Zero-day Vulnerability Database

Change view

Zero-day vulnerabilities discovered: 7

Multiple vulnerabilities in Adobe Flash Player
CVE-2016-7892

Use-after-free error

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to use-after-free error when processing .swf files. A remote attacker can create a specially crafted SWF file, trick the victim into opening it, cause memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability results in compromise of vulnerable system.

Note: this vulnerability is being actively exploited in the wild.

Software: Adobe Flash Player

Remote code execution in Adobe Flash Player
CVE-2016-7855

Use-after-free error

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to use-after-free error when handling .swf files. A remote attacker can trick the victim to visit a website or open a file with malicious Flash file and execute arbitrary code on the target system with privileges of the current user.

Note: this vulnerability was being actively exploited in the wild.

i

The vulnerability was disclosed by Neel Mehta and Billy Leonard of the Google Threat Analysis Group.

The vulnerability was exploited by Russian hacker group APT28.

Software: Adobe Flash Player

The vulnerability was disclosed by Neel Mehta and Billy Leonard of the Google Threat Analysis Group.

The vulnerability was exploited by Russian hacker group APT28.

Remote code execution in Adobe Flash Player
CVE-2016-4171

Memory corruption

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error when handling .swf files. A remote attacker can create a specially crafted SWF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.

Note: the vulnerability was being actively exploited.


i

The vulnerability was reported by Anton Ivanovn of Kaspersky.
Used by ScarCruft hacking team in Operation Daybreak and Operation Erebus as suggested by Kaspersky Lab.

It has been used in targeted attacks carried out by a new ScarCruft APT group operating primarily against high-profile victims in China, South Korea, India, Russia, Nepal, Romania, and Kuwait.

Software: Adobe Flash Player

The vulnerability was reported by Anton Ivanovn of Kaspersky.
Used by ScarCruft hacking team in Operation Daybreak and Operation Erebus as suggested by Kaspersky Lab.

It has been used in targeted attacks carried out by a new ScarCruft APT group operating primarily against high-profile victims in China, South Korea, India, Russia, Nepal, Romania, and Kuwait.

Remote code execution in Adobe Flash Player
CVE-2016-4117

Type confusion

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to type confusion error when processing .swf files. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability results in arbitrary code execution.

Note: the vulnerability was being actively exploited.
i

The vulnerability was reported by Genwei Jiang.
The zero-day was used by the Pawn Storm and APT3 cyber espionage groups in Operation Erebus campaign and seen in payloads included with CryptXXX, Cerber and DMA Locker ransomware, as well as the Gootkit Trojan.

Software: Adobe Flash Player

Known/fameous malware:

Exploit kit: Angler, Magnitude, Neutrino, RIG.

The vulnerability was reported by Genwei Jiang.
The zero-day was used by the Pawn Storm and APT3 cyber espionage groups in Operation Erebus campaign and seen in payloads included with CryptXXX, Cerber and DMA Locker ransomware, as well as the Gootkit Trojan.

Microsoft Security Update for Adobe Flash Player
CVE-2016-1019

Type confusion

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to type confusion error when handling .swf files. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability results in arbitrary code execution.

Note: the vulnerability was being actively exploited.
i

The weakness was presented by Kafeine (EmergingThreats/Proofpoint), Genwei Jiang (FireEye, Inc.) and Clement Lecigne (Google).

According to FireEye, on April 2, Kafeine provided details on a version of the Magnitude Exploit Kit that was originally believed to be exploiting known Adobe Flash vulnerabilities.

Software: Adobe Flash Player

Known/fameous malware:

Magnitude, Neutrino and Nuclear Pack Exploit Kit.
Cerber and DMA Locker ransomware.

The weakness was presented by Kafeine (EmergingThreats/Proofpoint), Genwei Jiang (FireEye, Inc.) and Clement Lecigne (Google).

According to FireEye, on April 2, Kafeine provided details on a version of the Magnitude Exploit Kit that was originally believed to be exploiting known Adobe Flash vulnerabilities.

Multiple vulnerabilities in Adobe Flash Player
CVE-2016-1010

Integer overflow

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to integer overflow. A remote attacker can create a specially crafted Web site, trick the victim into visiting it and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability results in arbitrary code execution.

Note: the vulnerability was being actively exploited.
i

The vulnerability was reported by Anton Ivanov from Kaspersky Lab. The vulnerability was used by the ScarCruft group in Operation Daybreak campaign.

Software: Adobe Flash Player

Known/fameous malware:

Used in Angler Exploit Kit.

The vulnerability was reported by Anton Ivanov from Kaspersky Lab. The vulnerability was used by the ScarCruft group in Operation Daybreak campaign.

Multiple vulnerabilities in Adobe Flash Player
CVE-2016-0984

Use-after-free error

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a use-after-free error when processing malicious .swf content. A remote attacker can create a specially crafted .SWF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability may result in complete compromise of vulnerable system.

According to Kasperksy Lab report, this vulnerability has bein actively exploited in the wild by BlackOasis APT actor.

i

According to Kaspersky Lab, this vulnerability has being exploited in the wild by BlackOasis actor in June 2015.

Software: Adobe Flash Player

According to Kaspersky Lab, this vulnerability has being exploited in the wild by BlackOasis actor in June 2015.