Zero-day Vulnerability Database

Change view

Zero-day vulnerabilities discovered: 3

Remote code execution in Adobe Flash Player
CVE-2012-1535

Memory corruption

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error when parsing malicious files. A remote attacker can create a specially crafted Flash (.swf) file embedded in a Microsoft Word (.doc) file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.

Note: the vulnerability was being actively exploited.
i

The vulnerability was reported by Alexander Gavrun. The exploit was used by Aurora Group.

Software: Adobe Flash Player

Known/fameous malware:

Exploit:SWF/CVE-2012-1535.A.

The vulnerability was reported by Alexander Gavrun. The exploit was used by Aurora Group.

Remote code execution in Adobe Flash Player
CVE-2012-0779

Type Confusion

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to object type confusion error when processing .swf files. A remote attacker can create a specially crafted .swf file, trick the victim into opening it and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.

Note: the vulnerability was being actively exploited.
i

This vulnerability has been exploited in the wild as part of the "World Uyghur Congress Invitation.doc" e-mail attack.

Software: Adobe Flash Player

Known/fameous malware:

TROJ_SCRIPBRID.A; backdoor BKDR_INJECT.EVL.

This vulnerability has been exploited in the wild as part of the "World Uyghur Congress Invitation.doc" e-mail attack.

Multiple vulnerabilities in Adobe Flash Player
CVE-2012-0767

Cross-site scripting

The vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-input.A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in userтАЩs browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Note: the vulnerability was being actively exploited.
i

The vulnerability was used to target Webmail accounts.

Software: Adobe Flash Player

The vulnerability was used to target Webmail accounts.