Zero-day Vulnerability Database

Change view

Zero-day vulnerabilities discovered: 6

Multiple vulnerabilities in Adobe Flash Player
CVE-2014-9163

Stack-based buffer overflow

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to stack-based buffer overflow when processing .swf files. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.

Note: the vulnerability was being actively exploited.
i

The vulnerability was discovered by the researcher ‘bilou’, who reported the bug through HP’s Zero Day Initiative (ZDI).

Has been used in a watering hole attack against US Defense and Financial Services firms, where it was hosted on the compromised Forbes.com website.

Software: Adobe Flash Player

Known/fameous malware:

Trojan.Win32.Bergard.A.

The vulnerability was discovered by the researcher ‘bilou’, who reported the bug through HP’s Zero Day Initiative (ZDI).

Has been used in a watering hole attack against US Defense and Financial Services firms, where it was hosted on the compromised Forbes.com website.

Multiple vulnerabilities in Adobe Flash Player
CVE-2014-8439

Use-after-free error

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to use-after-free error when processing .swf files. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.

Note: the vulnerability was being actively exploited.
i

An Adobe Flash vulnerability was discovered in October and promptly patched. The exploits in the Nuclear and Angler kits were detected by the French researcher Kafeine shortly after the company released an update on Oct.14. Despite a patch on 14, October 2014, the vulnerability was not completely mitigated. The vulnerability was patched again in November, 25.


Software: Adobe Flash Player

Known/fameous malware:

Troj/SWFExp-CD.
Exploit kits: Angler, Nuclear, and Astrum.

An Adobe Flash vulnerability was discovered in October and promptly patched. The exploits in the Nuclear and Angler kits were detected by the French researcher Kafeine shortly after the company released an update on Oct.14. Despite a patch on 14, October 2014, the vulnerability was not completely mitigated. The vulnerability was patched again in November, 25.


Remote code execution in Adobe Acrobat and Adobe Reader
CVE-2014-0546

Security bypass

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to improper input validation when processing .pdf files. A remote attacker can create a specially crafted file, trick the victim into opening it, bypass sandbox restrictions and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.

Note: the vulnerability was being actively exploited.
i

The vulnerability was discovered by Costin Raiu and Vitaly Kamluk of Kaspersky Labs.

Exploited by Animal Farm group.

Software: Adobe Reader

The vulnerability was discovered by Costin Raiu and Vitaly Kamluk of Kaspersky Labs.

Exploited by Animal Farm group.

Remote code execution in Adobe Flash Player
CVE-2014-0515

Buffer overflow

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to buffer overflow, caused by improper bounds checking by the pixel bender component. A remote attacker can create a specially crafted SWF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.

Note: the vulnerability was being actively exploited.
i

A sample of the first exploit was detected on April 14, while a sample of the second came on April 16. The first exploit was initially recorded by KSN on April 9, when it was detected by a generic heuristic signature.

The disclosed vulnerability was actively exploited and relates to attack via the website of Syrian Ministry of Justice in September, 2013.

Software: Adobe Flash Player

Known/fameous malware:

Exploit:SWF/CVE-2014-0515

A sample of the first exploit was detected on April 14, while a sample of the second came on April 16. The first exploit was initially recorded by KSN on April 9, when it was detected by a generic heuristic signature.

The disclosed vulnerability was actively exploited and relates to attack via the website of Syrian Ministry of Justice in September, 2013.

Multiple vulnerabilities in Adobe Flash Player
CVE-2014-0502

Double free

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to double free error when processing .swf files. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.

Note: the vulnerability was being actively exploited.
i

Wen Guanxing of Venustech, The Google Security Team and FireEye were working at the vulnerability.
FireEye dubbed the attack exploiting the vulnerability "Operation GreedyWonk".
The vulnerability was exploited to compromise sites of:

  • Peterson Institute for International
  • Economics American Research Center in Egypt
  • Smith Richardson Foundation
TrendMicro uses CVE-2014-0498 in some reports to cover exploit used in Operation GreedyWonk. But we believe this is the same vulnerability and we will refer to it as CVE-2014-0502.

Software: Adobe Flash Player

Known/fameous malware:

Elderwood exploit kit.

Wen Guanxing of Venustech, The Google Security Team and FireEye were working at the vulnerability.
FireEye dubbed the attack exploiting the vulnerability "Operation GreedyWonk".
The vulnerability was exploited to compromise sites of:
  • Peterson Institute for International
  • Economics American Research Center in Egypt
  • Smith Richardson Foundation
TrendMicro uses CVE-2014-0498 in some reports to cover exploit used in Operation GreedyWonk. But we believe this is the same vulnerability and we will refer to it as CVE-2014-0502.

Remote code execution in Adobe Flash Player
CVE-2014-0497

Integer underflow

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to integer underflow when processing .swf files. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.

Note: the vulnerability was being actively exploited.
i

Exploited by DarkHotel APT.

The vulnerability survived for 84 days after update in November 2013.

Software: Adobe Flash Player

Exploited by DarkHotel APT.

The vulnerability survived for 84 days after update in November 2013.