Zero-day vulnerabilities discovered: 8
Memory corruption
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to boundary when processing .swf files in Adobe Flash Player. A remote attacker can create a specially crafted. swf file, trick the victim into opening it, cause memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Note: this vulnerability is being actively exploited via specially crafted .pdf files.
The vulnerability has been exploited during Sykipot campaigns and Luckycat attacks.
Software: Adobe Flash Player
Links:
http://www.adobe.com/support/security/advisories/apsa10-05.htm
http://www.adobe.com/support/security/bulletins/apsb10-28.html
http://www.adobe.com/support/security/bulletins/apsb10-26.html?sdid=XKMMHJ2P
http://contagiodump.blogspot.com/2010/10/potential-new-adobe-flash-player-zero.html
https://www.google.com.ua/url?sa=t&rct=j&q=&esrc=s&source=web&cd=19&cad=rja&...
https://blogs.technet.microsoft.com/mmpc/2010/11/16/explore-the-cve-2010-3654-matryoshka/
http://www.eweek.com/c/a/Security/Adobe-Flash-Vulnerability-Advisory-Appears-Alongside-Shockwave-Pat...
http://blog.shavlik.com/new-version-of-adobe-flash-available/
https://blogs.forcepoint.com/security-labs/adobe-flash-player-adobe-reader-and-acrobat-0-day-cve-201...
http://www.rationallyparanoid.com/articles/consistently-vulnerable-systems.html
http://www.pctools.com/security-news/adobe-flash-0day-vulnerability/
https://vulners.com/metasploit/MSF:EXPLOIT/WINDOWS/FILEFORMAT/ADOBE_FLASHPLAYER_BUTTON
Memory corruption
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing Adobe Director file with a specific value in an "rcsL" field causing an array-indexing error. A remote attacker can create a specially crafted Adobe Director file, trick the victim into opening it, cause memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in compromise of vulnerable system.
Note: this vulnerability is being actively exploited.
Software: Shockwave Player
Known/fameous malware:
Win32/Exploit.CVE-2010-3653.A
Links:
http://www.adobe.com/support/security/advisories/apsa10-04.html
http://www.adobe.com/support/security/bulletins/apsb10-25.html
https://www.publicsafety.gc.ca/cnt/rsrcs/cybr-ctr/2010/av10-047-eng.aspx
https://www.symantec.com/security_response/attacksignatures/detail.jsp?asid=24011
https://threatpost.com/attack-code-published-adobe-shockwave-zero-day-102110/74599/
Memory corruption
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to boundary error when processing malicious SWF files. A remote attacker can create a specially crafted .swf document, trick the victim into opening it, cause memory corruption and execute arbitrary code on vulnerable system.
Successful exploitation of the vulnerability results in compromise of vulnerable system.
Was used to compromise Amnesty Hong Kong website. The vulnerability in Adobe Flash Player was patched on September, 20 in Adobe Reader and Acrobat on October, 5. The vulnerability was disclosed by Mila Parkour.
Software: Adobe Flash Player
Known/fameous malware:
The exploit:swf/cve-2010-2884.c
Links:
http://www.adobe.com/support/security/advisories/apsa10-03.html
http://www.adobe.com/support/security/bulletins/apsb10-22.html
http://www.adobe.com/support/security/bulletins/apsb10-21.html
https://www.nartv.org/2010/11/12/nobel-peace-prize-amnesty-hk-and-malware/
https://blogs.forcepoint.com/security-labs/second-adobe-0-day-vulnerability-just-one-week-cve-2010-2...
https://security.googleblog.com/2010/09/stay-safe-while-browsing.html
http://www.beyondsecurity.com/scan_pentest_network_vulnerabilities_flash_player_unspecified_code_exe...
http://news.softpedia.com/news/Actively-Exploited-Flash-Player-Vulnerability-Patched-in-Chrome-15696...
http://news.softpedia.com/news/Flash-Zero-Day-Actively-Exploited-in-the-Wild-156238.shtml
Stack-based buffer overflow
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to boundary error when handling specially crafted fonts within PDF document. A remote attacker can create a specially crafted PDF document, trick the victim into opening it, cause stack-based buffer overflow and execute arbitrary code on vulnerable system.
Successful exploitation of the vulnerability results in compromise of vulnerable system.
Note: this vulnerability is being actively exploited.
According to Symantec the first exploitation of the vulnerability was detected on 2008-12-14.
Software: Adobe Reader
Known/fameous malware:
Exploit:Win32/CVE-2010-2883.A
Trojan horse Exploit_c.JLU (AVG)
Exploit.PDF.1533 (Dr.Web)
Exploit.PDF-JS.Gen(Sunbelt Software)
Bloodhound.Exploit.357 (Symantec).
Links:
http://www.adobe.com/support/security/bulletins/apsb10-21.html
http://www.adobe.com/support/security/advisories/apsa10-02.html
https://blogs.forcepoint.com/security-labs/adobe-reader-0-day-vulnerability-cve-2010-2883
/Adobe+SING+table+parsing+exploit+CVE20102883+in+the+wild/9541/
https://www.symantec.com/security_response/attacksignatures/detail.jsp?asid=23889
https://pentestn00b.wordpress.com/2010/09/15/new-adobe-0day-cve-2010-2883/
http://developers-club.com/posts/104137/
https://nakedsecurity.sophos.com/2010/09/08/adobe-advises-reader-acrobat-vulnerability/
https://forum.kaspersky.com/index.php?showtopic=184980
https://quequero.org/2014/09/pdf-analysis-of-nuclear-pack-ek-and-cve-2010-0188-cve-2013-2883/
https://users.ece.cmu.edu/~tdumitra/public_documents/bilge12_zero_day.pdf
Integer overflow
The vulnerability allows a remote attacker to execute arbitrary code on the target system.Note: this vulnerability is being actively exploited in the wild.
The vulnerability was presented by the researcher Charlie Miller at the Black Hat USA 2010 security conference on July, 25 in Las Vegas.
Adobe credits Google security engineer Tavis Ormandy with its discovery. Apparently this is one of the relatively rare cases where two security researchers discover the same vulnerability independently of each other. In this case Mr. Ormandy reported it to Adobe first and in private.
According to Symantec the first exploitation of the vulnerability was discovered on 2009-03-05.
Software: Adobe Reader
Known/fameous malware:
Exploit: Boodhound.Exploit.353
Links:
http://www.adobe.com/support/security/bulletins/apsb10-17.html
https://threatpost.com/demo-cve-2010-2862-adobe-reader-flaw-exploit-090210/74418/
http://www.zdnet.com/article/adobe-confirms-pdf-security-hole-in-reader/
https://www.suse.com/fr-fr/security/cve/CVE-2010-2862
https://www.cnet.com/forums/discussions/out-of-band-security-updates-for-adobe-reader-and-acrobat-40...
http://news.softpedia.com/news/Out-of-Band-Critical-Security-Updates-for-Reader-and-Acrobat-Released...
http://www.itprofessionalservices.net/ARPatch1017.shtml
http://securitygarden.blogspot.com/2010/08/adobe-reader-and-acrobat-critical.html
ttp://www.zdnet.com/article/adobe-readies-emergency-fix-for-critical-pdf-reader-security-hole/
https://www.youtube.com/watch?v=4OL8Kwz5b6Y
http://blog.shavlik.com/new-adobe-security-advisory-released/
https://www.publicsafety.gc.ca/cnt/rsrcs/cybr-ctr/2010/av10-033-eng.aspx
http://beqiraj.de/post/Adobe-Reader-and-Acrobat-8-2-4-update-available
http://www.planetpdf.com/enterprise/article.asp?ContentID=Adobe_releases_patch_for_Reader_and_Acroba...
http://www.bleepingcomputer.com/forums/t/340741/adobe-reader-out-of-band-security-updates-on-august-...
http://www.itproportal.com/2010/08/06/adobe-prepares-patch-zero-day-pdf-flaw/
http://www.theregister.co.uk/2010/08/05/emergency_adobe_reader_patch/
http://www.pcworld.com/article/203692/patch_critical_security_flaws_in_adobe_reader_and_acrobat.html
https://community.landesk.com/docs/DOC-14222
http://windowssecrets.com/forums/showthread.php/131549-Patch-Watch-update-Critical-Adobe-Reader-patc...
http://www.divinge.com/news/Adobe-readies-emergency-fix-for-critical-PDF-Reader-security-hole/
https://fe-ddis.dk/cfcs/CFCSDocuments/Zeroday.pdf
https://users.ece.cmu.edu/~tdumitra/public_documents/bilge12_zero_day.pdf
Heap-based buffer overflow
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing .swf files. A remote attacker can create a specially crafted .swf file, trick the victim into opening it, cause heap-based buffer overflow and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in compromise of vulnerable system.
Note: this vulnerability is being actively exploited.
The vulnerability is called "endless zero-day".
The vulnerability was exploited in Taidoor campaign primarily targeting government organizations located in Taiwan.
Software: Adobe Flash Player
Known/fameous malware:
Trojan.Pidief.J
Links:
http://www.adobe.com/support/security/advisories/apsa10-01.html
http://www.adobe.com/support/security/bulletins/apsb10-15.html
https://www.symantec.com/connect/blogs/analysis-zero-day-exploit-adobe-flash-and-reader
https://www.symantec.com/connect/blogs/zero-day-attack-wild-adobe-flash-reader-and-acrobat
https://success.trendmicro.com/solution/1055909
https://nakedsecurity.sophos.com/2010/06/08/mitigations-flash-vulnerability-cve20101297/
https://access.redhat.com/security/cve/cve-2010-1297
http://stopmalvertising.com/malware-reports/analysis-of-budget.pdf-exploit.swf.cve-2010-1297.a.html
http://seclists.org/metasploit/2010/q2/416
https://blogs.forcepoint.com/security-labs/adobe-0-day-vulnerability-flash-adobe-reader-and-acrobat-...
https://www.greyhathacker.net/?p=201
http://www.topitvideos.com/adobe-cve-2010-1297-pdf-exploit-demonstation/
http://developers-club.com/posts/96879/
https://blogs.forcepoint.com/security-labs/month-threat-webscape-june-2010
http://calhoun.nps.edu/bitstream/handle/10945/5016/10Dec_Post.pdf?sequence=1
http://www.pandasecurity.com/mediacenter/security/cloud-av-free-blocks-adobe-0-day/
Heap-based buffer overflow
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to boundary error in the custom heap management system in Adobe Reader and Acrobat. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Note: this vulnerability is being actively exploited in the wild.
According to Symantec the first exploitation of the vulnerability was discovered on 2008-11-29.
Software: Adobe Reader
Known/fameous malware:
Bloodhound.Exploit.293
Improper validation of array index
The vulnerability allows a remote attacker to execute arbitrary code on the target system.Note: this vulnerability is being actively exploited.
The vulnerability was used in spear-phishing attacks in December, 2009.
Software: Adobe Reader