Zero-day vulnerabilities discovered: 9
Memory corruption
The vulnerability allows a remote attacker to execute arbitrary code on the target system.Software: Adobe Reader
Known/fameous malware:
EvilBunny
Links:
http://www.adobe.com/support/security/bulletins/apsb11-30.html
http://www.adobe.com/support/security/bulletins/apsb12-01.html
http://blog.9bplus.com/analyzing-cve-2011-4369-part-one/
https://www.redhat.com/archives/rhsa-announce/2012-January/msg00003.html
http://www.computerworld.com/article/2499997/security0/symantec-confirms-reader-exploits-targeted-de...
http://www.pcworld.com/article/246390/adobe_patches_two_actively_exploited_vulnerabilities_in_reader...
http://technology.ky.gov/COT%20Alerts/Adobe%20Remote%20Code%20Execution%20Vulnerabilities.pdf
http://www.theregister.co.uk/2011/12/17/adobe_reader_critical_update/
http://www.infosecurity-magazine.com/news/adobe-patches-critical-security-holes-in-reader/
http://www.hawaii.edu/technews/notice.php?id=187891
https://msisac.cisecurity.org/advisories/2011/2011-072b.cfm
Memory corruption
The vulnerability allows a remote attacker to execute arbitrary code on the target system.This 0-day vulnerability was discovered by Lockheed Martin’s Computer Incident Response Team and was found that it is part of a targeted attack. The sample of the exploit analyzed by the researchers appears to come from Barclay’s bank in New York City.
Software: Adobe Reader
Known/fameous malware:
Trojan Sykipot.
Links:
http://www.adobe.com/support/security/advisories/apsa11-04.html
https://www.adobe.com/support/security/bulletins/apsb11-30.html
http://contagiodump.blogspot.com/2011/12/adobe-zero-day-cve-2011-2462.html
https://securingtomorrow.mcafee.com/mcafee-labs/inside-adobe-reader-zero-day-exploit-cve-2011-2462/
https://eternal-todo.com/blog/cve-2011-2462-exploit-analysis-peepdf
http://www.trendmicro.com/vinfo/us/threat-encyclopedia/vulnerability/2366/vulnerability-in-u3d-compo...
http://blog.9bplus.com/analyzing-cve-2011-2462/
https://blogs.forcepoint.com/security-labs/adobe-reader-and-acrobat-vulnerability-cve-2011-2462
https://www.totaldefense.com/security-blog/new-zero-day-attack-in-adobe-products-cve-2011-2462
http://www.threatgeek.com/2011/12/adobe-reader-0-day-notes-cve-2011-2462.html
https://vulners.com/metasploit/MSF:EXPLOIT/WINDOWS/FILEFORMAT/ADOBE_READER_U3D
https://www.fireeye.com/blog/threat-research/2013/02/threat-actors-mandiant-apt1-report-spear-phishi...
https://nakedsecurity.sophos.com/2011/12/10/targeted-emails-exploit-new-acrobat-reader-vulnerability...
https://www.totaldefense.com/security-blog/new-zero-day-attack-in-adobe-products-cve-2011-2462
https://www.mysonicwall.com/sonicalert/searchresults.aspx?ev=article&id=398
http://securityresponse.symantec.com/threatreport/topic.jsp?id=vulnerability_trends&aid=notable_zero...
http://www.securityweek.com/adobe-warns-critical-zero-day-vulnerability-reader-and-acrobat-products
Cross-site scripting
The vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-input passed via a crafted URL. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user’s browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
Note: the vulnerability was being actively exploited in click-jacking campaigns.
Reported by Huzaifa S. Sidhpurwala.
That vulnerability shares some traits with an earlier Flash flaw that was used to target Gmail accounts in June.
Software: Adobe Flash Player
Links:
https://googlechromereleases.blogspot.com/2011/09/stable-channel-update_20.html
http://www.adobe.com/support/security/bulletins/apsb11-26.html
http://www.techcentral.ie/adobe-patches-critical-flash-bug/
http://energy.gov/cio/articles/t-723adobe-flash-player-multiple-bugs-let-remote-users-obtain-informa...
http://www.macworld.co.uk/news/mac-software/adobe-patches-flash-bug-hackers-are-already-exploiting-3...
http://www.infosecisland.com/blogview/16669-Adobe-Issues-Patch-for-Flash-Zero-Day-Vulnerability.html
http://www.simmtester.com/page/news/shownews.asp?num=14190
http://blogs.utpa.edu/infosecurity/2011/09/23/cross-site-scripting-xss-vulnerability-in-adobe-flash-...
http://blog.trendmicro.com/trendlabs-security-intelligence/adobe-releases-out-of-band-patch/
https://www.intego.com/mac-security-blog/zero-day-flash-vulnerability-prompts-rushed-update/
http://www.its.ms.gov/Services/SecurityAlerts/2011_9_21-Multiple-Vulnerabilities-in-Adobe-Flash-Play...
Memory corruption
The vulnerability allows a remote attacker to execute arbitrary code on the target system.This is the same vulnerability that was used for attacks against Korean based organizations.
The vulnerability wasd exploited to compromise legitimate websites
(including an Indian government site, a US airport site, and an
aerospace site).
Software: Adobe Flash Player
Links:
http://www.adobe.com/support/security/bulletins/apsb11-18.html
https://www.symantec.com/security_response/attacksignatures/detail.jsp?asid=24336
https://www.zscaler.com/blogs/research/patching-flash-cve-2011-2110-post-mortem
http://zscaler-research.blogspot.com/2011/06/oh-flash-cve-2011-2110-0-day.html
https://www.rapid7.com/db/modules/exploit/windows/browser/adobe_flashplayer_arrayindexing
http://www.shadowserver.org/wiki/pmwiki.php/Calendar/20110617
https://blogs.technet.microsoft.com/mmpc/2011/07/01/a-technical-analysis-on-the-exploit-for-cve-2011...
http://www.infoworld.com/article/2621840/patch-management/adobe-patches-second-flash-zero-day-in-9-d...
Cross-site scripting
The vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-input. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user’s browser in context of website hosting an .swf file.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
Note: the vulnerability was being actively exploited.The pay for an exploit might be around $5k-$10k at the moment.
Software: Adobe Flash Player
Links:
http://www.adobe.com/support/security/bulletins/apsb11-13.html
https://googlechromereleases.blogspot.com/2011/06/stable-channel-update.html
http://support.blackberry.com/kb/articleDetail?ArticleNumber=000027240
https://devcentral.f5.com/articles/flash-player-universal-xss-vulnerability-cve-2011-2107
https://www.symantec.com/security_response/attacksignatures/detail.jsp?asid=24302
http://support.blackberry.com/kb/articleDetail?ArticleNumber=000027240
http://www.macworld.co.uk/news/mac-software/adobe-flash-patched-after-zero-day-attacks-3284214/
https://devcentral.f5.com/Portals/0/Cache/Pdfs/2807/flash-player-universal-xss-vulnerability--cve-20...
http://news.softpedia.com/news/Adobe-Fixes-Actively-Exploited-Flash-Player-XSS-Flaw-204376.shtml
http://www.infoworld.com/article/2621874/hacking/hackers-exploit-flash-bug-in-new-attacks-against-gm...
http://www.eweek.com/c/a/Security/Adobe-Patches-XSS-ZeroDay-Flaw-in-Flash-Used-in-Google-Gmail-Attac...
https://www.cnet.com/au/news/adobe-issues-fix-for-flash-hole-being-used-in-attacks/
http://www.computerdealernews.com/news/adobe-flash-patched-after-zero-day-attacks/7323
Memory corruption
The vulnerability allows a remote attacker to execute arbitrary code on the target system.There are reports of malware attempting to exploit this vulnerability via a Flash (.swf) file embedded in a Microsoft Word (.doc) or Microsoft Excel (.xls) file delivered as an email attachment targeting the Windows platform.
Software: Adobe Flash Player
Integer Overflow
The vulnerability allows a remote attacker to execute arbitrary code on the target system.According to Symantec the first exploitation of the vulnerability was discovered on 2010-01-03.
Software: Adobe Flash Player
Known/fameous malware:
Bloodhound.Exploit.412
Links:
https://www.symantec.com/security_response/vulnerability.jsp?bid=47815
https://ae.norton.com/security_response/print_writeup.jsp?docid=2011-062402-3901-99
http://www.adobe.com/support/security/bulletins/apsb11-12.html
https://novasecure.neonova.net/threats/details.cgi?id=513314
http://freecode.com/articles/red-hat-an-updated-adobe-flash-player-package-fixes-multiple-security-i...
http://support.blackberry.com/kb/articleDetail?ArticleNumber=000027365
https://users.ece.cmu.edu/~tdumitra/public_documents/bilge12_zero_day.pdf
Memory corruption
The vulnerability allows a remote attacker to execute arbitrary code on the target system.The vulnerability has being used during 1 month before disclosure. The campaign started with spam emails enticing users to open its attachment, typically a Microsoft Word document (or a zip file of a Microsoft Word document), which contained inside the malicious Flash exploit.
Software: Adobe Flash Player
Known/fameous malware:
Microsoft - Exploit:SWF/CVE-2011-0611.C, NOD32 - JS/Exploit.Pdfka.OXL.Gen, Symantec - Trojan.Pidief, Ikarus - Exploit.JS.ShellCode.
Links:
https://www.fireeye.com/blog/threat-research/2013/02/operation-beebus.html
https://secunia.com/?action=fetch&filename=Secunia_Whitepaper_CVE-2011-0611.pdf
https://support.symantec.com/en_US/article.TECH157906.html
http://www.adobe.com/support/security/advisories/apsa11-02.html
http://www.adobe.com/support/security/bulletins/apsb11-07.html
http://www.adobe.com/support/security/bulletins/apsb11-08.html
https://blogs.technet.microsoft.com/mmpc/2011/04/12/analysis-of-the-cve-2011-0611-adobe-flash-player...
http://contagiodump.blogspot.com/2011/04/apr-8-cve-2011-0611-flash-player-zero.html
https://blog.qualys.com/securitylabs/2011/04/15/placeholder
http://www.kahusecurity.com/2011/flash-0day-found-in-drive-by/
http://www.securitytube.net/video/1747
http://poc-hack.blogspot.com/2011/04/adobe-flash-player-cve-2011-0611-swf.html
http://securityaffairs.co/wordpress/27224/cyber-crime/kaspersky-report-energetic-bear.html
Memory corruption
The vulnerability allows a remote attacker to execute arbitrary code on the target system.The vulnerability was used o target RSA. Two phishing emails with Microsoft Excel document with exploit were sent to two different groups of employees. The document with exploit code was named "2011 Recruitment plan.xls".
Software: Adobe Flash Player
Known/fameous malware:
Exploit:SWF/CVE-2011-0609
Kaspersky Lab products detected the variants as “Trojan-ropper.MSExcel.SWFDrop”.
Links:
http://www.adobe.com/support/security/advisories/apsa11-01.html
http://www.adobe.com/support/security/bulletins/apsb11-06.html
http://www.kb.cert.org/vuls/id/192052
http://bugix-security.blogspot.com/2011/03/cve-2011-0609-adobe-flash-player.html
http://blogs.adobe.com/security/2011/03/background-on-apsa11-01-patch-schedule.html
https://cxsecurity.com/issue/WLB-2011030180
https://vimeo.com/22160459
http://m.2cto.com/Article/201104/87463.html
https://www.cnet.com/forums/discussions/security-advisory-for-adobe-flash-player-reader-acrobat-5204...
http://remove-malware-removal.com/post/How-to-Remove-SWFExploit.CVE-2011-0609.A-Instantly_14_214388....
https://vulners.com/metasploit/MSF:EXPLOIT/WINDOWS/BROWSER/ADOBE_FLASHPLAYER_AVM
https://blogs.rsa.com/anatomy-of-an-attack/