Zero-day vulnerabilities discovered: 10
Integer overflow
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to integer overflow. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation results in arbitrary code execution on the vulnerable system.
Note: the vulnerability was being actively exploited.
Software: Adobe Flash Player
Known/fameous malware:
Exploit kits: Angler, Neutrino, Nuclear Pack and RIG
Links:
https://helpx.adobe.com/security/products/flash-player/apsb16-01.html
https://blogs.forcepoint.com/security-labs/popular-site-leads-angler-ek-cve-2015-8651-flash-player-e...
https://www.symantec.com/security_response/writeup.jsp?docid=2015-122818-3536-99&tabid=2
https://blogs.forcepoint.com/security-labs/popular-site-leads-angler-ek-cve-2015-8651-flash-player-e...
https://krebsonsecurity.com/tag/cve-2015-8651/
https://blogs.technet.microsoft.com/mmpc/2016/06/20/reverse-engineering-dubniums-flash-targeting-exp...
https://krebsonsecurity.com/tag/cve-2015-8651/
https://www.scmagazine.com/adobe-issues-critical-flash-player-patch/article/533434/
http://vulnerablespace.blogspot.com/2016/06/malware-analysing-and-repurposing-rigs.html
https://blog.qualys.com/laws-of-vulnerabilities/2015/12/28/last-adobe-0-day-patched-for-the-year
https://www.reddit.com/r/ReverseEngineering/comments/43a1i5/an_analysis_on_the_principle_of_cve20158...
http://www.securityweek.com/adobe-issues-emergency-patch-flash-zero-day-under-attack
http://securityaffairs.co/wordpress/43131/cyber-crime/adobe-flash-zero-day.html
http://securityaffairs.co/wordpress/54120/reports/exploit-kits-top-flaws.html
https://blog.malwarebytes.com/threat-analysis/exploits-threat-analysis/2016/07/a-look-into-some-rig-...
http://www.darkreading.com/vulnerabilities---threats/here-are-4-vulnerabilities-ransomware-attacks-a...
https://www.recordedfuture.com/recent-ransomware-vulnerabilities/
http://resources.infosecinstitute.com/most-exploited-vulnerabilities-by-whom-when-and-how/#gref
http://neurogadget.net/2016/12/08/adobe-flash-player-bugs-issues-exploits-computers/48666
http://thehackernews.com/2015/12/adobe-flash-security-update.html
http://www.theregister.co.uk/2015/12/28/adobe_flash_security_update/
https://www.solutionary.com/resource-center/blog/2015/12/adobe-flash-player-vulnerability/
http://wccftech.com/flash-player-receives-emergency-security-patch/
http://news.softpedia.com/news/adobe-fixes-flash-zero-day-bug-discovered-by-huawei-498184.shtml
Type confusion
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to type confusion error. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation results in arbitrary code execution on the vulnerable system.
Note: the vulnerability was being actively exploited.
Was used in Pawn Storm Campaign Targeting Foreign Affairs Ministries. Exploited by the Fancy Bear APT.
The vulnerability was reported by Peter Pi of Trend Micro.
Software: Adobe Flash Player
Known/fameous malware:
Exploit Kits: Angler, Hunter, Magnitude, Neutrino, Nuclear Pack, RIG, Spartan.
Links:
https://helpx.adobe.com/security/products/flash-player/apsa15-05.html
https://helpx.adobe.com/security/products/flash-player/apsb15-27.html
http://blog.trendmicro.com/trendlabs-security-intelligence/new-adobe-flash-zero-day-used-in-pawn-sto...
http://resources.infosecinstitute.com/the-shadow-of-the-russian-cyber-army-behind-the-2016-president...
https://www.symantec.com/security_response/attacksignatures/detail.jsp?asid=28924
https://www.symantec.com/security_response/writeup.jsp?docid=2015-101903-5534-99
https://www.mysonicwall.com/sonicalert/searchresults.aspx?ev=article&id=869
http://www.theregister.co.uk/2016/12/08/need_xmas_ideas_try_cve20157645_a_flash_gift_that_keeps_on_g...
http://www.securityweek.com/adobe-patches-flash-zero-day-exploited-pawn-storm
http://vulnerablespace.blogspot.com/2016/04/malware-analysing-and-repurposing.html
https://blog.malwarebytes.com/threat-analysis/2015/10/new-flash-player-zero-day-in-the-wild/
https://arstechnica.com/security/2015/10/new-zero-day-exploit-hits-fully-patched-adobe-flash/
http://securityaffairs.co/wordpress/41123/cyber-crime/flash-zero-day-exploit.html
http://www.infoworld.com/article/3046531/security/ransomware-targets-flash-and-silverlight-vulnerabi...
https://www.tripwire.com/state-of-security/latest-security-news/flash-player-zero-day-patched-by-ado...
http://www.welivesecurity.com/2015/10/15/adobe-flash-zero-day/
https://threatpost.com/emergency-adobe-flash-zero-day-patch-arrives-ahead-of-schedule/115073/
http://thehackernews.com/2015/10/flash-patch-update.html
https://www.scmagazine.com/adobe-addresses-latest-flash-player-zero-day-vulnerability/article/533522...
тАЬUse-after-freeтАЭ error
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to use-after-free error in the ActionScript 3 BitmapData class. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation results in arbitrary code execution on the vulnerable system.
Note: the vulnerability was being actively exploited.
The exploit code was revealed after Hacking Team data leak.
Software: Adobe Flash Player
Known/fameous malware:
SWF_EKSPLOYT.EDF. (TrendMicro).
Links:
https://helpx.adobe.com/security/products/flash-player/apsa15-04.html
https://www.symantec.com/connect/blogs/third-adobe-flash-zero-day-exploit-cve-2015-5123-leaked-hacki...
http://blog.trendmicro.com/trendlabs-security-intelligence/new-zero-day-vulnerability-cve-2015-5123-...
https://helpx.adobe.com/security/products/flash-player/apsb15-18.html
http://blog.trendmicro.com/trendlabs-security-intelligence/new-zero-day-vulnerability-cve-2015-5123-...
http://securityaffairs.co/wordpress/38574/cyber-crime/hacking-team-cve-2015-5123.html
https://www.tripwire.com/state-of-security/vulnerability-management/another-zero-day-flash-exploit-r...
https://www.scmagazine.com/researchers-report-flash-player-zero-day-bugs-after-hacking-team-leaks/ar...
http://www.securityweek.com/two-new-flash-player-zero-day-bugs-found-hacking-team-leak
https://threatpost.com/flash-player-update-patches-two-hacking-team-zero-days/113776/ https://www.zscaler.com/blogs/research/hacking-team-leak-flash-0day-exploit-payloads-and-more
http://www.zdnet.com/article/adobe-promises-patch-for-latest-wave-of-critical-hacking-team-zero-day-...
http://securityaffairs.co/wordpress/38518/cyber-crime/hacking-team-new-0zero.html
тАЬUse-after-freeтАЭ error
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to use-after-free error in the ActionScript 3 opaqueBackground class. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation results in arbitrary code execution on the vulnerable system.
Note: the vulnerability was being actively exploited.
The exploit code was revealed after Hacking Team data leak. The exploit was used against Japanese organizations.
The vulnerability was reported by Dhanesh Kizhakkinan of FireEye as well as Peter Pi of TrendMicro.
Software: Adobe Flash Player
Known/fameous malware:
Exploit kits: Angler EK - 2015-07-11 Neutrino - 2015-07-13 Nuclear Pack - 2015-07-14 RIG - 2015-07-14 Magnitude - 2015-07-15 NullHole - 2015-07-22 Spartan - 2015-09-11
Links:
https://helpx.adobe.com/security/products/flash-player/apsa15-04.html
https://helpx.adobe.com/security/products/flash-player/apsb15-18.html
https://www.symantec.com/security_response/attacksignatures/detail.jsp?asid=28060
http://blog.trendmicro.com/trendlabs-security-intelligence/another-zero-day-vulnerability-arises-fro...
Use-after-free error
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to use-after-free error when processing .swf files. A remote attacker can create a specially crafted Web-site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.
Note: the vulnerability was being actively exploited.
The exploit code was revealed after Hacking Team data leak. Was also used in phishing campaigns conducted by two Chinese advanced persistent threat (APT) groups: APT3 and APT18.
The vulnerability was reported by Google Project Zero and Morgan Marquis-Boire.
Software: Adobe Flash Player
Links:
https://helpx.adobe.com/security/products/flash-player/apsb15-16.html
https://helpx.adobe.com/security/products/flash-player/apsa15-03.html
http://securityaffairs.co/wordpress/38707/cyber-crime/phishing-cve-2015-5119.html
https://www.zscaler.com/blogs/research/adobe-flash-vulnerability-cve-2015-5119-analysis
https://www.fireeye.com/blog/threat-research/2015/07/demonstrating_hustle.html
http://www.bankinfosecurity.com/zero-day-exploit-alert-flash-java-a-8396
https://www.zscaler.com/blogs/research/adobe-flash-vulnerability-cve-2015-5119-analysis
https://www.trustwave.com/Resources/SpiderLabs-Blog/A-Flash-Exploit-(CVE-2015-5119)-From-the-Hacking...
http://null-byte.wonderhowto.com/how-to/hack-like-pro-use-hacking-teams-adobe-flash-exploit-0163051/
http://blog.trendmicro.com/trendlabs-security-intelligence/hacking-team-flash-zero-day-integrated-in...
https://krebsonsecurity.com/2015/07/adobe-to-patch-hacking-teams-flash-zero-day/#more-31458
https://blog.malwarebytes.com/threat-analysis/2015/07/hacking-team-leak-exposes-new-flash-zero-day/
https://www.scmagazine.com/adobe-fixes-flash-player-zero-day-bug-identified-in-hacking-team-leak/art...
Heap-based buffer overflow
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to heap-based buffer overflow when processing .swf files. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation results in arbitrary code execution on the vulnerable system.
Note: the vulnerability was being actively exploited.
Exploited by a China-based cyberespionage group. Operation Clandestine Wolf тАУ Adobe Flash Zero-Day in APT3 Phishing Campaign.
Software: Adobe Flash Player
Known/fameous malware:
Magnitude exploit kit.
Links:
https://helpx.adobe.com/security/products/flash-player/apsb15-14.html
https://hitmanpro.wordpress.com/2015/07/02/how-apt3-evaded-anti-exploits-with-cve-2015-3113/
https://nakedsecurity.sophos.com/2015/06/29/latest-flash-hole-already-exploited-ransomware/
http://securityaffairs.co/wordpress/38044/cyber-crime/adobe-fixed-cve-2015-3113.html
http://www.securityweek.com/adobe-flash-player-zero-day-exploited-attack-campaign
http://blog.trendmicro.com/trendlabs-security-intelligence/new-adobe-zero-day-shares-same-root-cause...
http://www.computerweekly.com/news/4500248673/Adobe-patches-Flash-Player-vulnerability-CVE-2015-3113
http://researchcenter.paloaltonetworks.com/2015/07/ups-observations-on-cve-2015-3113-prior-zero-days...
https://arstechnica.com/security/2015/06/patch-early-patch-often-adobe-pushes-emergency-fix-for-acti...
http://www.pcworld.com/article/2939552/adobe-patches-zeroday-flash-player-flaw-used-in-targeted-atta...
http://www.techtimes.com/articles/63254/20150624/adobe-releases-patch-to-plug-flash-players-zero-day...
https://www.recordedfuture.com/use-cases/vulnerability-identification/
http://www.theregister.co.uk/2015/06/29/ransomware_exploit_kit_slinger_exploits_flash_remote_code_ex...
http://www.computerworlduk.com/security/cybercriminals-pounce-on-serious-flash-zero-day-flaw-3618019..
Memory corruption
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to boundary error. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation results in arbitrary code execution on the vulnerable system.
Note: the vulnerability was being actively exploited.
Attackers exploited the vulnerabilities together to attack a government entity to and steal politically sensitive data that is a known target of the Russian group (APT campaign).
Software: Adobe Flash Player
Links:
https://helpx.adobe.com/security/products/flash-player/apsb15-06.html http://resources.infosecinstitute.com/the-shadow-of-the-russian-cyber-army-behind-the-2016-president...
https://krebsonsecurity.com/2015/04/critical-updates-for-windows-flash-java/#more-30672
http://www.securityweek.com/russia-linked-hackers-used-two-zero-days-recent-targeted-attack-fireeye
http://www.zdnet.com/article/russian-hackers-exploit-flash-windows-flaws-to-spy-on-diplomat-targets/
https://www.fireeye.com/blog/threat-research/2015/04/probable_apt28_useo.html
http://www.eweek.com/security/russian-based-attackers-use-two-zero-days-in-one-attack.html
http://securityaffairs.co/wordpress/36105/cyber-crime/apt28-russian-hackers.html
https://www.advancedbusinesssolutions.com/blog/curated-content/russian-hackers-use-flash-windows-zer...
https://www.infosecurity-magazine.com/news/apt28-back-russiandoll-attack/
Use-after-free error
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to use-after-free error when processing .swf content. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation results in arbitrary code execution on the vulnerable system.
Note: the vulnerability was being actively exploited.
The vulnerability was used during malwertising campaign against visitors of dailymotion.com.
Software: Adobe Flash Player
Known/fameous malware:
SWF_EXPLOIT.MJST
Hanjuan Exploit Kit
Links:
https://helpx.adobe.com/security/products/flash-player/apsa15-02.html
https://helpx.adobe.com/security/products/flash-player/apsb15-04.html
http://blog.trendmicro.com/trendlabs-security-intelligence/trend-micro-discovers-new-adobe-flash-zer...
http://www.securityweek.com/adobe-prepares-patch-another-critical-flash-player-vulnerability
https://krebsonsecurity.com/2015/02/yet-another-flash-patch-fixes-zero-day-flaw/#more-29724
http://www.greatsoftline.com/another-critical-zero-day-vulnerability-in-adobe-flash-player/
https://nakedsecurity.sophos.com/2015/02/03/news-flash-3rd-time-newunlucky-0-day-hits-adobes-browser...
https://www.recordedfuture.com/top-vulnerabilities-2015/
http://www.networkworld.com/article/3003176/security/8-of-top-10-vulnerabilities-used-by-exploit-kit...
http://www.itnews.com.au/news/hackers-target-third-new-zero-day-for-adobe-flash-399960
http://researchcenter.paloaltonetworks.com/2015/02/palo-alto-networks-traps-protects-enterprises-zer...
http://www.fin24.com/Tech/News/Hackers-target-Adobe-Flash-again-20150205
https://arstechnica.com/security/2015/02/as-flash-0day-exploits-reach-new-level-of-meanness-what-are...
http://www.techtimes.com/articles/30925/20150206/adobe-releases-patch-for-dangerous-flash-player-zer...
http://www.darkreading.com/new-adobe-flash-0-day-used-in-malvertising-campaign/d/d-id/1318900
https://philipcao.com/2015/02/04/palo-alto-networks-traps-protects-enterprises-from-zero-day-cve-201...
https://betanews.com/2015/02/02/surprise-adobe-flash-has-a-security-flaw-on-windows-mac-and-linux/
Use-after-free error
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to use-after-free error when processing .swf files. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation results in arbitrary code execution on the vulnerable system.
Note: the vulnerability was being actively exploited.
The vulnerability was discovered by French security researcher тАЬKafeineтАЭ.
It was actively being exploited in the wild via drive-by-download attacks against systems running Internet Explorer and Firefox on Windows 8.1 and below. It was used by Angler EK and infected at least 1,800 known domains.
Software: Adobe Flash Player
Known/fameous malware:
SWF/Exploit.CVE-2015-0311.N(2)
Trojan.Swifi (Symantec)
Angler EK
Links:
https://helpx.adobe.com/security/products/flash-player/apsb15-03.html
http://blog.trendmicro.com/trendlabs-security-intelligence/os-x-zero-days-on-the-rise-a-2015-midyear...
http://blog.trendmicro.com/trendlabs-security-intelligence/analyzing-cve-2015-0311-flash-zero-day-vu...
http://researchcenter.paloaltonetworks.com/2015/01/unpatched-flash-vulnerability-cve-2015-0311-block...
http://securityaffairs.co/wordpress/32687/security/adobe-fix-cve-2015-0311-0day.html
http://www.kamnet.com/adobe-flash-player-vulnerability-cve-2015-0311/
http://www.criticalwatch.com/faqs/zero-day-vulnerability-in-adobe-flash/
http://www.free-remove-spyware.com/post/Cannot-Remove-SWFExploit.CVE-2015-0311.N2-SWFExploit.CVE-201...
http://www.securityweek.com/adobe-fixes-second-flash-player-zero-day-vulnerability
http://www.pcworld.com/article/2878792/flash-player-plagued-by-third-zeroday-flaw-in-a-month-updates...
Security bypass
The vulnerability allows a remote attacker to circumvent memory address randomization on the target system.
The weakness exists due to memory leak error. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption, bypass memory address randomization on the Windows platform and obtain sensitive information.
Note: the vulnerability was being actively exploited.
The vulnerability was discovered and reported by security researcher Kafeine.
The vulnerability was used in attacks against older versions of Flash Player.
Software: Adobe Flash Player
Known/fameous malware:
Angler EK.
Links:
https://helpx.adobe.com/security/products/flash-player/apsb15-02.html
https://ae.norton.com/security_response/writeup.jsp?docid=2015-021009-2659-99
https://www.beyondtrust.com/blog/adobe-patches-zero-day-flaw-being-exploited-in-the-wild/
https://www.intego.com/mac-security-blog/flash-player-0day-vulnerability-jolts-rushed-update/
http://www.pcworld.com/article/2874172/adobe-fixes-just-one-of-two-actively-exploited-zeroday-vulner...
http://www.eweek.com/security/new-zero-day-exploit-adds-to-adobe-flash-security-woes.html