system.

Note: this vulnerability is being actively exploited.

Software: Shockwave Player

Known/fameous malware:

Win32/Exploit.CVE-2010-3653.A

Multiple vulnerabilities in Adobe Reader and Acrobat
CVE-2010-2884

Memory corruption

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to boundary error when processing malicious SWF files. A remote attacker can create a specially crafted .swf document, trick the victim into opening it, cause memory corruption and execute arbitrary code on vulnerable system.

Successful exploitation of the vulnerability results in compromise of vulnerable system.

i

Was used to compromise Amnesty Hong Kong website. The vulnerability in Adobe Flash Player was patched on September, 20 in Adobe Reader and Acrobat on October, 5. The vulnerability was disclosed by Mila Parkour.

Software: Adobe Flash Player

Known/fameous malware:

The exploit:swf/cve-2010-2884.c

Was used to compromise Amnesty Hong Kong website. The vulnerability in Adobe Flash Player was patched on September, 20 in Adobe Reader and Acrobat on October, 5. The vulnerability was disclosed by Mila Parkour.

Remote code execution in Adobe Reader
CVE-2010-2883

Stack-based buffer overflow

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to boundary error when handling specially crafted fonts within PDF document. A remote attacker can create a specially crafted PDF document, trick the victim into opening it, cause stack-based buffer overflow and execute arbitrary code on vulnerable system.

Successful exploitation of the vulnerability results in compromise of vulnerable system.

Note: this vulnerability is being actively exploited.

i

According to Symantec the first exploitation of the vulnerability was detected on 2008-12-14.

Software: Adobe Reader

Known/fameous malware:

Exploit:Win32/CVE-2010-2883.A
Trojan horse Exploit_c.JLU (AVG)
Exploit.PDF.1533 (Dr.Web)
Exploit.PDF-JS.Gen(Sunbelt Software)
Bloodhound.Exploit.357 (Symantec).

According to Symantec the first exploitation of the vulnerability was detected on 2008-12-14.

Two vulnerabilities in Adobe Reader and Acrobat
CVE-2010-2862

Integer overflow

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to integer overflow in CoolType.dll when processing TrueType fonts with a large maxCompositePoints value in a Maximum Profile (maxp) table within PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it and execute arbitrary code on the target system with privileges of the current user.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Note: this vulnerability is being actively exploited in the wild.


i

The vulnerability was presented by the researcher Charlie Miller at the Black Hat USA 2010 security conference on July, 25 in Las Vegas.

Adobe credits Google security engineer Tavis Ormandy with its discovery. Apparently this is one of the relatively rare cases where two security researchers discover the same vulnerability independently of each other. In this case Mr. Ormandy reported it to Adobe first and in private.
According to Symantec the first exploitation of the vulnerability was discovered on  2009-03-05.

Software: Adobe Reader

Known/fameous malware:

Exploit: Boodhound.Exploit.353

The vulnerability was presented by the researcher Charlie Miller at the Black Hat USA 2010 security conference on July, 25 in Las Vegas.

Adobe credits Google security engineer Tavis Ormandy with its discovery. Apparently this is one of the relatively rare cases where two security researchers discover the same vulnerability independently of each other. In this case Mr. Ormandy reported it to Adobe first and in private.
According to Symantec the first exploitation of the vulnerability was discovered on  2009-03-05.

Multiple vulnerabilities in Adobe Flash Player
CVE-2010-1297

Heap-based buffer overflow

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing .swf files. A remote attacker can create a specially crafted .swf file, trick the victim into opening it, cause heap-based buffer overflow and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability results in compromise of vulnerable system.

Note: this vulnerability is being actively exploited.

i

The vulnerability is called "endless zero-day".
The vulnerability was exploited in Taidoor campaign primarily targeting government organizations located in Taiwan.

Software: Adobe Flash Player

Known/fameous malware:

Trojan.Pidief.J

The vulnerability is called "endless zero-day".
The vulnerability was exploited in Taidoor campaign primarily targeting government organizations located in Taiwan.

Multiple vulnerabilities in Adobe Reader and Acrobat
CVE-2010-1241

Heap-based buffer overflow

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to boundary error in the custom heap management system in Adobe Reader and Acrobat. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Note: this vulnerability is being actively exploited in the wild.

i

According to Symantec the first exploitation of the vulnerability was discovered on 2008-11-29.

Software: Adobe Reader

Known/fameous malware:

Bloodhound.Exploit.293

According to Symantec the first exploitation of the vulnerability was discovered on 2008-11-29.

Multiple vulnerabilities in Adobe Reader and Adobe Acrobat
CVE-2009-3953

Improper validation of array index

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to array indexing error in U3D support. A remote attacker can create a specially crafted .pdf file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system with privileges of the current user.

Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.

Note: this vulnerability is being actively exploited.

i

The vulnerability was used in spear-phishing attacks in December, 2009.

Software: Adobe Reader

The vulnerability was used in spear-phishing attacks in December, 2009.

Remote code execution in Adobe Acrobat and Adobe Reader
CVE-2009-4324

Use-after-free error

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to use-after-free error in the Doc.media.newPlayer method in Multimedia.api. A remote attacker can create a specially crafted .pdf file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system with privileges of the current user.

Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.

Note: the vulnerability was being actively exploited.

Software: Adobe Reader

Known/fameous malware:

Trojan.Pidief.H

Remote code execution in Adobe Acrobat and Adobe Reader
CVE-2009-3459

Heap-based buffer overflow

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to heap-based buffer overflow when processing a malformed PDF file. A remote attacker can create a specially crafted .pdf file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system with privileges of the current user.

Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.

Software: Adobe Reader

Known/fameous malware:

PDF/Exploit.CVE-2009-3459.A

Remote code execution in Adobe Flash Player
CVE-2009-1862

Memory corruption

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error when parsing malformed files. A remote attacker can create a specially .pdf file or .swf file, related to authplay.dll, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system with privileges of the current user.

Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.

Note: the vulnerability was being actively exploited.

Software: Adobe Flash Player

Known/fameous malware:

Trojan.Pidief.G
Troj/SWFExp-M
Troj/SWFExp-N

Multiple vulnerabilities in Adobe Reader and Adobe Acrobat
CVE-2009-0927

Stack-based buffer overflow

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to stack-based buffer overflow in the getIcon() function. A remote attacker can create a specially crafted .pdf file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system with privileges of the current user.

Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.

Note: the vulnerability was being actively exploited.
i

The vulnerability was fixed at first in Adobe Reader 8.x branch, leaving vulnerable Adobe Reader 9.x. It is unclear, if this vulnerability was exploited before Adobe issued patch for Adobe Reader 8.x.

According to Symantec, they have spotted active exploitation of this vulnerability on April 6, 2009.

According to Trustwave report, this vulnerability was exploited in targeted attacks as a zero-day exploit targeting the aviation defense Industry. Given the confusion regarding exploitation we have considered to treat this vulnerability as a zero-day.

Software: Adobe Reader

Known/fameous malware:

TROJ_PIDIEF.OE

The vulnerability was fixed at first in Adobe Reader 8.x branch, leaving vulnerable Adobe Reader 9.x. It is unclear, if this vulnerability was exploited before Adobe issued patch for Adobe Reader 8.x.

According to Symantec, they have spotted active exploitation of this vulnerability on April 6, 2009.

According to Trustwave report, this vulnerability was exploited in targeted attacks as a zero-day exploit targeting the aviation defense Industry. Given the confusion regarding exploitation we have considered to treat this vulnerability as a zero-day.

Remote code execution in Adobe Acrobat and Adobe Reader
CVE-2009-0658

Buffer overflow

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to buffer overflow when parsing a malformed JBIG2 image stream. A remote attacker can create a specially crafted .pdf file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system with privileges of the current user.

Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.

Note: the vulnerability was being actively exploited.
i

According to Symantec the first exploitation of the vulnerability was discovered on 2008-09-02.

Software: Adobe Reader

Known/fameous malware:

Trojan.Pidief.E

According to Symantec the first exploitation of the vulnerability was discovered on 2008-09-02.

Code injection in Adobe Flash Player
CVE-2008-3873

Code injection

The vulnerability allows a remote attacker to hijack the clipboard on the target system.

The weakness exists due to error in the setClipboard() function. By persuading a victim view a specially crafted shockwave file, an attacker could exploit this vulnerability to insert persistent data into the clipboard.

Successful exploitation of the vulnerability results in modification of data on the vulnerable system.

Note: the vulnerability was being actively exploited.

Software: Adobe Flash Player

Multiple vulnerabilities in Adobe Reader and Adobe Acrobat
CVE-2007-5659

Stack-based buffer overflow

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to a boundary error within Javascript method. A remote attacker can create a specially .pdf file, trick the victim into opening it, trigger stack-based buffer overflow and execute arbitrary code on the target system with privileges of the current user.

Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.

Note: the vulnerability was being actively exploited.
i

The vendor was notified of this vulnerability on 10/10/2007, however the patched was issued only 7 month later.

Software: Adobe Reader

Known/fameous malware:

Exploit kits: Impact, Incognito, Phoenix, Siberia, Styx.

The vendor was notified of this vulnerability on 10/10/2007, however the patched was issued only 7 month later.