Zero-day Vulnerability Database

Change view

Zero-day vulnerabilities discovered: 9

Remote code execution in Adobe Acrobat and Adobe Reader
CVE-2011-4369

Memory corruption

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error in the PRC component. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the system with privileges of the current user.

Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.

Note: the vulnerability was being actively exploited.

Software: Adobe Reader

Known/fameous malware:

EvilBunny

Remote code execution in Adobe Acrobat and Adobe Reader
​CVE-2011-2462

Memory corruption

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error when handling Universal 3D (U3D) data. A remote attacker can create a specially crafted .pdf file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the system with privileges of the current user.

Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.

Note: the vulnerability was being actively exploited.
i

This 0-day vulnerability was discovered by Lockheed Martin’s Computer Incident Response Team and was found that it is part of a targeted attack. The sample of the exploit analyzed by the researchers appears to come from Barclay’s bank in New York City.

Software: Adobe Reader

Known/fameous malware:

Trojan Sykipot.

This 0-day vulnerability was discovered by Lockheed Martin’s Computer Incident Response Team and was found that it is part of a targeted attack. The sample of the exploit analyzed by the researchers appears to come from Barclay’s bank in New York City.

Multiple vulnerabilities in Adobe Flash Player
CVE-2011-2444

Cross-site scripting

The vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-input passed via a crafted URL. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user’s browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Note: the vulnerability was being actively exploited in click-jacking campaigns.

i

Reported by Huzaifa S. Sidhpurwala.
That vulnerability shares some traits with an earlier Flash flaw that was used to target Gmail accounts in June.

Software: Adobe Flash Player

Reported by Huzaifa S. Sidhpurwala.
That vulnerability shares some traits with an earlier Flash flaw that was used to target Gmail accounts in June.

Remote code execution in Adobe Flash Player
CVE-2011-2110

Memory corruption

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to an array indexing error in the ActionScript3 AVM2 verification logic. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.

Note: the vulnerability was being actively exploited.
i

This is the same vulnerability that was used for attacks against Korean based organizations.
The vulnerability wasd exploited to compromise legitimate websites (including an Indian government site, a US airport site, and an aerospace site).

Software: Adobe Flash Player

This is the same vulnerability that was used for attacks against Korean based organizations.
The vulnerability wasd exploited to compromise legitimate websites (including an Indian government site, a US airport site, and an aerospace site).

Cross-site scripting in Adobe Flash Player
CVE-2011-2107

Cross-site scripting

The vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-input. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user’s browser in context of website hosting an .swf file.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Note: the vulnerability was being actively exploited.
i

The pay for an exploit might be around $5k-$10k at the moment.

Software: Adobe Flash Player

The pay for an exploit might be around $5k-$10k at the moment.

Multiple vulnerabilities in Adobe Flash Player
CVE-2011-0627

Memory corruption

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error in the Flash Player authplay.dll component. A remote attacker can create a specially crafted Flash (.swf) file embedded in a Microsoft Word (.doc) or Microsoft Excel (.xls) file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.

Note: this vulnerability is being actively exploited.
i

There are reports of malware attempting to exploit this vulnerability via a Flash (.swf) file embedded in a Microsoft Word (.doc) or Microsoft Excel (.xls) file delivered as an email attachment targeting the Windows platform.

Software: Adobe Flash Player

There are reports of malware attempting to exploit this vulnerability via a Flash (.swf) file embedded in a Microsoft Word (.doc) or Microsoft Excel (.xls) file delivered as an email attachment targeting the Windows platform.

Multiple vulnerabilities in Adobe Flash Player
CVE-2011-0618

Integer Overflow

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to integer overflow. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.

Note: the vulnerability was being actively exploited.
i

According to Symantec the first exploitation of the vulnerability was discovered on 2010-01-03.

Software: Adobe Flash Player

Known/fameous malware:

Bloodhound.Exploit.412

According to Symantec the first exploitation of the vulnerability was discovered on 2010-01-03.

Remote code execution in Adobe Flash Player
CVE-2011-0611

Memory corruption

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error in authplay.dll component. A remote attacker can create a specially Flash (.swf) file embedded in a Microsoft Word (.doc) file, trick the victim into opening it, trigger memory corruption, and execute arbitrary code on the system with privileges of the current user.

Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.

Note: the vulnerability was being actively exploited.
i

The vulnerability has being used during 1 month before disclosure. The campaign started with spam emails enticing users to open its attachment, typically a Microsoft Word document (or a zip file of a Microsoft Word document), which contained inside the malicious Flash exploit.

Software: Adobe Flash Player

Known/fameous malware:

Microsoft - Exploit:SWF/CVE-2011-0611.C, NOD32 - JS/Exploit.Pdfka.OXL.Gen, Symantec - Trojan.Pidief, Ikarus - Exploit.JS.ShellCode.

The vulnerability has being used during 1 month before disclosure. The campaign started with spam emails enticing users to open its attachment, typically a Microsoft Word document (or a zip file of a Microsoft Word document), which contained inside the malicious Flash exploit.

Remote code execution Adobe Flash Player
CVE-2011-0609

Memory corruption

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error in authplay.dll component. A remote attacker can create a specially Flash (.swf) file embedded in a Microsoft Excel (.xls) file, trick the victim into opening it, trigger memory corruption, and execute arbitrary code on the system with privileges of the current user.

Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.

Note: the vulnerability was being actively exploited.
i

The vulnerability was used o target RSA. Two phishing emails with Microsoft Excel document with exploit were sent to two different groups of employees. The document with exploit code was named "2011 Recruitment plan.xls".

Software: Adobe Flash Player

Known/fameous malware:

Exploit:SWF/CVE-2011-0609
Kaspersky Lab products detected the variants as “Trojan-ropper.MSExcel.SWFDrop”.

The vulnerability was used o target RSA. Two phishing emails with Microsoft Excel document with exploit were sent to two different groups of employees. The document with exploit code was named "2011 Recruitment plan.xls".