Zero-day vulnerabilities discovered: 62
Use-after-free error
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to use-after-free error when processing .swf files. A remote attacker can create a specially crafted SWF file, trick the victim into opening it, cause memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in compromise of vulnerable system.
Note: this vulnerability is being actively exploited in the wild.
Software: Adobe Flash Player
Use-after-free error
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to use-after-free error when handling .swf files. A remote attacker can trick the victim to visit a website or open a file with malicious Flash file and execute arbitrary code on the target system with privileges of the current user.
Note: this vulnerability was being actively exploited in the wild.
The vulnerability was disclosed by Neel Mehta and Billy Leonard of the Google Threat Analysis Group.
The vulnerability was exploited by Russian hacker group APT28.
Software: Adobe Flash Player
Links:
https://security.googleblog.com/2016/10/disclosing-vulnerabilities-to-protect.html https://helpx.adobe.com/security/products/flash-player/apsb16-36.html https://technet.microsoft.com/library/security/ms16-128
https://threatpost.com/adobe-patches-flash-zero-day-under-attack/121567/
http://securityaffairs.co/wordpress/52739/hacking/cve-2016-7855-adobe.html
http://sensorstechforum.com/cve-2016-7855-flash-bug-exploited-limited-attacks/
http://www.securityweek.com/adobe-patches-flash-vulnerability-used-targeted-attacks
http://thehackernews.com/2016/10/google-windows-zero-day.html
http://opensources.info/cve-2016-7855-flaw-in-adobe-flash-player-exploited-in-targeted-attacks/
https://www.infosecurity-magazine.com/news/flash-windows-zerodays-are-being/
https://fossbytes.com/microsoft-windows-zero-day-vulnerability-google-told-people/
https://www.theregister.co.uk/2016/10/26/adobe_patches_fresh_flash_zeroday/
https://www.symantec.com/connect/blogs/flash-zero-day-being-exploited-targeted-attacks
http://www.pcworld.com/article/3135715/security/emergency-flash-player-patch-fixes-zero-day-critical...
http://thecharlestendellshow.com/microsoft-patches-cve-2016-7255-windows-zero-day-exploited-by-fancy...
https://arstechnica.com/security/2016/11/fancy-bear-goes-all-out-to-beat-adobe-msft-zero-day-patches...
Memory corruption
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to boundary error when handling .swf files. A remote attacker can create a specially crafted SWF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.
Note: the vulnerability was being actively exploited.
The vulnerability was reported by Anton Ivanovn of Kaspersky.
Used by ScarCruft hacking team in Operation Daybreak and Operation Erebus as suggested by Kaspersky Lab.
It has been used in targeted attacks carried out by a new ScarCruft APT group operating primarily against high-profile victims in China, South Korea, India, Russia, Nepal, Romania, and Kuwait.
Software: Adobe Flash Player
Links:
https://helpx.adobe.com/security/products/flash-player/apsb16-18.html
https://helpx.adobe.com/security/products/flash-player/apsa16-03.html
https://securelist.com/blog/research/75082/cve-2016-4171-adobe-flash-zero-day-used-in-targeted-attac...
http://securityaffairs.co/wordpress/48400/hacking/cve-2016-4171-flash-0-day.html
http://www.securityweek.com/flash-zero-day-exploited-targeted-attacks
https://community.norton.com/en/blogs/security-covered-norton/critical-adobe-flash-player-vulnerabil...
https://threatpost.com/scarcruft-apt-group-used-latest-flash-zero-day-in-two-dozen-attacks/118642/
http://zerosecurity.org/2016/06/flash-zero-day-cve-2016-4171
http://neurogadget.net/2016/06/21/hackers-exploiting-critical-adobe-flash-player-vulnerability/33701
https://www.scmagazine.com/adobe-patches-critical-zero-day-vulnerability-in-flash-player/article/529...
http://activecypher.com/cve-2016-4171-another-flash-zero-day-exploited-in-targeted-attacks/
https://nakedsecurity.sophos.com/2016/06/15/critical-flash-vulnerability-is-being-exploited-in-the-w...
https://www.beyondtrust.com/blog/critical-zero-day-vulnerability-cve-2016-4171-basic-mitigation/
https://arstechnica.com/security/2016/06/critical-adobe-flash-bug-under-active-attack-currently-has-...
http://wccftech.com/flash-zero-day-vulnerability-exploited-in-the-wild/
http://www.digitaltrends.com/computing/adobe-exploit-scarcruft/
http://www.theinquirer.net/inquirer/news/2461612/new-threat-uses-flash-zero-day-to-attack-big-busine...
http://thecharlestendellshow.com/scarcruft-apt-group-exploited-flash-zero-day-in-high-profile-attack...
https://www.intego.com/mac-security-blog/adobe-flash-alert-0-day-exploit-for-vulnerability-in-the-wi...
http://www.bankinfosecurity.com/adobe-flings-flash-fix-for-fresh-apt-target-a-9207
Type confusion
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to type confusion error when processing .swf files. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution.The vulnerability was reported by Genwei Jiang.
The zero-day was used by the Pawn Storm and APT3 cyber espionage groups in Operation Erebus campaign and seen in payloads included with CryptXXX, Cerber and DMA Locker ransomware, as well as the Gootkit Trojan.
Software: Adobe Flash Player
Known/fameous malware:
Exploit kit: Angler, Magnitude, Neutrino, RIG.
Links:
https://www.fireeye.com/blog/threat-research/2016/05/cve-2016-4117-flash-zero-day.html
https://helpx.adobe.com/security/products/flash-player/apsa16-02.html
https://helpx.adobe.com/security/products/flash-player/apsb16-15.html
http://securityaffairs.co/wordpress/47197/hacking/cve-2016-4117-adobe-flash-zero.html
https://security.berkeley.edu/news/vulnerable-adobe-flash-player-allows-remote-code-execution-cve-20...
http://news.softpedia.com/news/nine-days-later-flash-zero-day-cve-2016-4117-already-added-to-exploit...
https://www.helpnetsecurity.com/2016/05/16/flash-0day-exploit-booby-trapped-office-file/
http://securityaffairs.co/wordpress/47379/cyber-crime/cve-2016-4117-exploit-chain.html
https://andreafortuna.org/cve-2016-4117-a-new-adobe-flash-0-day-in-the-wild-56e78d519bf5#.9ogjnryxb
http://www.pcworld.com/article/3073561/security/a-recently-patched-flash-player-exploit-is-being-use...
https://www.peerlyst.com/posts/cve-2016-4117-fireeye-revealed-the-exploit-chain-of-recent-attacks-he...
https://www.proofpoint.com/us/threat-insight/post/microsoft-word-intruder-8-adds-support-for-flash-v...
http://neurogadget.net/2016/05/29/adobe-flash-player-exploit-used-hackers-attack-users/31733
http://www.bankinfosecurity.com/zero-day-attacks-pummel-ie-flash-a-9093
Type confusion
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to type confusion error when handling .swf files. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution.The weakness was presented by Kafeine (EmergingThreats/Proofpoint), Genwei Jiang (FireEye, Inc.) and Clement Lecigne (Google).
According to FireEye, on April 2, Kafeine provided details on a version of the Magnitude Exploit Kit that was originally believed to be exploiting known Adobe Flash vulnerabilities.
Software: Adobe Flash Player
Known/fameous malware:
Magnitude, Neutrino and Nuclear Pack Exploit Kit.
Cerber and DMA Locker ransomware.
Links:
https://helpx.adobe.com/security/products/flash-player/apsa16-01.html
https://www.fireeye.com/blog/threat-research/2016/04/cve-2016-1019_a_new.html
http://blog.trendmicro.com/trendlabs-security-intelligence/look-adobe-flash-player-cve-2016-1019-zer...
https://www.proofpoint.com/us/threat-insight/post/killing-zero-day-in-the-egg
http://securityaffairs.co/wordpress/46107/malware/adobe-fixes-cve-2016-1019.html
https://www.bleepingcomputer.com/news/security/adobe-releases-security-advisory-on-critical-vulnerab...
http://www.zdnet.com/article/cyberattackers-botch-integration-of-adobe-flash-zero-day-vulnerability-...
http://www.eweek.com/security/adobe-patches-zero-day-flaw-used-by-exploit-kit.html
https://www.grahamcluley.com/adobe-flash-responsible-six-top-10-bugs-used-exploit-kits-2016/
http://hub-apac.insight.com/h/i/236881036-zero-day-attack-discovered-in-magnitude-exploit-kit-target...
https://trushieldinc.com/adobe-flash-player-zero-day-exploit/
https://blog.malwarebytes.com/threat-analysis/exploits-threat-analysis/2016/04/botched-flash-0day-ge...
http://www.symantec.com/connect/blogs/new-flash-zero-day-exploited-attackers-wild
http://blog.trendmicro.com/trendlabs-security-intelligence/cve-2016-1019-zero-day-integrated-in-expl...
https://threatpost.com/emergency-update-coming-for-flash-vulnerability-under-attack/117219/
http://www.ecommercetimes.com/story/83348.html
Integer overflow
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to integer overflow. A remote attacker can create a specially crafted Web site, trick the victim into visiting it and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution.The vulnerability was reported by Anton Ivanov from Kaspersky Lab. The vulnerability was used by the ScarCruft group in Operation Daybreak campaign.
Software: Adobe Flash Player
Known/fameous malware:
Used in Angler Exploit Kit.
Links:
https://helpx.adobe.com/security/products/flash-player/apsb16-08.html
http://blog.trendmicro.com/trendlabs-security-intelligence/root-cause-analysis-recent-flash-zero-day...
http://blog.trendmicro.com/trendlabs-security-intelligence/adobe-issues-emergency-patch-flash-zero-d...
ttp://blog.trendmicro.com/trendlabs-security-intelligence/tag/cve-2016-1010/
https://security.berkeley.edu/news/adobe-flash-player-multiple-zero-day-vulnerabilities-cve-2016-101...
https://technet.microsoft.com/en-us/library/security/MS16-036
http://securityaffairs.co/wordpress/45226/breaking-news/adobe-emergency-out-of-band-update.html
https://news.ycombinator.com/item?id=11262403
https://www.slashgear.com/adobe-flash-player-update-fixes-critical-vulnerabilities-11431218/
https://securify.co.in/adobe-flash-player/zero-day-adobe-flash-player-vulnerability-cve-2016-1010-2/
https://arstechnica.com/security/2016/03/adobe-issues-emergency-patch-for-actively-exploited-code-ex...
https://nakedsecurity.sophos.com/2016/03/11/flash-zero-day-prompts-emergency-update-from-adobe/
https://www.scmagazine.com/adobe-patches-active-flash-player-flaw/article/528925/
https://hotforsecurity.bitdefender.com/blog/update-flash-now-targeted-attacks-exploiting-security-ho...
http://www.securityweek.com/adobe-patches-flash-zero-day-under-attack
http://www.spamfighter.com/News-20163-Security-Bug-Used-in-Live-Attacks-is-Fixed-by-Releasing-Adobe-...
http://www.pcworld.com/article/3043055/security/emergency-flash-player-patch-fixes-actively-exploite...
http://wccftech.com/adobe-patches-yet-another-critical-flash-exploit/
https://www.infosecurity-magazine.com/news/adobe-issues-patch-for-23-flash/
http://www.eweek.com/blogs/security-watch/adobe-updates-flash-to-patch-zero-day-flaw.html
Use-after-free error
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a use-after-free error when processing malicious .swf content. A remote attacker can create a specially crafted .SWF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability may result in complete compromise of vulnerable system.
According to Kasperksy Lab report, this vulnerability has bein actively exploited in the wild by BlackOasis APT actor.
According to Kaspersky Lab, this vulnerability has being exploited in the wild by BlackOasis actor in June 2015.
Software: Adobe Flash Player
Integer overflow
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to integer overflow. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation results in arbitrary code execution on the vulnerable system.
Note: the vulnerability was being actively exploited.
Software: Adobe Flash Player
Known/fameous malware:
Exploit kits: Angler, Neutrino, Nuclear Pack and RIG
Links:
https://helpx.adobe.com/security/products/flash-player/apsb16-01.html
https://blogs.forcepoint.com/security-labs/popular-site-leads-angler-ek-cve-2015-8651-flash-player-e...
https://www.symantec.com/security_response/writeup.jsp?docid=2015-122818-3536-99&tabid=2
https://blogs.forcepoint.com/security-labs/popular-site-leads-angler-ek-cve-2015-8651-flash-player-e...
https://krebsonsecurity.com/tag/cve-2015-8651/
https://blogs.technet.microsoft.com/mmpc/2016/06/20/reverse-engineering-dubniums-flash-targeting-exp...
https://krebsonsecurity.com/tag/cve-2015-8651/
https://www.scmagazine.com/adobe-issues-critical-flash-player-patch/article/533434/
http://vulnerablespace.blogspot.com/2016/06/malware-analysing-and-repurposing-rigs.html
https://blog.qualys.com/laws-of-vulnerabilities/2015/12/28/last-adobe-0-day-patched-for-the-year
https://www.reddit.com/r/ReverseEngineering/comments/43a1i5/an_analysis_on_the_principle_of_cve20158...
http://www.securityweek.com/adobe-issues-emergency-patch-flash-zero-day-under-attack
http://securityaffairs.co/wordpress/43131/cyber-crime/adobe-flash-zero-day.html
http://securityaffairs.co/wordpress/54120/reports/exploit-kits-top-flaws.html
https://blog.malwarebytes.com/threat-analysis/exploits-threat-analysis/2016/07/a-look-into-some-rig-...
http://www.darkreading.com/vulnerabilities---threats/here-are-4-vulnerabilities-ransomware-attacks-a...
https://www.recordedfuture.com/recent-ransomware-vulnerabilities/
http://resources.infosecinstitute.com/most-exploited-vulnerabilities-by-whom-when-and-how/#gref
http://neurogadget.net/2016/12/08/adobe-flash-player-bugs-issues-exploits-computers/48666
http://thehackernews.com/2015/12/adobe-flash-security-update.html
http://www.theregister.co.uk/2015/12/28/adobe_flash_security_update/
https://www.solutionary.com/resource-center/blog/2015/12/adobe-flash-player-vulnerability/
http://wccftech.com/flash-player-receives-emergency-security-patch/
http://news.softpedia.com/news/adobe-fixes-flash-zero-day-bug-discovered-by-huawei-498184.shtml
Type confusion
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to type confusion error. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation results in arbitrary code execution on the vulnerable system.
Note: the vulnerability was being actively exploited.
Was used in Pawn Storm Campaign Targeting Foreign Affairs Ministries. Exploited by the Fancy Bear APT.
The vulnerability was reported by Peter Pi of Trend Micro.
Software: Adobe Flash Player
Known/fameous malware:
Exploit Kits: Angler, Hunter, Magnitude, Neutrino, Nuclear Pack, RIG, Spartan.
Links:
https://helpx.adobe.com/security/products/flash-player/apsa15-05.html
https://helpx.adobe.com/security/products/flash-player/apsb15-27.html
http://blog.trendmicro.com/trendlabs-security-intelligence/new-adobe-flash-zero-day-used-in-pawn-sto...
http://resources.infosecinstitute.com/the-shadow-of-the-russian-cyber-army-behind-the-2016-president...
https://www.symantec.com/security_response/attacksignatures/detail.jsp?asid=28924
https://www.symantec.com/security_response/writeup.jsp?docid=2015-101903-5534-99
https://www.mysonicwall.com/sonicalert/searchresults.aspx?ev=article&id=869
http://www.theregister.co.uk/2016/12/08/need_xmas_ideas_try_cve20157645_a_flash_gift_that_keeps_on_g...
http://www.securityweek.com/adobe-patches-flash-zero-day-exploited-pawn-storm
http://vulnerablespace.blogspot.com/2016/04/malware-analysing-and-repurposing.html
https://blog.malwarebytes.com/threat-analysis/2015/10/new-flash-player-zero-day-in-the-wild/
https://arstechnica.com/security/2015/10/new-zero-day-exploit-hits-fully-patched-adobe-flash/
http://securityaffairs.co/wordpress/41123/cyber-crime/flash-zero-day-exploit.html
http://www.infoworld.com/article/3046531/security/ransomware-targets-flash-and-silverlight-vulnerabi...
https://www.tripwire.com/state-of-security/latest-security-news/flash-player-zero-day-patched-by-ado...
http://www.welivesecurity.com/2015/10/15/adobe-flash-zero-day/
https://threatpost.com/emergency-adobe-flash-zero-day-patch-arrives-ahead-of-schedule/115073/
http://thehackernews.com/2015/10/flash-patch-update.html
https://www.scmagazine.com/adobe-addresses-latest-flash-player-zero-day-vulnerability/article/533522...
тАЬUse-after-freeтАЭ error
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to use-after-free error in the ActionScript 3 BitmapData class. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation results in arbitrary code execution on the vulnerable system.
Note: the vulnerability was being actively exploited.
The exploit code was revealed after Hacking Team data leak.
Software: Adobe Flash Player
Known/fameous malware:
SWF_EKSPLOYT.EDF. (TrendMicro).
Links:
https://helpx.adobe.com/security/products/flash-player/apsa15-04.html
https://www.symantec.com/connect/blogs/third-adobe-flash-zero-day-exploit-cve-2015-5123-leaked-hacki...
http://blog.trendmicro.com/trendlabs-security-intelligence/new-zero-day-vulnerability-cve-2015-5123-...
https://helpx.adobe.com/security/products/flash-player/apsb15-18.html
http://blog.trendmicro.com/trendlabs-security-intelligence/new-zero-day-vulnerability-cve-2015-5123-...
http://securityaffairs.co/wordpress/38574/cyber-crime/hacking-team-cve-2015-5123.html
https://www.tripwire.com/state-of-security/vulnerability-management/another-zero-day-flash-exploit-r...
https://www.scmagazine.com/researchers-report-flash-player-zero-day-bugs-after-hacking-team-leaks/ar...
http://www.securityweek.com/two-new-flash-player-zero-day-bugs-found-hacking-team-leak
https://threatpost.com/flash-player-update-patches-two-hacking-team-zero-days/113776/ https://www.zscaler.com/blogs/research/hacking-team-leak-flash-0day-exploit-payloads-and-more
http://www.zdnet.com/article/adobe-promises-patch-for-latest-wave-of-critical-hacking-team-zero-day-...
http://securityaffairs.co/wordpress/38518/cyber-crime/hacking-team-new-0zero.html
тАЬUse-after-freeтАЭ error
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to use-after-free error in the ActionScript 3 opaqueBackground class. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation results in arbitrary code execution on the vulnerable system.
Note: the vulnerability was being actively exploited.
The exploit code was revealed after Hacking Team data leak. The exploit was used against Japanese organizations.
The vulnerability was reported by Dhanesh Kizhakkinan of FireEye as well as Peter Pi of TrendMicro.
Software: Adobe Flash Player
Known/fameous malware:
Exploit kits: Angler EK - 2015-07-11 Neutrino - 2015-07-13 Nuclear Pack - 2015-07-14 RIG - 2015-07-14 Magnitude - 2015-07-15 NullHole - 2015-07-22 Spartan - 2015-09-11
Links:
https://helpx.adobe.com/security/products/flash-player/apsa15-04.html
https://helpx.adobe.com/security/products/flash-player/apsb15-18.html
https://www.symantec.com/security_response/attacksignatures/detail.jsp?asid=28060
http://blog.trendmicro.com/trendlabs-security-intelligence/another-zero-day-vulnerability-arises-fro...
Use-after-free error
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to use-after-free error when processing .swf files. A remote attacker can create a specially crafted Web-site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.
Note: the vulnerability was being actively exploited.
The exploit code was revealed after Hacking Team data leak. Was also used in phishing campaigns conducted by two Chinese advanced persistent threat (APT) groups: APT3 and APT18.
The vulnerability was reported by Google Project Zero and Morgan Marquis-Boire.
Software: Adobe Flash Player
Links:
https://helpx.adobe.com/security/products/flash-player/apsb15-16.html
https://helpx.adobe.com/security/products/flash-player/apsa15-03.html
http://securityaffairs.co/wordpress/38707/cyber-crime/phishing-cve-2015-5119.html
https://www.zscaler.com/blogs/research/adobe-flash-vulnerability-cve-2015-5119-analysis
https://www.fireeye.com/blog/threat-research/2015/07/demonstrating_hustle.html
http://www.bankinfosecurity.com/zero-day-exploit-alert-flash-java-a-8396
https://www.zscaler.com/blogs/research/adobe-flash-vulnerability-cve-2015-5119-analysis
https://www.trustwave.com/Resources/SpiderLabs-Blog/A-Flash-Exploit-(CVE-2015-5119)-From-the-Hacking...
http://null-byte.wonderhowto.com/how-to/hack-like-pro-use-hacking-teams-adobe-flash-exploit-0163051/
http://blog.trendmicro.com/trendlabs-security-intelligence/hacking-team-flash-zero-day-integrated-in...
https://krebsonsecurity.com/2015/07/adobe-to-patch-hacking-teams-flash-zero-day/#more-31458
https://blog.malwarebytes.com/threat-analysis/2015/07/hacking-team-leak-exposes-new-flash-zero-day/
https://www.scmagazine.com/adobe-fixes-flash-player-zero-day-bug-identified-in-hacking-team-leak/art...
Heap-based buffer overflow
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to heap-based buffer overflow when processing .swf files. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation results in arbitrary code execution on the vulnerable system.
Note: the vulnerability was being actively exploited.
Exploited by a China-based cyberespionage group. Operation Clandestine Wolf тАУ Adobe Flash Zero-Day in APT3 Phishing Campaign.
Software: Adobe Flash Player
Known/fameous malware:
Magnitude exploit kit.
Links:
https://helpx.adobe.com/security/products/flash-player/apsb15-14.html
https://hitmanpro.wordpress.com/2015/07/02/how-apt3-evaded-anti-exploits-with-cve-2015-3113/
https://nakedsecurity.sophos.com/2015/06/29/latest-flash-hole-already-exploited-ransomware/
http://securityaffairs.co/wordpress/38044/cyber-crime/adobe-fixed-cve-2015-3113.html
http://www.securityweek.com/adobe-flash-player-zero-day-exploited-attack-campaign
http://blog.trendmicro.com/trendlabs-security-intelligence/new-adobe-zero-day-shares-same-root-cause...
http://www.computerweekly.com/news/4500248673/Adobe-patches-Flash-Player-vulnerability-CVE-2015-3113
http://researchcenter.paloaltonetworks.com/2015/07/ups-observations-on-cve-2015-3113-prior-zero-days...
https://arstechnica.com/security/2015/06/patch-early-patch-often-adobe-pushes-emergency-fix-for-acti...
http://www.pcworld.com/article/2939552/adobe-patches-zeroday-flash-player-flaw-used-in-targeted-atta...
http://www.techtimes.com/articles/63254/20150624/adobe-releases-patch-to-plug-flash-players-zero-day...
https://www.recordedfuture.com/use-cases/vulnerability-identification/
http://www.theregister.co.uk/2015/06/29/ransomware_exploit_kit_slinger_exploits_flash_remote_code_ex...
http://www.computerworlduk.com/security/cybercriminals-pounce-on-serious-flash-zero-day-flaw-3618019..
Memory corruption
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to boundary error. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation results in arbitrary code execution on the vulnerable system.
Note: the vulnerability was being actively exploited.
Attackers exploited the vulnerabilities together to attack a government entity to and steal politically sensitive data that is a known target of the Russian group (APT campaign).
Software: Adobe Flash Player
Links:
https://helpx.adobe.com/security/products/flash-player/apsb15-06.html http://resources.infosecinstitute.com/the-shadow-of-the-russian-cyber-army-behind-the-2016-president...
https://krebsonsecurity.com/2015/04/critical-updates-for-windows-flash-java/#more-30672
http://www.securityweek.com/russia-linked-hackers-used-two-zero-days-recent-targeted-attack-fireeye
http://www.zdnet.com/article/russian-hackers-exploit-flash-windows-flaws-to-spy-on-diplomat-targets/
https://www.fireeye.com/blog/threat-research/2015/04/probable_apt28_useo.html
http://www.eweek.com/security/russian-based-attackers-use-two-zero-days-in-one-attack.html
http://securityaffairs.co/wordpress/36105/cyber-crime/apt28-russian-hackers.html
https://www.advancedbusinesssolutions.com/blog/curated-content/russian-hackers-use-flash-windows-zer...
https://www.infosecurity-magazine.com/news/apt28-back-russiandoll-attack/
Use-after-free error
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to use-after-free error when processing .swf content. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation results in arbitrary code execution on the vulnerable system.
Note: the vulnerability was being actively exploited.
The vulnerability was used during malwertising campaign against visitors of dailymotion.com.
Software: Adobe Flash Player
Known/fameous malware:
SWF_EXPLOIT.MJST
Hanjuan Exploit Kit
Links:
https://helpx.adobe.com/security/products/flash-player/apsa15-02.html
https://helpx.adobe.com/security/products/flash-player/apsb15-04.html
http://blog.trendmicro.com/trendlabs-security-intelligence/trend-micro-discovers-new-adobe-flash-zer...
http://www.securityweek.com/adobe-prepares-patch-another-critical-flash-player-vulnerability
https://krebsonsecurity.com/2015/02/yet-another-flash-patch-fixes-zero-day-flaw/#more-29724
http://www.greatsoftline.com/another-critical-zero-day-vulnerability-in-adobe-flash-player/
https://nakedsecurity.sophos.com/2015/02/03/news-flash-3rd-time-newunlucky-0-day-hits-adobes-browser...
https://www.recordedfuture.com/top-vulnerabilities-2015/
http://www.networkworld.com/article/3003176/security/8-of-top-10-vulnerabilities-used-by-exploit-kit...
http://www.itnews.com.au/news/hackers-target-third-new-zero-day-for-adobe-flash-399960
http://researchcenter.paloaltonetworks.com/2015/02/palo-alto-networks-traps-protects-enterprises-zer...
http://www.fin24.com/Tech/News/Hackers-target-Adobe-Flash-again-20150205
https://arstechnica.com/security/2015/02/as-flash-0day-exploits-reach-new-level-of-meanness-what-are...
http://www.techtimes.com/articles/30925/20150206/adobe-releases-patch-for-dangerous-flash-player-zer...
http://www.darkreading.com/new-adobe-flash-0-day-used-in-malvertising-campaign/d/d-id/1318900
https://philipcao.com/2015/02/04/palo-alto-networks-traps-protects-enterprises-from-zero-day-cve-201...
https://betanews.com/2015/02/02/surprise-adobe-flash-has-a-security-flaw-on-windows-mac-and-linux/
Use-after-free error
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to use-after-free error when processing .swf files. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation results in arbitrary code execution on the vulnerable system.
Note: the vulnerability was being actively exploited.
The vulnerability was discovered by French security researcher тАЬKafeineтАЭ.
It was actively being exploited in the wild via drive-by-download attacks against systems running Internet Explorer and Firefox on Windows 8.1 and below. It was used by Angler EK and infected at least 1,800 known domains.
Software: Adobe Flash Player
Known/fameous malware:
SWF/Exploit.CVE-2015-0311.N(2)
Trojan.Swifi (Symantec)
Angler EK
Links:
https://helpx.adobe.com/security/products/flash-player/apsb15-03.html
http://blog.trendmicro.com/trendlabs-security-intelligence/os-x-zero-days-on-the-rise-a-2015-midyear...
http://blog.trendmicro.com/trendlabs-security-intelligence/analyzing-cve-2015-0311-flash-zero-day-vu...
http://researchcenter.paloaltonetworks.com/2015/01/unpatched-flash-vulnerability-cve-2015-0311-block...
http://securityaffairs.co/wordpress/32687/security/adobe-fix-cve-2015-0311-0day.html
http://www.kamnet.com/adobe-flash-player-vulnerability-cve-2015-0311/
http://www.criticalwatch.com/faqs/zero-day-vulnerability-in-adobe-flash/
http://www.free-remove-spyware.com/post/Cannot-Remove-SWFExploit.CVE-2015-0311.N2-SWFExploit.CVE-201...
http://www.securityweek.com/adobe-fixes-second-flash-player-zero-day-vulnerability
http://www.pcworld.com/article/2878792/flash-player-plagued-by-third-zeroday-flaw-in-a-month-updates...
Security bypass
The vulnerability allows a remote attacker to circumvent memory address randomization on the target system.
The weakness exists due to memory leak error. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption, bypass memory address randomization on the Windows platform and obtain sensitive information.
Note: the vulnerability was being actively exploited.
The vulnerability was discovered and reported by security researcher Kafeine.
The vulnerability was used in attacks against older versions of Flash Player.
Software: Adobe Flash Player
Known/fameous malware:
Angler EK.
Links:
https://helpx.adobe.com/security/products/flash-player/apsb15-02.html
https://ae.norton.com/security_response/writeup.jsp?docid=2015-021009-2659-99
https://www.beyondtrust.com/blog/adobe-patches-zero-day-flaw-being-exploited-in-the-wild/
https://www.intego.com/mac-security-blog/flash-player-0day-vulnerability-jolts-rushed-update/
http://www.pcworld.com/article/2874172/adobe-fixes-just-one-of-two-actively-exploited-zeroday-vulner...
http://www.eweek.com/security/new-zero-day-exploit-adds-to-adobe-flash-security-woes.html
Stack-based buffer overflow
The vulnerability allows a remote attacker to execute arbitrary code on the target system.The vulnerability was discovered by the researcher тАШbilouтАЩ, who reported the bug through HPтАЩs Zero Day Initiative (ZDI).
Has been used in a watering hole attack against US Defense and Financial Services firms, where it was hosted on the compromised Forbes.com website.
Software: Adobe Flash Player
Known/fameous malware:
Trojan.Win32.Bergard.A.
Links:
https://helpx.adobe.com/security/products/flash-player/apsb14-27.html
https://www.symantec.com/security_response/writeup.jsp?docid=2015-011509-4745-99
http://www.securityweek.com/adobe-patches-flash-player-vulnerability-exploited-wild
http://news.softpedia.com/news/Chinese-Hackers-Target-Forbes-com-In-Watering-Hole-Attack-472871.shtm...
http://www.cso.com.au/article/562228/adobe-patches-flash-zero-day-under-attack/
http://blog.malcovery.com/forbes.com-adobe-flash-player-and-your-email
http://securityaffairs.co/wordpress/33417/cyber-crime/chinese-hackers-hit-forbes.html
https://arstechnica.com/security/2015/02/pwned-in-7-seconds-hackers-use-flash-and-ie-to-target-forbe...
Use-after-free error
The vulnerability allows a remote attacker to execute arbitrary code on the target system.An Adobe Flash vulnerability was discovered in October and promptly patched. The exploits in the Nuclear and Angler kits were detected by the French researcher Kafeine shortly after the company released an update on Oct.14. Despite a patch on 14, October 2014, the vulnerability was not completely mitigated. The vulnerability was patched again in November, 25.
Software: Adobe Flash Player
Known/fameous malware:
Troj/SWFExp-CD.
Exploit kits: Angler, Nuclear, and Astrum.
Links:
https://helpx.adobe.com/security/products/flash-player/apsb14-22.html
https://helpx.adobe.com/security/products/flash-player/apsb14-26.html
https://blogs.technet.microsoft.com/mmpc/2014/12/02/an-interesting-case-of-the-cve-2014-8439-exploit...
http://blog.trendmicro.com/trendlabs-security-intelligence/cve-2014-8439-vulnerability-trend-micro-s...
http://blog.trendmicro.com/trendlabs-security-intelligence/cve-2014-8439-vulnerability-trend-micro-s...
https://www.fireeye.com/blog/threat-research/2015/01/a_different_exploit.html
https://nakedsecurity.sophos.com/2014/11/28/adobe-publishes-out-of-band-flash-update-booster-dose-fo...
http://www.pcworld.com/article/2852412/adobe-tries-again-to-fix-flash-vulnerability.html
http://www.techtimes.com/articles/20976/20141126/adobe-releases-patch-to-re-fix-flash-player-vulnera...
Security bypass
The vulnerability allows a remote attacker to execute arbitrary code on the target system.The vulnerability was discovered by Costin Raiu and Vitaly Kamluk of Kaspersky Labs.
Exploited by Animal Farm group.
Software: Adobe Reader
Links:
https://helpx.adobe.com/security/products/reader/apsb14-19.html
https://www.symantec.com/security_response/vulnerability.jsp?bid=69193
https://www.symantec.com/security_response/writeup.jsp?docid=2014-082218-1438-99
http://securityaffairs.co/wordpress/27535/cyber-crime/cve-2014-0546-adobe-flaw.html
http://zerosecurity.org/2014/08/cve-2014-0546-found-utilized-small-targeted-attacks
http://www.securityweek.com/adobe-patches-security-flaw-leveraged-targeted-attacks
https://heatsoftware.com/blog/9286/urgent-adobe-users-told-to-patch-reader-and-acrobat-against-zero-...
http://www.burningflameinteractive.com/aj-burning-flame-blog/adobe-patches-zero-day-vulnerability
Buffer overflow
The vulnerability allows a remote attacker to execute arbitrary code on the target system.A sample of the first exploit was detected on April 14, while a sample of the second came on April 16. The first exploit was initially recorded by KSN on April 9, when it was detected by a generic heuristic signature.
The disclosed vulnerability was actively exploited and relates to attack via the website of Syrian Ministry of Justice in September, 2013.
Software: Adobe Flash Player
Known/fameous malware:
Exploit:SWF/CVE-2014-0515
Links:
https://helpx.adobe.com/security/products/flash-player/apsb14-13.html
https://securelist.com/blog/incidents/59399/new-flash-player-0-day-cve-2014-0515-used-in-watering-ho...
http://blog.trendmicro.com/trendlabs-security-intelligence/analyzing-cve-2014-0515-the-recent-flash-...
https://www.symantec.com/security_response/attacksignatures/detail.jsp?asid=27555
https://www.symantec.com/security_response/attacksignatures/detail.jsp?asid=27552
https://www.zscaler.com/blogs/research/nuclear-exploit-kit-and-flash-cve-2014-0515
http://54.204.81.18/news/stories/39397-blog-new-flash-player-0-day-cve-2014-0515-used-in-watering-ho...
http://www.securityweek.com/adobe-patches-flash-player-zero-day-used-watering-hole-attacks
https://krebsonsecurity.com/2014/04/adobe-update-nixes-flash-player-zero-day/#more-25786
Double free
The vulnerability allows a remote attacker to execute arbitrary code on the target system.Wen Guanxing of Venustech, The Google Security Team and FireEye were working at the vulnerability.
FireEye dubbed the attack exploiting the vulnerability "Operation GreedyWonk".
The vulnerability was exploited to compromise sites of:
Software: Adobe Flash Player
Known/fameous malware:
Elderwood exploit kit.
Links:
https://helpx.adobe.com/security/products/flash-player/apsb14-07.html
https://www.alienvault.com/blogs/labs-research/analysis-of-an-attack-exploiting-the-adobe-zero-day-c...
https://www.trustwave.com/Resources/SpiderLabs-Blog/Deep-Analysis-of-CVE-2014-0502-%E2%80%93-A-Doubl...
https://www.mysonicwall.com/sonicalert/searchresults.aspx?ev=article&id=655
https://volatility-labs.blogspot.com/2014/04/building-decoder-for-cve-2014-0502.html
https://blog.threattrack.com/adobe-exploit-cve-2014-0502/
http://www.benhayak.com/2014/05/deep-analysis-of-cve-2014-0502-double.html
http://www.welivesecurity.com/2014/10/31/two-recently-patched-adobe-flash-vulnerabilities-now-used-e...
https://www.symantec.com/security_response/attacksignatures/detail.jsp?asid=27443
http://www.theregister.co.uk/2014/02/20/flash_adobe_posts_emergency_fix/
https://nakedsecurity.sophos.com/2014/02/21/adobe-pushes-out-critical-flash-update-second-zero-day-h...
http://dailyleet.com/how-the-elderwood-platform-is-fueling-2014s-zero-day-attacks/
https://www.scmagazineuk.com/chinese-spies-launch-new-adobe-zero-day-attack/article/541288/
http://arstechnica.com/security/2014/02/adobe-releases-emergency-flash-update-amid-new-zero-day-driv...
Integer underflow
The vulnerability allows a remote attacker to execute arbitrary code on the target system.Exploited by DarkHotel APT.
The vulnerability survived for 84 days after update in November 2013.
Software: Adobe Flash Player
Links:
https://helpx.adobe.com/security/products/flash-player/apsb14-04.html
https://securingtomorrow.mcafee.com/mcafee-labs/flash-zero-day-vulnerability-cve-2014-0497-lasts-84-...
https://blogs.technet.microsoft.com/mmpc/2014/02/17/a-journey-to-cve-2014-0497-exploit/
https://www.fireeye.com/blog/threat-research/2015/03/flash_in_2015.html
http://securityaffairs.co/wordpress/21937/cyber-crime/adobe-flash-player-fixed.html
https://business.kaspersky.com/darkhotel-hackingteam/4357/
Type confusion
The vulnerability allows a remote attacker to execute arbitrary code on the target system.The vulnerability was reported by Adobe as being exploited in the wild. The attackers used Microsoft Word documents with embedded malicious Flash (.swf) content.
Software: Adobe Flash Player
Known/fameous malware:
Troj/SWFExp-CH (Sophos)
Trojan horse Exploit_c.YZX (AVG)
Exploit.Win32.CVE-2013 (Ikarus)
HEUR:Exploit.SWF.CVE-2013-5331.a (Kaspersky)
Exploit:Win32/CVE-2013-5331 (Microsoft)
SWF/Exploit.CVE-2013-5331.A trojan (Eset)
Trojan.Mdropper (Symantec)
Links:
https://helpx.adobe.com/security/products/flash-player/apsb13-28.html
https://www.symantec.com/security_response/attacksignatures/detail.jsp?asid=27558
http://eromang.zataz.com/2015/12/24/cve-2013-5331-adobe-flash-player-type-confusion-remote-code-exec...
http://blog.malwaretracker.com/2014/01/cve-2013-5331-evaded-av-by-using.html
http://eromang.zataz.com/2015/12/24/cve-2013-5331-adobe-flash-player-type-confusion-remote-code-exec...
http://freerepairwindowserrors.com/spytips/Guide-to-Remove-SWFExploit.CVE-2013-5331.A_16_203811.html
Directory traversal
The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.Software: ColdFusion
Links:
http://www.adobe.com/support/security/advisories/apsa13-03.html
http://www.computerworld.com/article/2497237/security0/adobe-warns-of-unpatched-critical-flaw-in-col...
http://mac-security.blogspot.com/2013/05/new-critical-adobe-security-updates.html
http://www.infosecurity-magazine.com/news/anonymous-said-to-be-exploiting-coldfusion-in/
https://www.corero.com/resources/files/security_advisories/advisory_CNS_IPS_Microsoft_Adobe_ColdFusi...
http://www.securityweek.com/server-washington-state-courts-office-hacked-sensitive-data-exposed
https://www.sophos.com/en-us/threat-center/threat-analyses/vulnerabilities/VET-000492.aspx
Arbitrary code execution
The vulnerability allows a remote attacker to execute arbitrary code on the target system.Software: Adobe Flash Player
Links:
https://www.adobe.com/support/security/bulletins/apsb13-08.html
https://www.intego.com/mac-security-blog/adobe-squashes-two-exploits-in-the-wild-designed-to-target-...
http://www.computerworlduk.com/it-vendors/new-emergency-flash-update-as-hackers-hit-firefox-3428746/
https://blog.basefarm.com/blog/security-updates-available-for-adobe-flash-player-apsb13-08/
http://doa.alaska.gov/ets/security/S_Advisory/sa2013-023.pdf
http://www.macworld.co.uk/news/apple/adobe-springs-emergency-flash-update-says-hackers-hitting-firef...
https://www.auscert.org.au/render.html?it=17093
http://www.totalsofttech.com.ph/adobe-springs-emergency-flash-update-says-hackers-hitting-firefox/
http://krebsonsecurity.com/tag/cve-2013-0648/
http://www.theregister.co.uk/2013/02/27/adobe_issues_two_critical_flash_vuln_patches/
Arbitrary code execution
The vulnerability allows a remote attacker to execute arbitrary code on the target system.Software: Adobe Flash Player
Links:
http://www.adobe.com/support/security/bulletins/apsb13-08.html
http://doa.alaska.gov/ets/security/S_Advisory/sa2013-023.pdf
https://krebsonsecurity.com/2013/02/flash-player-update-fixes-zero-day-flaws/#more-19186
http://www.techworld.com/news/security/adobe-pushes-out-emergency-flash-update-as-hackers-hit-firefo...
https://www.scmagazine.com/adobe-hurries-update-to-fix-flash-zero-day-vulnerabilities/article/542241...
http://www.computerworld.com/article/2495576/malware-vulnerabilities/adobe-springs-emergency-flash-u...
http://www.theregister.co.uk/2013/02/27/adobe_issues_two_critical_flash_vuln_patches/
https://blog.qualys.com/laws-of-vulnerabilities/2013/02
Buffer overflow
The vulnerability allows a remote attacker to execute arbitrary code on the target system.The sandbox vulnerability was dubbed as "666" by FireEye. CVE-2013-0640 and CVE-2013-0641 have been exploited in MiniDuke, Zegost, PlugX Malware Campaign attacks.
Software: Adobe Reader
Links:
https://www.fireeye.com/blog/threat-research/2013/02/its-a-kind-of-magic-1.html
http://www.adobe.com/support/security/advisories/apsa13-02.html
http://www.adobe.com/support/security/bulletins/apsb13-07.html
http://blog.trendmicro.com/trendlabs-security-intelligence/zero-day-vulnerability-hits-adobe-reader/
https://www.symantec.com/security_response/vulnerability.jsp?bid=57947
http://blog.opensecurityresearch.com/2013/10/analysis-of-malware-rop-chain.html
http://hooked-on-mnemonics.blogspot.com/2013/02/detecting-pdf-js-obfuscation-using.html
https://nakedsecurity.sophos.com/2013/02/14/no-patch-yet-for-pdf-exploits/
https://access.redhat.com/security/cve/cve-2013-0641
http://www.securityweek.com/latest-adobe-zero-day-serious-business-attackers-escape-adobe-reader-san...
https://www.slashgear.com/adobe-says-acrobat-and-reader-vulnerabilities-exploited-with-malicious-pdf...
http://www.pcworld.com/article/2028603/adobe-readies-emergency-patches-for-reader-acrobat.html
http://www.eweek.com/security/adobe-issues-reader-acrobat-security-updates-to-stave-off-attacks
https://securingtomorrow.mcafee.com/mcafee-labs/emerging-stack-pivoting-exploits-bypass-common-secur...
https://www.fireeye.jp/content/dam/fireeye-www/global/en/current-threats/pdfs/wp-zero-day-attacks-in...
Memory corruption
The vulnerability allows a remote attacker to execute arbitrary code on the target system.The sandbox vulnerability was dubbed as "666" by FireEye. CVE-2013-0640 and CVE-2013-0641 have been exploited in MiniDuke, Zegost, PlugX Malware Campaign attacks.
Software: Adobe Reader
Links:
https://www.fireeye.com/blog/threat-research/2013/02/its-a-kind-of-magic-1.html
http://www.adobe.com/support/security/advisories/apsa13-02.html
http://www.adobe.com/support/security/bulletins/apsb13-07.html
http://www.kb.cert.org/vuls/id/422807
https://labs.portcullis.co.uk/blog/cve-2013-0640-adobe-reader-xfa-oneofchild-un-initialized-memory-v...
http://www.enigmasoftware.com/pdf-cve20130640-vulnerability-exploited-miniduke-zegost-plugx/
http://blog.trendmicro.com/trendlabs-security-intelligence/zero-day-vulnerability-hits-adobe-reader/
http://blog.opensecurityresearch.com/2013/10/analysis-of-malware-rop-chain.html
https://securelist.com/blog/incidents/31112/the-miniduke-mystery-pdf-0-day-government-spy-assembler-...
http://vinsula.com/2013/04/17/cve-2013-0640-adobe-pdf-zero-day-malware/
Memory corruption
The vulnerability allows a remote attacker to execute arbitrary code on the target system.The vulnerability was discovered by Shadowserver Foundation.
The exploit was used in a cyber espionage campaign dubbed тАЬLadyBoyle".
Software: Adobe Flash Player
Links:
http://www.adobe.com/support/security/bulletins/apsb13-04.html
https://www.invincea.com/2013/02/exploit-down-analysis-and-protection-against-adobe-flash-exploit-cv...
http://blog.malwaremustdie.org/2013/02/cve-2013-0634-this-ladyboyle-is-not.html
https://www.symantec.com/security_response/attacksignatures/detail.jsp?asid=26455
http://www.enigmasoftware.com/exploitswfcve20130634a-removal/
https://www.fireeye.com/blog/threat-research/2013/02/lady-boyle-comes-to-town-with-a-new-exploit.htm...
https://vulners.com/metasploit/MSF:EXPLOIT/WINDOWS/BROWSER/ADOBE_FLASH_REGEX_VALUE
https://www.intego.com/mac-security-blog/adobe-resolves-flash-player-flaws-being-exploited-in-the-wi...
http://www.spywareremove.com/removeexploitswfcve20130634a.html
https://eromang.zataz.com/2013/02/26/gong-da-gondad-exploit-pack-add-flash-cve-2013-0634-support/
https://krebsonsecurity.com/tag/cve-2013-0634/
http://www.infoworld.com/article/2613576/security/adobe-blames-na-ve-office-users-for-latest-flash-p...
https://nakedsecurity.sophos.com/2013/02/08/adobe-patches-flash-heads-off-attacks-on-windows-and-app...
https://www.intego.com/mac-security-blog/two-adobe-vulnerabilities-attacked-in-the-wild-now-patched/
https://www.invincea.com/2013/02/exploit-down-analysis-and-protection-against-adobe-flash-exploit-cv...
http://www.securityweek.com/adobe-patches-flash-player-against-active-attacks
https://www.fireeye.jp/content/dam/fireeye-www/global/en/current-threats/pdfs/wp-zero-day-attacks-in...
Buffer overflow
The vulnerability allows a remote attacker to execute arbitrary code on the target system.The vulnerability was reported to Adobe by Sergey Golovanov and Alexander Polyakov of Kaspersky.
The vulnerability was being used in a series of targeted attacks mostly against human rights activists and political dissidents from Africa and the Middle East.
Software: Adobe Flash Player
Known/fameous malware:
Exploit: SWF/CVE-2013-0633.
Links:
http://www.adobe.com/support/security/bulletins/apsb13-04.html
https://www.symantec.com/security_response/attacksignatures/detail.jsp?asid=26453
https://www.symantec.com/security_response/vulnerability.jsp?bid=57788
http://krebsonsecurity.com/tag/cve-2013-0633/
https://www.fireeye.com/blog/threat-research/2013/02/lady-boyle-comes-to-town-with-a-new-exploit.htm...
https://eromang.zataz.com/2013/02/26/gong-da-gondad-exploit-pack-add-flash-cve-2013-0634-support/
http://www.kaspersky.com/au/about/news/virus/2013/Kaspersky_Lab_Experts_Credited_for_Identifying_and...
https://securelist.com/blog/research/64215/adobe-flash-player-0-day-and-hackingteams-remote-control-...
http://www.pcworld.com/article/2027916/researchers-surveillance-malware-distributed-via-flash-player-exploit.html
http://www.infoworld.com/article/2613576/security/adobe-blames-na-ve-office-users-for-latest-flash-p...
https://securityledger.com/2013/02/adobe-pushes-fix-for-flash-player-cites-attacks-on-windows-mac-an...
https://www.intego.com/mac-security-blog/two-adobe-vulnerabilities-attacked-in-the-wild-now-patched/
http://www.pcadvisor.co.uk/feature/security/adobe-releases-emergency-flash-fixes-for-two-zero-day-bu...
Authentication bypass
The vulnerability allows a remote attacker to bypass authentication and execute arbitrary code on the target system.
The vulnerability exists due to improper authentication, when password is not configured. A remote unauthenticated attacker can bypass authentication process and execute arbitrary code on the target system.
Note: the vulnerability was being actively exploited.
Software: ColdFusion
Links:
http://www.adobe.com/support/security/bulletins/apsb13-03.html
http://www.adobe.com/support/security/advisories/apsa13-01.html
http://eyeonforensics.blogspot.com/2013/03/a-cold-day-in-e-commerce-guest-post.html
http://doa.alaska.gov/ets/security/S_Advisory/SA2013-093.pdf
http://blogs.coldfusion.com/assets/content/security/Security%20Best%20Practices%20for%20ColdFusion.p...
http://www.securityweek.com/adobe-warns-attacks-exploiting-coldfusion-vulnerabilities-fix-coming
http://www.livehacking.com/category/vulnerability/adobe/
http://www.pcworld.com/article/2025406/adobe-patches-actively-exploited-coldfusion-vulnerabilities.h...
http://www.itworld.com/article/2714589/security/adobe-warns-of-actively-exploited-coldfusion-flaws.h...
http://www.computerworld.com/article/2494475/malware-vulnerabilities/adobe-warns-of-actively-exploit...
http://www.mis-asia.com/tech/security/adobe-warns-of-actively-exploited-coldfusion-flaws/
Authentication bypass
The vulnerability allows a remote attacker to bypass authentication.
The vulnerability exists due to an error in authentication process, when a password is not configured. A remote unauthenticated attacker can gain unauthorized access to restricted directories.
Successful exploitation of this vulnerability results in unauthorized gaining access to the directories.
Note: the vulnerability was being actively exploited.Software: ColdFusion
Links:
http://www.adobe.com/support/security/bulletins/apsb13-03.html
http://www.adobe.com/support/security/advisories/apsa13-01.html
https://www.acunetix.com/vulnerabilities/web/adobe-coldfusion-9-administrative-login-bypass
http://eyeonforensics.blogspot.com/2013/03/a-cold-day-in-e-commerce-guest-post.html
http://doa.alaska.gov/ets/security/S_Advisory/SA2013-093.pdf
http://blogs.coldfusion.com/assets/content/security/Security%20Best%20Practices%20for%20ColdFusion.pdf
http://www.securityweek.com/adobe-warns-attacks-exploiting-coldfusion-vulnerabilities-fix-coming
http://www.livehacking.com/category/vulnerability/adobe/
http://www.pcworld.com/article/2025406/adobe-patches-actively-exploited-coldfusion-vulnerabilities.html
http://www.itworld.com/article/2714589/security/adobe-warns-of-actively-exploited-coldfusion-flaws.html
http://www.computerworld.com/article/2494475/malware-vulnerabilities/adobe-warns-of-actively-exploited-coldfusion-flaws.html
http://www.mis-asia.com/tech/security/adobe-warns-of-actively-exploited-coldfusion-flaws/
https://www.trustwave.com/Resources/SpiderLabs-Blog/The-Curious-Case-of-the-Malicious-IIS-Module--Pr...
http://blogs.elis.org/isa/attackers-exploited-coldfusion-vulnerability-to-install-microsoft-iis-malw...
Information disclosure
The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.Software: ColdFusion
Links:
http://www.adobe.com/support/security/bulletins/apsb13-03.html
http://www.adobe.com/support/security/advisories/apsa13-01.html
https://www.acunetix.com/vulnerabilities/web/adobe-coldfusion-9-administrative-login-bypass
http://eyeonforensics.blogspot.com/2013/03/a-cold-day-in-e-commerce-guest-post.html
http://doa.alaska.gov/ets/security/S_Advisory/SA2013-093.pdf
http://www.securityweek.com/adobe-warns-attacks-exploiting-coldfusion-vulnerabilities-fix-coming
http://www.livehacking.com/category/vulnerability/adobe/
http://www.pcworld.com/article/2025406/adobe-patches-actively-exploited-coldfusion-vulnerabilities.h...
http://www.itworld.com/article/2714589/security/adobe-warns-of-actively-exploited-coldfusion-flaws.h...
http://www.computerworld.com/article/2494475/malware-vulnerabilities/adobe-warns-of-actively-exploit...
http://www.mis-asia.com/tech/security/adobe-warns-of-actively-exploited-coldfusion-flaws/
http://energy.gov/cio/articles/v-063-adobe-coldfusion-bugs-let-remote-users-gain-access-and-obtain-i...
Authentication bypass
The vulnerability allows a remote attacker to bypass authentication and gain unauthorized access to vulnerable system.
The vulnerability exists due to an error within administrator.cfc. A remote unauthenticated attacker can access Adobe ColdFusion application using a default empty password, login to the RDS component and leverage this session to access administrative web interface.
Successful exploitation of this vulnerability results in unauthorized access to Adobe ColdFusion.
Note: the vulnerability was being actively exploited.The vulnerability was used to compromise website of the Washington state Administrative Office of the Courts (AOC).
Software: ColdFusion
Links:
http://www.adobe.com/support/security/advisories/apsa13-01.html
http://www.adobe.com/support/security/bulletins/apsb13-03.html
https://www.symantec.com/security_response/attacksignatures/detail.jsp?asid=27201
https://www.acunetix.com/vulnerabilities/web/adobe-coldfusion-9-administrative-login-bypass
https://vulners.com/metasploit/MSF:EXPLOIT/MULTI/HTTP/COLDFUSION_RDS
http://www.livehacking.com/category/vulnerability/adobe/
http://www.pcworld.com/article/2025406/adobe-patches-actively-exploited-coldfusion-vulnerabilities.h...
http://www.carehart.org/blog/client/index.cfm/2013/1/2/Part2_serious_security_threat
https://www.scmagazine.com/weakness-in-adobe-coldfusion-allowed-court-hackers-access-to-160k-ssns/ar...
http://www.itnews.com.au/news/a-million-drivers-licenses-possibly-stolen-via-coldfusion-hole-342953
http://krebsonsecurity.com/tag/amcrin/
Memory corruption
The vulnerability allows a remote attacker to execute arbitrary code on the target system.The vulnerability was reported by Alexander Gavrun. The exploit was used by Aurora Group.
Software: Adobe Flash Player
Known/fameous malware:
Exploit:SWF/CVE-2012-1535.A.
Links:
https://lists.opensuse.org/opensuse-security-announce/2012-08/msg00010.html
http://www.adobe.com/support/security/bulletins/apsb12-18.html
https://blogs.technet.microsoft.com/mmpc/2012/08/28/a-technical-analysis-on-cve-2012-1535-adobe-flas...
https://www.symantec.com/connect/blogs/cve-2012-1535-adobe-flash-player-vulnerability-exploited-mult...
https://www.symantec.com/security_response/attacksignatures/detail.jsp?asid=25878
https://www.f-secure.com/en/web/labs_global/cve-2012-1535
http://contagiodump.blogspot.co.uk/2012/08/cve-2012-1535-samples-and-info.html
https://securingtomorrow.mcafee.com/mcafee-labs/adobe-flash-update-counters-cve-2012-1535/
http://blog.talosintel.com/2012/08/cve-2012-1535-flash-0-day-in-wild.html
http://www.digital4rensics.com/blog/2012/08/brief-osint-review-for-cve-2012-1535-attacks/
https://www.alienvault.com/blogs/labs-research/cve-2012-1535-adobe-flash-being-exploited-in-the-wild
http://www.ehackingnews.com/2012/08/cve-2012-1535-adobe-flash-player-exploit.html
http://thehackernews.com/2012/09/operation-aurora-other-zero-day-attacks.html
Type Confusion
The vulnerability allows a remote attacker to execute arbitrary code on the target system.This vulnerability has been exploited in the wild as part of the "World Uyghur Congress Invitation.doc" e-mail attack.
Software: Adobe Flash Player
Known/fameous malware:
TROJ_SCRIPBRID.A; backdoor BKDR_INJECT.EVL.
Links:
https://www.adobe.com/support/security/bulletins/apsb12-09.html
http://contagiodump.blogspot.com/2012/05/may-3-cve-2012-0779-world-uyghur.html
https://www.symantec.com/connect/blogs/targeted-attacks-using-confusion-cve-2012-0779
http://blog.trendmicro.com/trendlabs-security-intelligence/recent-threats-highlight-vulnerabilities-...
https://krebsonsecurity.com/2012/05/critical-flash-update-fixes-zero-day-flaw/
https://www.alienvault.com/blogs/labs-research/several-targeted-attacks-exploiting-adobe-flash-playe...
https://blogs.technet.microsoft.com/mmpc/2012/05/24/a-technical-analysis-of-adobe-flash-player-cve-2...
http://blog.shadowserver.org/2012/05/15/cyber-espionage-strategic-web-compromises-trusted-websites-s...
https://www.reddit.com/r/netsec/comments/ta12k/several_targeted_attacks_exploiting_adobe_flash/
http://thehackernews.com/2012/09/operation-aurora-other-zero-day-attacks.html
http://www.securityweek.com/adobe-patches-zero-day-vulnerability-used-targeted-attacks
https://www.symantec.com/security_response/attacksignatures/detail.jsp?asid=25718
Cross-site scripting
The vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.The vulnerability was used to target Webmail accounts.
Software: Adobe Flash Player
Links:
https://lists.opensuse.org/opensuse-security-announce/2012-02/msg00014.html
http://www.adobe.com/support/security/bulletins/apsb12-03.html
https://blog.fortinet.com/2012/02/17/fortinet-researchers-detect-eight-critical-adobe-flaws
https://www.cnet.com/forums/discussions/security-update-available-for-adobe-flash-player-apsb12-03-5...
http://www.zdnet.com/article/adobe-flash-player-xss-flaw-under-active-attack/
http://www.darkreading.com/attacks-breaches/flash-zero-day-used-in-targeted-email-attacks/d/d-id/113...
http://cert.europa.eu/static/SecurityAdvisories/CERT-EU-SA2012-0019.txt
Memory corruption
The vulnerability allows a remote attacker to execute arbitrary code on the target system.Software: Adobe Reader
Known/fameous malware:
EvilBunny
Links:
http://www.adobe.com/support/security/bulletins/apsb11-30.html
http://www.adobe.com/support/security/bulletins/apsb12-01.html
http://blog.9bplus.com/analyzing-cve-2011-4369-part-one/
https://www.redhat.com/archives/rhsa-announce/2012-January/msg00003.html
http://www.computerworld.com/article/2499997/security0/symantec-confirms-reader-exploits-targeted-de...
http://www.pcworld.com/article/246390/adobe_patches_two_actively_exploited_vulnerabilities_in_reader...
http://technology.ky.gov/COT%20Alerts/Adobe%20Remote%20Code%20Execution%20Vulnerabilities.pdf
http://www.theregister.co.uk/2011/12/17/adobe_reader_critical_update/
http://www.infosecurity-magazine.com/news/adobe-patches-critical-security-holes-in-reader/
http://www.hawaii.edu/technews/notice.php?id=187891
https://msisac.cisecurity.org/advisories/2011/2011-072b.cfm
Memory corruption
The vulnerability allows a remote attacker to execute arbitrary code on the target system.This 0-day vulnerability was discovered by Lockheed MartinтАЩs Computer Incident Response Team and was found that it is part of a targeted attack. The sample of the exploit analyzed by the researchers appears to come from BarclayтАЩs bank in New York City.
Software: Adobe Reader
Known/fameous malware:
Trojan Sykipot.
Links:
http://www.adobe.com/support/security/advisories/apsa11-04.html
https://www.adobe.com/support/security/bulletins/apsb11-30.html
http://contagiodump.blogspot.com/2011/12/adobe-zero-day-cve-2011-2462.html
https://securingtomorrow.mcafee.com/mcafee-labs/inside-adobe-reader-zero-day-exploit-cve-2011-2462/
https://eternal-todo.com/blog/cve-2011-2462-exploit-analysis-peepdf
http://www.trendmicro.com/vinfo/us/threat-encyclopedia/vulnerability/2366/vulnerability-in-u3d-compo...
http://blog.9bplus.com/analyzing-cve-2011-2462/
https://blogs.forcepoint.com/security-labs/adobe-reader-and-acrobat-vulnerability-cve-2011-2462
https://www.totaldefense.com/security-blog/new-zero-day-attack-in-adobe-products-cve-2011-2462
http://www.threatgeek.com/2011/12/adobe-reader-0-day-notes-cve-2011-2462.html
https://vulners.com/metasploit/MSF:EXPLOIT/WINDOWS/FILEFORMAT/ADOBE_READER_U3D
https://www.fireeye.com/blog/threat-research/2013/02/threat-actors-mandiant-apt1-report-spear-phishi...
https://nakedsecurity.sophos.com/2011/12/10/targeted-emails-exploit-new-acrobat-reader-vulnerability...
https://www.totaldefense.com/security-blog/new-zero-day-attack-in-adobe-products-cve-2011-2462
https://www.mysonicwall.com/sonicalert/searchresults.aspx?ev=article&id=398
http://securityresponse.symantec.com/threatreport/topic.jsp?id=vulnerability_trends&aid=notable_zero...
http://www.securityweek.com/adobe-warns-critical-zero-day-vulnerability-reader-and-acrobat-products
Cross-site scripting
The vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-input passed via a crafted URL. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in userтАЩs browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
Note: the vulnerability was being actively exploited in click-jacking campaigns.
Reported by Huzaifa S. Sidhpurwala.
That vulnerability shares some traits with an earlier Flash flaw that was used to target Gmail accounts in June.
Software: Adobe Flash Player
Links:
https://googlechromereleases.blogspot.com/2011/09/stable-channel-update_20.html
http://www.adobe.com/support/security/bulletins/apsb11-26.html
http://www.techcentral.ie/adobe-patches-critical-flash-bug/
http://energy.gov/cio/articles/t-723adobe-flash-player-multiple-bugs-let-remote-users-obtain-informa...
http://www.macworld.co.uk/news/mac-software/adobe-patches-flash-bug-hackers-are-already-exploiting-3...
http://www.infosecisland.com/blogview/16669-Adobe-Issues-Patch-for-Flash-Zero-Day-Vulnerability.html
http://www.simmtester.com/page/news/shownews.asp?num=14190
http://blogs.utpa.edu/infosecurity/2011/09/23/cross-site-scripting-xss-vulnerability-in-adobe-flash-...
http://blog.trendmicro.com/trendlabs-security-intelligence/adobe-releases-out-of-band-patch/
https://www.intego.com/mac-security-blog/zero-day-flash-vulnerability-prompts-rushed-update/
http://www.its.ms.gov/Services/SecurityAlerts/2011_9_21-Multiple-Vulnerabilities-in-Adobe-Flash-Play...
Memory corruption
The vulnerability allows a remote attacker to execute arbitrary code on the target system.This is the same vulnerability that was used for attacks against Korean based organizations.
The vulnerability wasd exploited to compromise legitimate websites
(including an Indian government site, a US airport site, and an
aerospace site).
Software: Adobe Flash Player
Links:
http://www.adobe.com/support/security/bulletins/apsb11-18.html
https://www.symantec.com/security_response/attacksignatures/detail.jsp?asid=24336
https://www.zscaler.com/blogs/research/patching-flash-cve-2011-2110-post-mortem
http://zscaler-research.blogspot.com/2011/06/oh-flash-cve-2011-2110-0-day.html
https://www.rapid7.com/db/modules/exploit/windows/browser/adobe_flashplayer_arrayindexing
http://www.shadowserver.org/wiki/pmwiki.php/Calendar/20110617
https://blogs.technet.microsoft.com/mmpc/2011/07/01/a-technical-analysis-on-the-exploit-for-cve-2011...
http://www.infoworld.com/article/2621840/patch-management/adobe-patches-second-flash-zero-day-in-9-d...
Cross-site scripting
The vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-input. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in userтАЩs browser in context of website hosting an .swf file.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
Note: the vulnerability was being actively exploited.The pay for an exploit might be around $5k-$10k at the moment.
Software: Adobe Flash Player
Links:
http://www.adobe.com/support/security/bulletins/apsb11-13.html
https://googlechromereleases.blogspot.com/2011/06/stable-channel-update.html
http://support.blackberry.com/kb/articleDetail?ArticleNumber=000027240
https://devcentral.f5.com/articles/flash-player-universal-xss-vulnerability-cve-2011-2107
https://www.symantec.com/security_response/attacksignatures/detail.jsp?asid=24302
http://support.blackberry.com/kb/articleDetail?ArticleNumber=000027240
http://www.macworld.co.uk/news/mac-software/adobe-flash-patched-after-zero-day-attacks-3284214/
https://devcentral.f5.com/Portals/0/Cache/Pdfs/2807/flash-player-universal-xss-vulnerability--cve-20...
http://news.softpedia.com/news/Adobe-Fixes-Actively-Exploited-Flash-Player-XSS-Flaw-204376.shtml
http://www.infoworld.com/article/2621874/hacking/hackers-exploit-flash-bug-in-new-attacks-against-gm...
http://www.eweek.com/c/a/Security/Adobe-Patches-XSS-ZeroDay-Flaw-in-Flash-Used-in-Google-Gmail-Attac...
https://www.cnet.com/au/news/adobe-issues-fix-for-flash-hole-being-used-in-attacks/
http://www.computerdealernews.com/news/adobe-flash-patched-after-zero-day-attacks/7323
Memory corruption
The vulnerability allows a remote attacker to execute arbitrary code on the target system.There are reports of malware attempting to exploit this vulnerability via a Flash (.swf) file embedded in a Microsoft Word (.doc) or Microsoft Excel (.xls) file delivered as an email attachment targeting the Windows platform.
Software: Adobe Flash Player
Integer Overflow
The vulnerability allows a remote attacker to execute arbitrary code on the target system.According to Symantec the first exploitation of the vulnerability was discovered on 2010-01-03.
Software: Adobe Flash Player
Known/fameous malware:
Bloodhound.Exploit.412
Links:
https://www.symantec.com/security_response/vulnerability.jsp?bid=47815
https://ae.norton.com/security_response/print_writeup.jsp?docid=2011-062402-3901-99
http://www.adobe.com/support/security/bulletins/apsb11-12.html
https://novasecure.neonova.net/threats/details.cgi?id=513314
http://freecode.com/articles/red-hat-an-updated-adobe-flash-player-package-fixes-multiple-security-i...
http://support.blackberry.com/kb/articleDetail?ArticleNumber=000027365
https://users.ece.cmu.edu/~tdumitra/public_documents/bilge12_zero_day.pdf
Memory corruption
The vulnerability allows a remote attacker to execute arbitrary code on the target system.The vulnerability has being used during 1 month before disclosure. The campaign started with spam emails enticing users to open its attachment, typically a Microsoft Word document (or a zip file of a Microsoft Word document), which contained inside the malicious Flash exploit.
Software: Adobe Flash Player
Known/fameous malware:
Microsoft - Exploit:SWF/CVE-2011-0611.C, NOD32 - JS/Exploit.Pdfka.OXL.Gen, Symantec - Trojan.Pidief, Ikarus - Exploit.JS.ShellCode.
Links:
https://www.fireeye.com/blog/threat-research/2013/02/operation-beebus.html
https://secunia.com/?action=fetch&filename=Secunia_Whitepaper_CVE-2011-0611.pdf
https://support.symantec.com/en_US/article.TECH157906.html
http://www.adobe.com/support/security/advisories/apsa11-02.html
http://www.adobe.com/support/security/bulletins/apsb11-07.html
http://www.adobe.com/support/security/bulletins/apsb11-08.html
https://blogs.technet.microsoft.com/mmpc/2011/04/12/analysis-of-the-cve-2011-0611-adobe-flash-player...
http://contagiodump.blogspot.com/2011/04/apr-8-cve-2011-0611-flash-player-zero.html
https://blog.qualys.com/securitylabs/2011/04/15/placeholder
http://www.kahusecurity.com/2011/flash-0day-found-in-drive-by/
http://www.securitytube.net/video/1747
http://poc-hack.blogspot.com/2011/04/adobe-flash-player-cve-2011-0611-swf.html
http://securityaffairs.co/wordpress/27224/cyber-crime/kaspersky-report-energetic-bear.html
Memory corruption
The vulnerability allows a remote attacker to execute arbitrary code on the target system.The vulnerability was used o target RSA. Two phishing emails with Microsoft Excel document with exploit were sent to two different groups of employees. The document with exploit code was named "2011 Recruitment plan.xls".
Software: Adobe Flash Player
Known/fameous malware:
Exploit:SWF/CVE-2011-0609
Kaspersky Lab products detected the variants as тАЬTrojan-ropper.MSExcel.SWFDropтАЭ.
Links:
http://www.adobe.com/support/security/advisories/apsa11-01.html
http://www.adobe.com/support/security/bulletins/apsb11-06.html
http://www.kb.cert.org/vuls/id/192052
http://bugix-security.blogspot.com/2011/03/cve-2011-0609-adobe-flash-player.html
http://blogs.adobe.com/security/2011/03/background-on-apsa11-01-patch-schedule.html
https://cxsecurity.com/issue/WLB-2011030180
https://vimeo.com/22160459
http://m.2cto.com/Article/201104/87463.html
https://www.cnet.com/forums/discussions/security-advisory-for-adobe-flash-player-reader-acrobat-5204...
http://remove-malware-removal.com/post/How-to-Remove-SWFExploit.CVE-2011-0609.A-Instantly_14_214388....
https://vulners.com/metasploit/MSF:EXPLOIT/WINDOWS/BROWSER/ADOBE_FLASHPLAYER_AVM
https://blogs.rsa.com/anatomy-of-an-attack/
Memory corruption
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to boundary when processing .swf files in Adobe Flash Player. A remote attacker can create a specially crafted. swf file, trick the victim into opening it, cause memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Note: this vulnerability is being actively exploited via specially crafted .pdf files.
The vulnerability has been exploited during Sykipot campaigns and Luckycat attacks.
Software: Adobe Flash Player
Links:
http://www.adobe.com/support/security/advisories/apsa10-05.htm
http://www.adobe.com/support/security/bulletins/apsb10-28.html
http://www.adobe.com/support/security/bulletins/apsb10-26.html?sdid=XKMMHJ2P
http://contagiodump.blogspot.com/2010/10/potential-new-adobe-flash-player-zero.html
https://www.google.com.ua/url?sa=t&rct=j&q=&esrc=s&source=web&cd=19&cad=rja&...
https://blogs.technet.microsoft.com/mmpc/2010/11/16/explore-the-cve-2010-3654-matryoshka/
http://www.eweek.com/c/a/Security/Adobe-Flash-Vulnerability-Advisory-Appears-Alongside-Shockwave-Pat...
http://blog.shavlik.com/new-version-of-adobe-flash-available/
https://blogs.forcepoint.com/security-labs/adobe-flash-player-adobe-reader-and-acrobat-0-day-cve-201...
http://www.rationallyparanoid.com/articles/consistently-vulnerable-systems.html
http://www.pctools.com/security-news/adobe-flash-0day-vulnerability/
https://vulners.com/metasploit/MSF:EXPLOIT/WINDOWS/FILEFORMAT/ADOBE_FLASHPLAYER_BUTTON
Memory corruption
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing Adobe Director file with a specific value in an "rcsL" field causing an array-indexing error. A remote attacker can create a specially crafted Adobe Director file, trick the victim into opening it, cause memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in compromise of vulnerable system.
Note: this vulnerability is being actively exploited.
Software: Shockwave Player
Known/fameous malware:
Win32/Exploit.CVE-2010-3653.A
Links:
http://www.adobe.com/support/security/advisories/apsa10-04.html
http://www.adobe.com/support/security/bulletins/apsb10-25.html
https://www.publicsafety.gc.ca/cnt/rsrcs/cybr-ctr/2010/av10-047-eng.aspx
https://www.symantec.com/security_response/attacksignatures/detail.jsp?asid=24011
https://threatpost.com/attack-code-published-adobe-shockwave-zero-day-102110/74599/
Memory corruption
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to boundary error when processing malicious SWF files. A remote attacker can create a specially crafted .swf document, trick the victim into opening it, cause memory corruption and execute arbitrary code on vulnerable system.
Successful exploitation of the vulnerability results in compromise of vulnerable system.
Was used to compromise Amnesty Hong Kong website. The vulnerability in Adobe Flash Player was patched on September, 20 in Adobe Reader and Acrobat on October, 5. The vulnerability was disclosed by Mila Parkour.
Software: Adobe Flash Player
Known/fameous malware:
The exploit:swf/cve-2010-2884.c
Links:
http://www.adobe.com/support/security/advisories/apsa10-03.html
http://www.adobe.com/support/security/bulletins/apsb10-22.html
http://www.adobe.com/support/security/bulletins/apsb10-21.html
https://www.nartv.org/2010/11/12/nobel-peace-prize-amnesty-hk-and-malware/
https://blogs.forcepoint.com/security-labs/second-adobe-0-day-vulnerability-just-one-week-cve-2010-2...
https://security.googleblog.com/2010/09/stay-safe-while-browsing.html
http://www.beyondsecurity.com/scan_pentest_network_vulnerabilities_flash_player_unspecified_code_exe...
http://news.softpedia.com/news/Actively-Exploited-Flash-Player-Vulnerability-Patched-in-Chrome-15696...
http://news.softpedia.com/news/Flash-Zero-Day-Actively-Exploited-in-the-Wild-156238.shtml
Stack-based buffer overflow
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to boundary error when handling specially crafted fonts within PDF document. A remote attacker can create a specially crafted PDF document, trick the victim into opening it, cause stack-based buffer overflow and execute arbitrary code on vulnerable system.
Successful exploitation of the vulnerability results in compromise of vulnerable system.
Note: this vulnerability is being actively exploited.
According to Symantec the first exploitation of the vulnerability was detected on 2008-12-14.
Software: Adobe Reader
Known/fameous malware:
Exploit:Win32/CVE-2010-2883.A
Trojan horse Exploit_c.JLU (AVG)
Exploit.PDF.1533 (Dr.Web)
Exploit.PDF-JS.Gen(Sunbelt Software)
Bloodhound.Exploit.357 (Symantec).
Links:
http://www.adobe.com/support/security/bulletins/apsb10-21.html
http://www.adobe.com/support/security/advisories/apsa10-02.html
https://blogs.forcepoint.com/security-labs/adobe-reader-0-day-vulnerability-cve-2010-2883
/Adobe+SING+table+parsing+exploit+CVE20102883+in+the+wild/9541/
https://www.symantec.com/security_response/attacksignatures/detail.jsp?asid=23889
https://pentestn00b.wordpress.com/2010/09/15/new-adobe-0day-cve-2010-2883/
http://developers-club.com/posts/104137/
https://nakedsecurity.sophos.com/2010/09/08/adobe-advises-reader-acrobat-vulnerability/
https://forum.kaspersky.com/index.php?showtopic=184980
https://quequero.org/2014/09/pdf-analysis-of-nuclear-pack-ek-and-cve-2010-0188-cve-2013-2883/
https://users.ece.cmu.edu/~tdumitra/public_documents/bilge12_zero_day.pdf
Integer overflow
The vulnerability allows a remote attacker to execute arbitrary code on the target system.Note: this vulnerability is being actively exploited in the wild.
The vulnerability was presented by the researcher Charlie Miller at the Black Hat USA 2010 security conference on July, 25 in Las Vegas.
Adobe credits Google security engineer Tavis Ormandy with its discovery. Apparently this is one of the relatively rare cases where two security researchers discover the same vulnerability independently of each other. In this case Mr. Ormandy reported it to Adobe first and in private.
According to Symantec the first exploitation of the vulnerability was discovered on 2009-03-05.
Software: Adobe Reader
Known/fameous malware:
Exploit: Boodhound.Exploit.353
Links:
http://www.adobe.com/support/security/bulletins/apsb10-17.html
https://threatpost.com/demo-cve-2010-2862-adobe-reader-flaw-exploit-090210/74418/
http://www.zdnet.com/article/adobe-confirms-pdf-security-hole-in-reader/
https://www.suse.com/fr-fr/security/cve/CVE-2010-2862
https://www.cnet.com/forums/discussions/out-of-band-security-updates-for-adobe-reader-and-acrobat-40...
http://news.softpedia.com/news/Out-of-Band-Critical-Security-Updates-for-Reader-and-Acrobat-Released...
http://www.itprofessionalservices.net/ARPatch1017.shtml
http://securitygarden.blogspot.com/2010/08/adobe-reader-and-acrobat-critical.html
ttp://www.zdnet.com/article/adobe-readies-emergency-fix-for-critical-pdf-reader-security-hole/
https://www.youtube.com/watch?v=4OL8Kwz5b6Y
http://blog.shavlik.com/new-adobe-security-advisory-released/
https://www.publicsafety.gc.ca/cnt/rsrcs/cybr-ctr/2010/av10-033-eng.aspx
http://beqiraj.de/post/Adobe-Reader-and-Acrobat-8-2-4-update-available
http://www.planetpdf.com/enterprise/article.asp?ContentID=Adobe_releases_patch_for_Reader_and_Acroba...
http://www.bleepingcomputer.com/forums/t/340741/adobe-reader-out-of-band-security-updates-on-august-...
http://www.itproportal.com/2010/08/06/adobe-prepares-patch-zero-day-pdf-flaw/
http://www.theregister.co.uk/2010/08/05/emergency_adobe_reader_patch/
http://www.pcworld.com/article/203692/patch_critical_security_flaws_in_adobe_reader_and_acrobat.html
https://community.landesk.com/docs/DOC-14222
http://windowssecrets.com/forums/showthread.php/131549-Patch-Watch-update-Critical-Adobe-Reader-patc...
http://www.divinge.com/news/Adobe-readies-emergency-fix-for-critical-PDF-Reader-security-hole/
https://fe-ddis.dk/cfcs/CFCSDocuments/Zeroday.pdf
https://users.ece.cmu.edu/~tdumitra/public_documents/bilge12_zero_day.pdf
Heap-based buffer overflow
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing .swf files. A remote attacker can create a specially crafted .swf file, trick the victim into opening it, cause heap-based buffer overflow and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in compromise of vulnerable system.
Note: this vulnerability is being actively exploited.
The vulnerability is called "endless zero-day".
The vulnerability was exploited in Taidoor campaign primarily targeting government organizations located in Taiwan.
Software: Adobe Flash Player
Known/fameous malware:
Trojan.Pidief.J
Links:
http://www.adobe.com/support/security/advisories/apsa10-01.html
http://www.adobe.com/support/security/bulletins/apsb10-15.html
https://www.symantec.com/connect/blogs/analysis-zero-day-exploit-adobe-flash-and-reader
https://www.symantec.com/connect/blogs/zero-day-attack-wild-adobe-flash-reader-and-acrobat
https://success.trendmicro.com/solution/1055909
https://nakedsecurity.sophos.com/2010/06/08/mitigations-flash-vulnerability-cve20101297/
https://access.redhat.com/security/cve/cve-2010-1297
http://stopmalvertising.com/malware-reports/analysis-of-budget.pdf-exploit.swf.cve-2010-1297.a.html
http://seclists.org/metasploit/2010/q2/416
https://blogs.forcepoint.com/security-labs/adobe-0-day-vulnerability-flash-adobe-reader-and-acrobat-...
https://www.greyhathacker.net/?p=201
http://www.topitvideos.com/adobe-cve-2010-1297-pdf-exploit-demonstation/
http://developers-club.com/posts/96879/
https://blogs.forcepoint.com/security-labs/month-threat-webscape-june-2010
http://calhoun.nps.edu/bitstream/handle/10945/5016/10Dec_Post.pdf?sequence=1
http://www.pandasecurity.com/mediacenter/security/cloud-av-free-blocks-adobe-0-day/
Heap-based buffer overflow
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to boundary error in the custom heap management system in Adobe Reader and Acrobat. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Note: this vulnerability is being actively exploited in the wild.
According to Symantec the first exploitation of the vulnerability was discovered on 2008-11-29.
Software: Adobe Reader
Known/fameous malware:
Bloodhound.Exploit.293
Improper validation of array index
The vulnerability allows a remote attacker to execute arbitrary code on the target system.Note: this vulnerability is being actively exploited.
The vulnerability was used in spear-phishing attacks in December, 2009.
Software: Adobe Reader
Use-after-free error
The vulnerability allows a remote attacker to execute arbitrary code on the target system.Software: Adobe Reader
Known/fameous malware:
Trojan.Pidief.H
Links:
http://www.adobe.com/support/security/advisories/apsa09-07.html
http://www.adobe.com/support/security/bulletins/apsb10-02.html
https://www.symantec.com/connect/blogs/zero-day-xmas-present
https://www.symantec.com/security_response/writeup.jsp?docid=2009-121511-4614-99
http://www.shadowserver.org/wiki/pmwiki.php/Calendar/20091214
http://contagiodump.blogspot.com/2009/12/virustotal-httpwww.html
http://blogs.adobe.com/psirt/?p=74
https://isc.sans.edu/diary/Sophisticated%2C+targeted+malicious+PDF+documents+exploiting+CVE-2009-432...
http://www.welivesecurity.com/2010/01/04/adobe-javascript-and-the-cve-2009-4324-exploit/http://temer...
http://www.bitdefender.com/news/critical-zero-day-exploits-hit-internet-explorer-and-adobe-reader-12...
https://www.decalage.info/exefilter_pdf_exploits
https://fe-ddis.dk/cfcs/CFCSDocuments/Zeroday.pdf
https://users.ece.cmu.edu/~tdumitra/public_documents/bilge12_zero_day.pdf
http://blog.trendmicro.com/trendlabs-security-intelligence/new-adobe-zero-day-vulnerability-again/
Heap-based buffer overflow
The vulnerability allows a remote attacker to execute arbitrary code on the target system.Software: Adobe Reader
Known/fameous malware:
PDF/Exploit.CVE-2009-3459.A
Links:
http://www.adobe.com/support/security/bulletins/apsb09-15.html
https://isc.sans.edu/diary/New+Adobe+Vulnerability+Exploited+in+Targeted+Attacks/7300
http://www.enigmasoftware.com/adobe-reader-vulnerability-cve-2009-3459-allows-hackers-insert-backdoo...
https://vulners.com/metasploit/MSF:EXPLOIT/WINDOWS/BROWSER/ADOBE_FLATEDECODE_PREDICTOR02
http://temerc.com/forums/viewtopic.php?t=7821
http://www.rationallyparanoid.com/articles/emet-testing.html
https://media.blackhat.com/bh-eu-10/presentations/Li_Lovet/BlackHat-EU-2010-Li-Lovet-Adobe-Heap-slid...
https://blog.didierstevens.com/2009/10/13/update-pdfid-version-0-0-9-to-detect-another-adobe-0day/
http://blog.trendmicro.com/trendlabs-security-intelligence/new-adobe-zero-day-exploit/
https://blog.fortinet.com/2009/10/19/on-the-recent-pdf-exploit
Memory corruption
The vulnerability allows a remote attacker to execute arbitrary code on the target system.Software: Adobe Flash Player
Known/fameous malware:
Trojan.Pidief.G
Troj/SWFExp-M
Troj/SWFExp-N
Links:
http://www.adobe.com/support/security/advisories/apsa09-03.html
http://www.adobe.com/support/security/bulletins/apsb09-10.html
https://www.symantec.com/security_response/writeup.jsp?docid=2009-072209-2512-99
https://www.symantec.com/connect/blogs/next-generation-flash-vulnerability
https://www.cnet.com/news/adobe-investigating-zero-day-bug-in-flash/
https://isc.sans.edu/diary/YA0D+%28Yet+Another+0-Day%29+in+Adobe+Flash+player/6847
http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html
http://www.nobunkum.ru/analytics/en-flash
http://idp.cyberoam.com/signatures/2090727071.html
Stack-based buffer overflow
The vulnerability allows a remote attacker to execute arbitrary code on the target system.The vulnerability was fixed at first in Adobe Reader 8.x branch, leaving vulnerable Adobe Reader 9.x. It is unclear, if this vulnerability was exploited before Adobe issued patch for Adobe Reader 8.x.
According to Symantec, they have spotted active exploitation of this vulnerability on April 6, 2009.
According to Trustwave report, this vulnerability was exploited in targeted attacks as a zero-day exploit targeting the aviation defense Industry. Given the confusion regarding exploitation we have considered to treat this vulnerability as a zero-day.
Software: Adobe Reader
Known/fameous malware:
TROJ_PIDIEF.OE
The vulnerability was fixed at first in Adobe Reader 8.x branch, leaving vulnerable Adobe Reader 9.x. It is unclear, if this vulnerability was exploited before Adobe issued patch for Adobe Reader 8.x.
According to Symantec, they have spotted active exploitation of this vulnerability on April 6, 2009.
According to Trustwave report, this vulnerability was exploited in targeted attacks as a zero-day exploit targeting the aviation defense Industry. Given the confusion regarding exploitation we have considered to treat this vulnerability as a zero-day.
Links:
http://www.adobe.com/support/security/bulletins/apsb09-04.html
http://blog.trendmicro.com/trendlabs-security-intelligence/adobe-acrobatreader-geticon-vuln-exploit-...
https://www.trustwave.com/Resources/Library/Documents/2013-Trustwave-Global-Security-Report/?dl=1
http://www.ehackingnews.com/2012/09/pdf-exploits-targets-defense-industry.html
Buffer overflow
The vulnerability allows a remote attacker to execute arbitrary code on the target system.According to Symantec the first exploitation of the vulnerability was discovered on 2008-09-02.
Software: Adobe Reader
Known/fameous malware:
Trojan.Pidief.E
Links:
http://www.adobe.com/support/security/advisories/apsa09-01.html
http://www.adobe.com/support/security/bulletins/apsb09-04.html
https://www.symantec.com/security_response/writeup.jsp?docid=2009-021212-5523-99&tabid=2
http://www.kb.cert.org/vuls/id/905281https://isc.sans.edu/diary/AdobeAcrobat+0-day+in+the+wild%3F/59...
http://blog.talosintel.com/2009/02/homebrew-patch-for-adobe-acroreader-9.html
https://www.secureworks.com/blog/research-20947
http://blog.securityactive.co.uk/2009/02/23/adobe-reader-and-acrobat-buffer-overflow-cve-2009-0658/
https://users.ece.cmu.edu/~tdumitra/public_documents/bilge12_zero_day.pdf
Code injection
The vulnerability allows a remote attacker to hijack the clipboard on the target system.Software: Adobe Flash Player
Stack-based buffer overflow
The vulnerability allows a remote attacker to execute arbitrary code on the target system.The vendor was notified of this vulnerability on 10/10/2007, however the patched was issued only 7 month later.
Software: Adobe Reader
Known/fameous malware:
Exploit kits: Impact, Incognito, Phoenix, Siberia, Styx.
Links:
https://www.adobe.com/support/security/bulletins/apsb08-13.html
http://www.adobe.com/support/security/advisories/apsa08-01.html
https://www.symantec.com/security_response/writeup.jsp?docid=2009-121708-1022-99
https://zeltser.com/pdf-stream-dumper-malicious-file-analysis/
http://infosec-summit.issa-balt.org/assets/Presentations/Jeremy_Conway_-_A_Look_Inside_the_PDF_Attac...