Zero-day vulnerabilities discovered: 12
Type confusion
The vulnerability allows a remote attacker to execute arbitrary code on the target system.The vulnerability was reported by Adobe as being exploited in the wild. The attackers used Microsoft Word documents with embedded malicious Flash (.swf) content.
Software: Adobe Flash Player
Known/fameous malware:
Troj/SWFExp-CH (Sophos)
Trojan horse Exploit_c.YZX (AVG)
Exploit.Win32.CVE-2013 (Ikarus)
HEUR:Exploit.SWF.CVE-2013-5331.a (Kaspersky)
Exploit:Win32/CVE-2013-5331 (Microsoft)
SWF/Exploit.CVE-2013-5331.A trojan (Eset)
Trojan.Mdropper (Symantec)
Links:
https://helpx.adobe.com/security/products/flash-player/apsb13-28.html
https://www.symantec.com/security_response/attacksignatures/detail.jsp?asid=27558
http://eromang.zataz.com/2015/12/24/cve-2013-5331-adobe-flash-player-type-confusion-remote-code-exec...
http://blog.malwaretracker.com/2014/01/cve-2013-5331-evaded-av-by-using.html
http://eromang.zataz.com/2015/12/24/cve-2013-5331-adobe-flash-player-type-confusion-remote-code-exec...
http://freerepairwindowserrors.com/spytips/Guide-to-Remove-SWFExploit.CVE-2013-5331.A_16_203811.html
Directory traversal
The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.Software: ColdFusion
Links:
http://www.adobe.com/support/security/advisories/apsa13-03.html
http://www.computerworld.com/article/2497237/security0/adobe-warns-of-unpatched-critical-flaw-in-col...
http://mac-security.blogspot.com/2013/05/new-critical-adobe-security-updates.html
http://www.infosecurity-magazine.com/news/anonymous-said-to-be-exploiting-coldfusion-in/
https://www.corero.com/resources/files/security_advisories/advisory_CNS_IPS_Microsoft_Adobe_ColdFusi...
http://www.securityweek.com/server-washington-state-courts-office-hacked-sensitive-data-exposed
https://www.sophos.com/en-us/threat-center/threat-analyses/vulnerabilities/VET-000492.aspx
Arbitrary code execution
The vulnerability allows a remote attacker to execute arbitrary code on the target system.Software: Adobe Flash Player
Links:
https://www.adobe.com/support/security/bulletins/apsb13-08.html
https://www.intego.com/mac-security-blog/adobe-squashes-two-exploits-in-the-wild-designed-to-target-...
http://www.computerworlduk.com/it-vendors/new-emergency-flash-update-as-hackers-hit-firefox-3428746/
https://blog.basefarm.com/blog/security-updates-available-for-adobe-flash-player-apsb13-08/
http://doa.alaska.gov/ets/security/S_Advisory/sa2013-023.pdf
http://www.macworld.co.uk/news/apple/adobe-springs-emergency-flash-update-says-hackers-hitting-firef...
https://www.auscert.org.au/render.html?it=17093
http://www.totalsofttech.com.ph/adobe-springs-emergency-flash-update-says-hackers-hitting-firefox/
http://krebsonsecurity.com/tag/cve-2013-0648/
http://www.theregister.co.uk/2013/02/27/adobe_issues_two_critical_flash_vuln_patches/
Arbitrary code execution
The vulnerability allows a remote attacker to execute arbitrary code on the target system.Software: Adobe Flash Player
Links:
http://www.adobe.com/support/security/bulletins/apsb13-08.html
http://doa.alaska.gov/ets/security/S_Advisory/sa2013-023.pdf
https://krebsonsecurity.com/2013/02/flash-player-update-fixes-zero-day-flaws/#more-19186
http://www.techworld.com/news/security/adobe-pushes-out-emergency-flash-update-as-hackers-hit-firefo...
https://www.scmagazine.com/adobe-hurries-update-to-fix-flash-zero-day-vulnerabilities/article/542241...
http://www.computerworld.com/article/2495576/malware-vulnerabilities/adobe-springs-emergency-flash-u...
http://www.theregister.co.uk/2013/02/27/adobe_issues_two_critical_flash_vuln_patches/
https://blog.qualys.com/laws-of-vulnerabilities/2013/02
Buffer overflow
The vulnerability allows a remote attacker to execute arbitrary code on the target system.The sandbox vulnerability was dubbed as "666" by FireEye. CVE-2013-0640 and CVE-2013-0641 have been exploited in MiniDuke, Zegost, PlugX Malware Campaign attacks.
Software: Adobe Reader
Links:
https://www.fireeye.com/blog/threat-research/2013/02/its-a-kind-of-magic-1.html
http://www.adobe.com/support/security/advisories/apsa13-02.html
http://www.adobe.com/support/security/bulletins/apsb13-07.html
http://blog.trendmicro.com/trendlabs-security-intelligence/zero-day-vulnerability-hits-adobe-reader/
https://www.symantec.com/security_response/vulnerability.jsp?bid=57947
http://blog.opensecurityresearch.com/2013/10/analysis-of-malware-rop-chain.html
http://hooked-on-mnemonics.blogspot.com/2013/02/detecting-pdf-js-obfuscation-using.html
https://nakedsecurity.sophos.com/2013/02/14/no-patch-yet-for-pdf-exploits/
https://access.redhat.com/security/cve/cve-2013-0641
http://www.securityweek.com/latest-adobe-zero-day-serious-business-attackers-escape-adobe-reader-san...
https://www.slashgear.com/adobe-says-acrobat-and-reader-vulnerabilities-exploited-with-malicious-pdf...
http://www.pcworld.com/article/2028603/adobe-readies-emergency-patches-for-reader-acrobat.html
http://www.eweek.com/security/adobe-issues-reader-acrobat-security-updates-to-stave-off-attacks
https://securingtomorrow.mcafee.com/mcafee-labs/emerging-stack-pivoting-exploits-bypass-common-secur...
https://www.fireeye.jp/content/dam/fireeye-www/global/en/current-threats/pdfs/wp-zero-day-attacks-in...
Memory corruption
The vulnerability allows a remote attacker to execute arbitrary code on the target system.The sandbox vulnerability was dubbed as "666" by FireEye. CVE-2013-0640 and CVE-2013-0641 have been exploited in MiniDuke, Zegost, PlugX Malware Campaign attacks.
Software: Adobe Reader
Links:
https://www.fireeye.com/blog/threat-research/2013/02/its-a-kind-of-magic-1.html
http://www.adobe.com/support/security/advisories/apsa13-02.html
http://www.adobe.com/support/security/bulletins/apsb13-07.html
http://www.kb.cert.org/vuls/id/422807
https://labs.portcullis.co.uk/blog/cve-2013-0640-adobe-reader-xfa-oneofchild-un-initialized-memory-v...
http://www.enigmasoftware.com/pdf-cve20130640-vulnerability-exploited-miniduke-zegost-plugx/
http://blog.trendmicro.com/trendlabs-security-intelligence/zero-day-vulnerability-hits-adobe-reader/
http://blog.opensecurityresearch.com/2013/10/analysis-of-malware-rop-chain.html
https://securelist.com/blog/incidents/31112/the-miniduke-mystery-pdf-0-day-government-spy-assembler-...
http://vinsula.com/2013/04/17/cve-2013-0640-adobe-pdf-zero-day-malware/
Memory corruption
The vulnerability allows a remote attacker to execute arbitrary code on the target system.The vulnerability was discovered by Shadowserver Foundation.
The exploit was used in a cyber espionage campaign dubbed тАЬLadyBoyle".
Software: Adobe Flash Player
Links:
http://www.adobe.com/support/security/bulletins/apsb13-04.html
https://www.invincea.com/2013/02/exploit-down-analysis-and-protection-against-adobe-flash-exploit-cv...
http://blog.malwaremustdie.org/2013/02/cve-2013-0634-this-ladyboyle-is-not.html
https://www.symantec.com/security_response/attacksignatures/detail.jsp?asid=26455
http://www.enigmasoftware.com/exploitswfcve20130634a-removal/
https://www.fireeye.com/blog/threat-research/2013/02/lady-boyle-comes-to-town-with-a-new-exploit.htm...
https://vulners.com/metasploit/MSF:EXPLOIT/WINDOWS/BROWSER/ADOBE_FLASH_REGEX_VALUE
https://www.intego.com/mac-security-blog/adobe-resolves-flash-player-flaws-being-exploited-in-the-wi...
http://www.spywareremove.com/removeexploitswfcve20130634a.html
https://eromang.zataz.com/2013/02/26/gong-da-gondad-exploit-pack-add-flash-cve-2013-0634-support/
https://krebsonsecurity.com/tag/cve-2013-0634/
http://www.infoworld.com/article/2613576/security/adobe-blames-na-ve-office-users-for-latest-flash-p...
https://nakedsecurity.sophos.com/2013/02/08/adobe-patches-flash-heads-off-attacks-on-windows-and-app...
https://www.intego.com/mac-security-blog/two-adobe-vulnerabilities-attacked-in-the-wild-now-patched/
https://www.invincea.com/2013/02/exploit-down-analysis-and-protection-against-adobe-flash-exploit-cv...
http://www.securityweek.com/adobe-patches-flash-player-against-active-attacks
https://www.fireeye.jp/content/dam/fireeye-www/global/en/current-threats/pdfs/wp-zero-day-attacks-in...
Buffer overflow
The vulnerability allows a remote attacker to execute arbitrary code on the target system.The vulnerability was reported to Adobe by Sergey Golovanov and Alexander Polyakov of Kaspersky.
The vulnerability was being used in a series of targeted attacks mostly against human rights activists and political dissidents from Africa and the Middle East.
Software: Adobe Flash Player
Known/fameous malware:
Exploit: SWF/CVE-2013-0633.
Links:
http://www.adobe.com/support/security/bulletins/apsb13-04.html
https://www.symantec.com/security_response/attacksignatures/detail.jsp?asid=26453
https://www.symantec.com/security_response/vulnerability.jsp?bid=57788
http://krebsonsecurity.com/tag/cve-2013-0633/
https://www.fireeye.com/blog/threat-research/2013/02/lady-boyle-comes-to-town-with-a-new-exploit.htm...
https://eromang.zataz.com/2013/02/26/gong-da-gondad-exploit-pack-add-flash-cve-2013-0634-support/
http://www.kaspersky.com/au/about/news/virus/2013/Kaspersky_Lab_Experts_Credited_for_Identifying_and...
https://securelist.com/blog/research/64215/adobe-flash-player-0-day-and-hackingteams-remote-control-...
http://www.pcworld.com/article/2027916/researchers-surveillance-malware-distributed-via-flash-player-exploit.html
http://www.infoworld.com/article/2613576/security/adobe-blames-na-ve-office-users-for-latest-flash-p...
https://securityledger.com/2013/02/adobe-pushes-fix-for-flash-player-cites-attacks-on-windows-mac-an...
https://www.intego.com/mac-security-blog/two-adobe-vulnerabilities-attacked-in-the-wild-now-patched/
http://www.pcadvisor.co.uk/feature/security/adobe-releases-emergency-flash-fixes-for-two-zero-day-bu...
Authentication bypass
The vulnerability allows a remote attacker to bypass authentication and execute arbitrary code on the target system.
The vulnerability exists due to improper authentication, when password is not configured. A remote unauthenticated attacker can bypass authentication process and execute arbitrary code on the target system.
Note: the vulnerability was being actively exploited.
Software: ColdFusion
Links:
http://www.adobe.com/support/security/bulletins/apsb13-03.html
http://www.adobe.com/support/security/advisories/apsa13-01.html
http://eyeonforensics.blogspot.com/2013/03/a-cold-day-in-e-commerce-guest-post.html
http://doa.alaska.gov/ets/security/S_Advisory/SA2013-093.pdf
http://blogs.coldfusion.com/assets/content/security/Security%20Best%20Practices%20for%20ColdFusion.p...
http://www.securityweek.com/adobe-warns-attacks-exploiting-coldfusion-vulnerabilities-fix-coming
http://www.livehacking.com/category/vulnerability/adobe/
http://www.pcworld.com/article/2025406/adobe-patches-actively-exploited-coldfusion-vulnerabilities.h...
http://www.itworld.com/article/2714589/security/adobe-warns-of-actively-exploited-coldfusion-flaws.h...
http://www.computerworld.com/article/2494475/malware-vulnerabilities/adobe-warns-of-actively-exploit...
http://www.mis-asia.com/tech/security/adobe-warns-of-actively-exploited-coldfusion-flaws/
Authentication bypass
The vulnerability allows a remote attacker to bypass authentication.
The vulnerability exists due to an error in authentication process, when a password is not configured. A remote unauthenticated attacker can gain unauthorized access to restricted directories.
Successful exploitation of this vulnerability results in unauthorized gaining access to the directories.
Note: the vulnerability was being actively exploited.Software: ColdFusion
Links:
http://www.adobe.com/support/security/bulletins/apsb13-03.html
http://www.adobe.com/support/security/advisories/apsa13-01.html
https://www.acunetix.com/vulnerabilities/web/adobe-coldfusion-9-administrative-login-bypass
http://eyeonforensics.blogspot.com/2013/03/a-cold-day-in-e-commerce-guest-post.html
http://doa.alaska.gov/ets/security/S_Advisory/SA2013-093.pdf
http://blogs.coldfusion.com/assets/content/security/Security%20Best%20Practices%20for%20ColdFusion.pdf
http://www.securityweek.com/adobe-warns-attacks-exploiting-coldfusion-vulnerabilities-fix-coming
http://www.livehacking.com/category/vulnerability/adobe/
http://www.pcworld.com/article/2025406/adobe-patches-actively-exploited-coldfusion-vulnerabilities.html
http://www.itworld.com/article/2714589/security/adobe-warns-of-actively-exploited-coldfusion-flaws.html
http://www.computerworld.com/article/2494475/malware-vulnerabilities/adobe-warns-of-actively-exploited-coldfusion-flaws.html
http://www.mis-asia.com/tech/security/adobe-warns-of-actively-exploited-coldfusion-flaws/
https://www.trustwave.com/Resources/SpiderLabs-Blog/The-Curious-Case-of-the-Malicious-IIS-Module--Pr...
http://blogs.elis.org/isa/attackers-exploited-coldfusion-vulnerability-to-install-microsoft-iis-malw...
Information disclosure
The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.Software: ColdFusion
Links:
http://www.adobe.com/support/security/bulletins/apsb13-03.html
http://www.adobe.com/support/security/advisories/apsa13-01.html
https://www.acunetix.com/vulnerabilities/web/adobe-coldfusion-9-administrative-login-bypass
http://eyeonforensics.blogspot.com/2013/03/a-cold-day-in-e-commerce-guest-post.html
http://doa.alaska.gov/ets/security/S_Advisory/SA2013-093.pdf
http://www.securityweek.com/adobe-warns-attacks-exploiting-coldfusion-vulnerabilities-fix-coming
http://www.livehacking.com/category/vulnerability/adobe/
http://www.pcworld.com/article/2025406/adobe-patches-actively-exploited-coldfusion-vulnerabilities.h...
http://www.itworld.com/article/2714589/security/adobe-warns-of-actively-exploited-coldfusion-flaws.h...
http://www.computerworld.com/article/2494475/malware-vulnerabilities/adobe-warns-of-actively-exploit...
http://www.mis-asia.com/tech/security/adobe-warns-of-actively-exploited-coldfusion-flaws/
http://energy.gov/cio/articles/v-063-adobe-coldfusion-bugs-let-remote-users-gain-access-and-obtain-i...
Authentication bypass
The vulnerability allows a remote attacker to bypass authentication and gain unauthorized access to vulnerable system.
The vulnerability exists due to an error within administrator.cfc. A remote unauthenticated attacker can access Adobe ColdFusion application using a default empty password, login to the RDS component and leverage this session to access administrative web interface.
Successful exploitation of this vulnerability results in unauthorized access to Adobe ColdFusion.
Note: the vulnerability was being actively exploited.The vulnerability was used to compromise website of the Washington state Administrative Office of the Courts (AOC).
Software: ColdFusion
Links:
http://www.adobe.com/support/security/advisories/apsa13-01.html
http://www.adobe.com/support/security/bulletins/apsb13-03.html
https://www.symantec.com/security_response/attacksignatures/detail.jsp?asid=27201
https://www.acunetix.com/vulnerabilities/web/adobe-coldfusion-9-administrative-login-bypass
https://vulners.com/metasploit/MSF:EXPLOIT/MULTI/HTTP/COLDFUSION_RDS
http://www.livehacking.com/category/vulnerability/adobe/
http://www.pcworld.com/article/2025406/adobe-patches-actively-exploited-coldfusion-vulnerabilities.h...
http://www.carehart.org/blog/client/index.cfm/2013/1/2/Part2_serious_security_threat
https://www.scmagazine.com/weakness-in-adobe-coldfusion-allowed-court-hackers-access-to-160k-ssns/ar...
http://www.itnews.com.au/news/a-million-drivers-licenses-possibly-stolen-via-coldfusion-hole-342953
http://krebsonsecurity.com/tag/amcrin/