Zero-day Vulnerability Database
Zero-day vulnerabilities discovered: 62
Multiple vulnerabilities in Adobe Flash Player
CVE-2016-7892
Use-after-free error
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to use-after-free error when processing .swf files. A remote attacker can create a specially crafted SWF file, trick the victim into opening it, cause memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in compromise of vulnerable system.
Note: this vulnerability is being actively exploited in the wild.
Software: Adobe Flash Player
Remote code execution in Adobe Flash Player
CVE-2016-7855
Use-after-free error
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to use-after-free error when handling .swf files. A remote attacker can trick the victim to visit a website or open a file with malicious Flash file and execute arbitrary code on the target system with privileges of the current user.
Note: this vulnerability was being actively exploited in the wild.
The vulnerability was disclosed by Neel Mehta and Billy Leonard of the Google Threat Analysis Group.
The vulnerability was exploited by Russian hacker group APT28.
Software: Adobe Flash Player
The vulnerability was exploited by Russian hacker group APT28.
Links:
https://security.googleblog.com/2016/10/disclosing-vulnerabilities-to-protect.html https://helpx.adobe.com/security/products/flash-player/apsb16-36.html https://technet.microsoft.com/library/security/ms16-128
https://threatpost.com/adobe-patches-flash-zero-day-under-attack/121567/
http://securityaffairs.co/wordpress/52739/hacking/cve-2016-7855-adobe.html
http://sensorstechforum.com/cve-2016-7855-flash-bug-exploited-limited-attacks/
http://www.securityweek.com/adobe-patches-flash-vulnerability-used-targeted-attacks
http://thehackernews.com/2016/10/google-windows-zero-day.html
http://opensources.info/cve-2016-7855-flaw-in-adobe-flash-player-exploited-in-targeted-attacks/
https://www.infosecurity-magazine.com/news/flash-windows-zerodays-are-being/
https://fossbytes.com/microsoft-windows-zero-day-vulnerability-google-told-people/
https://www.theregister.co.uk/2016/10/26/adobe_patches_fresh_flash_zeroday/
https://www.symantec.com/connect/blogs/flash-zero-day-being-exploited-targeted-attacks
http://www.pcworld.com/article/3135715/security/emergency-flash-player-patch-fixes-zero-day-critical...
http://thecharlestendellshow.com/microsoft-patches-cve-2016-7255-windows-zero-day-exploited-by-fancy...
https://arstechnica.com/security/2016/11/fancy-bear-goes-all-out-to-beat-adobe-msft-zero-day-patches...
Remote code execution in Adobe Flash Player
CVE-2016-4171
Memory corruption
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to boundary error when handling .swf files. A remote attacker can create a specially crafted SWF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.
Note: the vulnerability was being actively exploited.
The vulnerability was reported by Anton Ivanovn of Kaspersky.
Used by ScarCruft hacking team in Operation Daybreak and Operation Erebus as suggested by Kaspersky Lab.
It has been used in targeted attacks carried out by a new ScarCruft APT group operating primarily against high-profile victims in China, South Korea, India, Russia, Nepal, Romania, and Kuwait.
Software: Adobe Flash Player
Used by ScarCruft hacking team in Operation Daybreak and Operation Erebus as suggested by Kaspersky Lab.
It has been used in targeted attacks carried out by a new ScarCruft APT group operating primarily against high-profile victims in China, South Korea, India, Russia, Nepal, Romania, and Kuwait.
Links:
https://helpx.adobe.com/security/products/flash-player/apsb16-18.html
https://helpx.adobe.com/security/products/flash-player/apsa16-03.html
https://securelist.com/blog/research/75082/cve-2016-4171-adobe-flash-zero-day-used-in-targeted-attac...
http://securityaffairs.co/wordpress/48400/hacking/cve-2016-4171-flash-0-day.html
http://www.securityweek.com/flash-zero-day-exploited-targeted-attacks
https://community.norton.com/en/blogs/security-covered-norton/critical-adobe-flash-player-vulnerabil...
https://threatpost.com/scarcruft-apt-group-used-latest-flash-zero-day-in-two-dozen-attacks/118642/
http://zerosecurity.org/2016/06/flash-zero-day-cve-2016-4171
http://neurogadget.net/2016/06/21/hackers-exploiting-critical-adobe-flash-player-vulnerability/33701
https://www.scmagazine.com/adobe-patches-critical-zero-day-vulnerability-in-flash-player/article/529...
http://activecypher.com/cve-2016-4171-another-flash-zero-day-exploited-in-targeted-attacks/
https://nakedsecurity.sophos.com/2016/06/15/critical-flash-vulnerability-is-being-exploited-in-the-w...
https://www.beyondtrust.com/blog/critical-zero-day-vulnerability-cve-2016-4171-basic-mitigation/
https://arstechnica.com/security/2016/06/critical-adobe-flash-bug-under-active-attack-currently-has-...
http://wccftech.com/flash-zero-day-vulnerability-exploited-in-the-wild/
http://www.digitaltrends.com/computing/adobe-exploit-scarcruft/
http://www.theinquirer.net/inquirer/news/2461612/new-threat-uses-flash-zero-day-to-attack-big-busine...
http://thecharlestendellshow.com/scarcruft-apt-group-exploited-flash-zero-day-in-high-profile-attack...
https://www.intego.com/mac-security-blog/adobe-flash-alert-0-day-exploit-for-vulnerability-in-the-wi...
http://www.bankinfosecurity.com/adobe-flings-flash-fix-for-fresh-apt-target-a-9207
Remote code execution in Adobe Flash Player
CVE-2016-4117
Type confusion
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to type confusion error when processing .swf files. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution.Note: the vulnerability was being actively exploited.
The vulnerability was reported by Genwei Jiang.
The zero-day was used by the Pawn Storm and APT3 cyber espionage groups in Operation Erebus campaign and seen in payloads included with CryptXXX, Cerber and DMA Locker ransomware, as well as the Gootkit Trojan.
Software: Adobe Flash Player
Known/fameous malware:
Exploit kit: Angler, Magnitude, Neutrino, RIG.
The zero-day was used by the Pawn Storm and APT3 cyber espionage groups in Operation Erebus campaign and seen in payloads included with CryptXXX, Cerber and DMA Locker ransomware, as well as the Gootkit Trojan.
Links:
https://www.fireeye.com/blog/threat-research/2016/05/cve-2016-4117-flash-zero-day.html
https://helpx.adobe.com/security/products/flash-player/apsa16-02.html
https://helpx.adobe.com/security/products/flash-player/apsb16-15.html
http://securityaffairs.co/wordpress/47197/hacking/cve-2016-4117-adobe-flash-zero.html
https://security.berkeley.edu/news/vulnerable-adobe-flash-player-allows-remote-code-execution-cve-20...
http://news.softpedia.com/news/nine-days-later-flash-zero-day-cve-2016-4117-already-added-to-exploit...
https://www.helpnetsecurity.com/2016/05/16/flash-0day-exploit-booby-trapped-office-file/
http://securityaffairs.co/wordpress/47379/cyber-crime/cve-2016-4117-exploit-chain.html
https://andreafortuna.org/cve-2016-4117-a-new-adobe-flash-0-day-in-the-wild-56e78d519bf5#.9ogjnryxb
http://www.pcworld.com/article/3073561/security/a-recently-patched-flash-player-exploit-is-being-use...
https://www.peerlyst.com/posts/cve-2016-4117-fireeye-revealed-the-exploit-chain-of-recent-attacks-he...
https://www.proofpoint.com/us/threat-insight/post/microsoft-word-intruder-8-adds-support-for-flash-v...
http://neurogadget.net/2016/05/29/adobe-flash-player-exploit-used-hackers-attack-users/31733
http://www.bankinfosecurity.com/zero-day-attacks-pummel-ie-flash-a-9093
Microsoft Security Update for Adobe Flash Player
CVE-2016-1019
Type confusion
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to type confusion error when handling .swf files. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution.Note: the vulnerability was being actively exploited.
The weakness was presented by Kafeine (EmergingThreats/Proofpoint), Genwei Jiang (FireEye, Inc.) and Clement Lecigne (Google).
According to FireEye, on April 2, Kafeine provided details on a version of the Magnitude Exploit Kit that was originally believed to be exploiting known Adobe Flash vulnerabilities.
Software: Adobe Flash Player
Known/fameous malware:
Magnitude, Neutrino and Nuclear Pack Exploit Kit.
Cerber and DMA Locker ransomware.
According to FireEye, on April 2, Kafeine provided details on a version of the Magnitude Exploit Kit that was originally believed to be exploiting known Adobe Flash vulnerabilities.
Links:
https://helpx.adobe.com/security/products/flash-player/apsa16-01.html
https://www.fireeye.com/blog/threat-research/2016/04/cve-2016-1019_a_new.html
http://blog.trendmicro.com/trendlabs-security-intelligence/look-adobe-flash-player-cve-2016-1019-zer...
https://www.proofpoint.com/us/threat-insight/post/killing-zero-day-in-the-egg
http://securityaffairs.co/wordpress/46107/malware/adobe-fixes-cve-2016-1019.html
https://www.bleepingcomputer.com/news/security/adobe-releases-security-advisory-on-critical-vulnerab...
http://www.zdnet.com/article/cyberattackers-botch-integration-of-adobe-flash-zero-day-vulnerability-...
http://www.eweek.com/security/adobe-patches-zero-day-flaw-used-by-exploit-kit.html
https://www.grahamcluley.com/adobe-flash-responsible-six-top-10-bugs-used-exploit-kits-2016/
http://hub-apac.insight.com/h/i/236881036-zero-day-attack-discovered-in-magnitude-exploit-kit-target...
https://trushieldinc.com/adobe-flash-player-zero-day-exploit/
https://blog.malwarebytes.com/threat-analysis/exploits-threat-analysis/2016/04/botched-flash-0day-ge...
http://www.symantec.com/connect/blogs/new-flash-zero-day-exploited-attackers-wild
http://blog.trendmicro.com/trendlabs-security-intelligence/cve-2016-1019-zero-day-integrated-in-expl...
https://threatpost.com/emergency-update-coming-for-flash-vulnerability-under-attack/117219/
http://www.ecommercetimes.com/story/83348.html
Multiple vulnerabilities in Adobe Flash Player
CVE-2016-1010
Integer overflow
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to integer overflow. A remote attacker can create a specially crafted Web site, trick the victim into visiting it and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution.Note: the vulnerability was being actively exploited.
The vulnerability was reported by Anton Ivanov from Kaspersky Lab. The vulnerability was used by the ScarCruft group in Operation Daybreak campaign.
Software: Adobe Flash Player
Known/fameous malware:
Used in Angler Exploit Kit.
Links:
https://helpx.adobe.com/security/products/flash-player/apsb16-08.html
http://blog.trendmicro.com/trendlabs-security-intelligence/root-cause-analysis-recent-flash-zero-day...
http://blog.trendmicro.com/trendlabs-security-intelligence/adobe-issues-emergency-patch-flash-zero-d...
ttp://blog.trendmicro.com/trendlabs-security-intelligence/tag/cve-2016-1010/
https://security.berkeley.edu/news/adobe-flash-player-multiple-zero-day-vulnerabilities-cve-2016-101...
https://technet.microsoft.com/en-us/library/security/MS16-036
http://securityaffairs.co/wordpress/45226/breaking-news/adobe-emergency-out-of-band-update.html
https://news.ycombinator.com/item?id=11262403
https://www.slashgear.com/adobe-flash-player-update-fixes-critical-vulnerabilities-11431218/
https://securify.co.in/adobe-flash-player/zero-day-adobe-flash-player-vulnerability-cve-2016-1010-2/
https://arstechnica.com/security/2016/03/adobe-issues-emergency-patch-for-actively-exploited-code-ex...
https://nakedsecurity.sophos.com/2016/03/11/flash-zero-day-prompts-emergency-update-from-adobe/
https://www.scmagazine.com/adobe-patches-active-flash-player-flaw/article/528925/
https://hotforsecurity.bitdefender.com/blog/update-flash-now-targeted-attacks-exploiting-security-ho...
http://www.securityweek.com/adobe-patches-flash-zero-day-under-attack
http://www.spamfighter.com/News-20163-Security-Bug-Used-in-Live-Attacks-is-Fixed-by-Releasing-Adobe-...
http://www.pcworld.com/article/3043055/security/emergency-flash-player-patch-fixes-actively-exploite...
http://wccftech.com/adobe-patches-yet-another-critical-flash-exploit/
https://www.infosecurity-magazine.com/news/adobe-issues-patch-for-23-flash/
http://www.eweek.com/blogs/security-watch/adobe-updates-flash-to-patch-zero-day-flaw.html
Multiple vulnerabilities in Adobe Flash Player
CVE-2016-0984
Use-after-free error
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a use-after-free error when processing malicious .swf content. A remote attacker can create a specially crafted .SWF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability may result in complete compromise of vulnerable system.
According to Kasperksy Lab report, this vulnerability has bein actively exploited in the wild by BlackOasis APT actor.
According to Kaspersky Lab, this vulnerability has being exploited in the wild by BlackOasis actor in June 2015.
Software: Adobe Flash Player
Multiple vulnerabilities in Adobe Flash Player
CVE-2015-8651
Integer overflow
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to integer overflow. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation results in arbitrary code execution on the vulnerable system.
Note: the vulnerability was being actively exploited.
Software: Adobe Flash Player
Known/fameous malware:
Exploit kits: Angler, Neutrino, Nuclear Pack and RIG
Links:
https://helpx.adobe.com/security/products/flash-player/apsb16-01.html
https://blogs.forcepoint.com/security-labs/popular-site-leads-angler-ek-cve-2015-8651-flash-player-e...
https://www.symantec.com/security_response/writeup.jsp?docid=2015-122818-3536-99&tabid=2
https://blogs.forcepoint.com/security-labs/popular-site-leads-angler-ek-cve-2015-8651-flash-player-e...
https://krebsonsecurity.com/tag/cve-2015-8651/
https://blogs.technet.microsoft.com/mmpc/2016/06/20/reverse-engineering-dubniums-flash-targeting-exp...
https://krebsonsecurity.com/tag/cve-2015-8651/
https://www.scmagazine.com/adobe-issues-critical-flash-player-patch/article/533434/
http://vulnerablespace.blogspot.com/2016/06/malware-analysing-and-repurposing-rigs.html
https://blog.qualys.com/laws-of-vulnerabilities/2015/12/28/last-adobe-0-day-patched-for-the-year
https://www.reddit.com/r/ReverseEngineering/comments/43a1i5/an_analysis_on_the_principle_of_cve20158...
http://www.securityweek.com/adobe-issues-emergency-patch-flash-zero-day-under-attack
http://securityaffairs.co/wordpress/43131/cyber-crime/adobe-flash-zero-day.html
http://securityaffairs.co/wordpress/54120/reports/exploit-kits-top-flaws.html
https://blog.malwarebytes.com/threat-analysis/exploits-threat-analysis/2016/07/a-look-into-some-rig-...
http://www.darkreading.com/vulnerabilities---threats/here-are-4-vulnerabilities-ransomware-attacks-a...
https://www.recordedfuture.com/recent-ransomware-vulnerabilities/
http://resources.infosecinstitute.com/most-exploited-vulnerabilities-by-whom-when-and-how/#gref
http://neurogadget.net/2016/12/08/adobe-flash-player-bugs-issues-exploits-computers/48666
http://thehackernews.com/2015/12/adobe-flash-security-update.html
http://www.theregister.co.uk/2015/12/28/adobe_flash_security_update/
https://www.solutionary.com/resource-center/blog/2015/12/adobe-flash-player-vulnerability/
http://wccftech.com/flash-player-receives-emergency-security-patch/
http://news.softpedia.com/news/adobe-fixes-flash-zero-day-bug-discovered-by-huawei-498184.shtml
Remote code execution in Adobe Flash Player
CVE-2015-7645
Type confusion
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to type confusion error. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation results in arbitrary code execution on the vulnerable system.
Note: the vulnerability was being actively exploited.
Was used in Pawn Storm Campaign Targeting Foreign Affairs Ministries. Exploited by the Fancy Bear APT.
The vulnerability was reported by Peter Pi of Trend Micro.
Software: Adobe Flash Player
Known/fameous malware:
Exploit Kits: Angler, Hunter, Magnitude, Neutrino, Nuclear Pack, RIG, Spartan.
The vulnerability was reported by Peter Pi of Trend Micro.
Links:
https://helpx.adobe.com/security/products/flash-player/apsa15-05.html
https://helpx.adobe.com/security/products/flash-player/apsb15-27.html
http://blog.trendmicro.com/trendlabs-security-intelligence/new-adobe-flash-zero-day-used-in-pawn-sto...
http://resources.infosecinstitute.com/the-shadow-of-the-russian-cyber-army-behind-the-2016-president...
https://www.symantec.com/security_response/attacksignatures/detail.jsp?asid=28924
https://www.symantec.com/security_response/writeup.jsp?docid=2015-101903-5534-99
https://www.mysonicwall.com/sonicalert/searchresults.aspx?ev=article&id=869
http://www.theregister.co.uk/2016/12/08/need_xmas_ideas_try_cve20157645_a_flash_gift_that_keeps_on_g...
http://www.securityweek.com/adobe-patches-flash-zero-day-exploited-pawn-storm
http://vulnerablespace.blogspot.com/2016/04/malware-analysing-and-repurposing.html
https://blog.malwarebytes.com/threat-analysis/2015/10/new-flash-player-zero-day-in-the-wild/
https://arstechnica.com/security/2015/10/new-zero-day-exploit-hits-fully-patched-adobe-flash/
http://securityaffairs.co/wordpress/41123/cyber-crime/flash-zero-day-exploit.html
http://www.infoworld.com/article/3046531/security/ransomware-targets-flash-and-silverlight-vulnerabi...
https://www.tripwire.com/state-of-security/latest-security-news/flash-player-zero-day-patched-by-ado...
http://www.welivesecurity.com/2015/10/15/adobe-flash-zero-day/
https://threatpost.com/emergency-adobe-flash-zero-day-patch-arrives-ahead-of-schedule/115073/
http://thehackernews.com/2015/10/flash-patch-update.html
https://www.scmagazine.com/adobe-addresses-latest-flash-player-zero-day-vulnerability/article/533522...
Two remote code execution vulnerabilities in Adobe Flash Player
CVE-2015-5123
тАЬUse-after-freeтАЭ error
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to use-after-free error in the ActionScript 3 BitmapData class. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation results in arbitrary code execution on the vulnerable system.
Note: the vulnerability was being actively exploited.
The exploit code was revealed after Hacking Team data leak.
Software: Adobe Flash Player
Known/fameous malware:
SWF_EKSPLOYT.EDF. (TrendMicro).
Links:
https://helpx.adobe.com/security/products/flash-player/apsa15-04.html
https://www.symantec.com/connect/blogs/third-adobe-flash-zero-day-exploit-cve-2015-5123-leaked-hacki...
http://blog.trendmicro.com/trendlabs-security-intelligence/new-zero-day-vulnerability-cve-2015-5123-...
https://helpx.adobe.com/security/products/flash-player/apsb15-18.html
http://blog.trendmicro.com/trendlabs-security-intelligence/new-zero-day-vulnerability-cve-2015-5123-...
http://securityaffairs.co/wordpress/38574/cyber-crime/hacking-team-cve-2015-5123.html
https://www.tripwire.com/state-of-security/vulnerability-management/another-zero-day-flash-exploit-r...
https://www.scmagazine.com/researchers-report-flash-player-zero-day-bugs-after-hacking-team-leaks/ar...
http://www.securityweek.com/two-new-flash-player-zero-day-bugs-found-hacking-team-leak
https://threatpost.com/flash-player-update-patches-two-hacking-team-zero-days/113776/ https://www.zscaler.com/blogs/research/hacking-team-leak-flash-0day-exploit-payloads-and-more
http://www.zdnet.com/article/adobe-promises-patch-for-latest-wave-of-critical-hacking-team-zero-day-...
http://securityaffairs.co/wordpress/38518/cyber-crime/hacking-team-new-0zero.html
Two remote code execution vulnerabilities in Adobe Flash Player
CVE-2015-5122
тАЬUse-after-freeтАЭ error
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to use-after-free error in the ActionScript 3 opaqueBackground class. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation results in arbitrary code execution on the vulnerable system.
Note: the vulnerability was being actively exploited.
The exploit code was revealed after Hacking Team data leak. The exploit was used against Japanese organizations.
The vulnerability was reported by Dhanesh Kizhakkinan of FireEye as well as Peter Pi of TrendMicro.
Software: Adobe Flash Player
Known/fameous malware:
Exploit kits: Angler EK - 2015-07-11 Neutrino - 2015-07-13 Nuclear Pack - 2015-07-14 RIG - 2015-07-14 Magnitude - 2015-07-15 NullHole - 2015-07-22 Spartan - 2015-09-11
The vulnerability was reported by Dhanesh Kizhakkinan of FireEye as well as Peter Pi of TrendMicro.
Links:
https://helpx.adobe.com/security/products/flash-player/apsa15-04.html
https://helpx.adobe.com/security/products/flash-player/apsb15-18.html
https://www.symantec.com/security_response/attacksignatures/detail.jsp?asid=28060
http://blog.trendmicro.com/trendlabs-security-intelligence/another-zero-day-vulnerability-arises-fro...
https://krebsonsecurity.com/2015/07/adobe-to-fix-another-hacking-team-zero-day/
https://packetstormsecurity.com/files/132663/Adobe-Flash-opaqueBackground-Use-After-Free.html
http://www.hackingtutorials.org/metasploit-tutorials/metasploit-cve-2015-5122-flash-exploit-tutorial...
http://securityaffairs.co/wordpress/38531/cyber-crime/hacking-team-2-flash-0day.html
http://www.theregister.co.uk/2015/07/12/adobe_flash_zero_day_cve_2015_5122/
http://researchcenter.paloaltonetworks.com/2015/07/watering-hole-attack-on-aerospace-firm-exploits-c...
https://arstechnica.com/security/2015/07/two-new-flash-exploits-surface-from-hacking-team-combine-wi...
https://www.tripwire.com/state-of-security/vulnerability-management/another-zero-day-flash-exploit-r...
https://www.scmagazine.com/researchers-report-flash-player-zero-day-bugs-after-hacking-team-leaks/ar...
http://www.zdnet.com/article/adobe-promises-patch-for-latest-wave-of-critical-hacking-team-zero-day-...
Remote code execution in Adobe Flash Player
CVE-2015-5119
Use-after-free error
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to use-after-free error when processing .swf files. A remote attacker can create a specially crafted Web-site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.
Note: the vulnerability was being actively exploited.
The exploit code was revealed after Hacking Team data leak. Was also used in phishing campaigns conducted by two Chinese advanced persistent threat (APT) groups: APT3 and APT18.
The vulnerability was reported by Google Project Zero and Morgan Marquis-Boire.
Software: Adobe Flash Player
The vulnerability was reported by Google Project Zero and Morgan Marquis-Boire.
Links:
https://helpx.adobe.com/security/products/flash-player/apsb15-16.html
https://helpx.adobe.com/security/products/flash-player/apsa15-03.html
http://securityaffairs.co/wordpress/38707/cyber-crime/phishing-cve-2015-5119.html
https://www.zscaler.com/blogs/research/adobe-flash-vulnerability-cve-2015-5119-analysis
https://www.fireeye.com/blog/threat-research/2015/07/demonstrating_hustle.html
http://www.bankinfosecurity.com/zero-day-exploit-alert-flash-java-a-8396
https://www.zscaler.com/blogs/research/adobe-flash-vulnerability-cve-2015-5119-analysis
https://www.trustwave.com/Resources/SpiderLabs-Blog/A-Flash-Exploit-(CVE-2015-5119)-From-the-Hacking...
http://null-byte.wonderhowto.com/how-to/hack-like-pro-use-hacking-teams-adobe-flash-exploit-0163051/
http://blog.trendmicro.com/trendlabs-security-intelligence/hacking-team-flash-zero-day-integrated-in...
https://krebsonsecurity.com/2015/07/adobe-to-patch-hacking-teams-flash-zero-day/#more-31458
https://blog.malwarebytes.com/threat-analysis/2015/07/hacking-team-leak-exposes-new-flash-zero-day/
https://www.scmagazine.com/adobe-fixes-flash-player-zero-day-bug-identified-in-hacking-team-leak/art...
Remote code execution in Adobe Flash Player
CVE-2015-3113
Heap-based buffer overflow
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to heap-based buffer overflow when processing .swf files. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation results in arbitrary code execution on the vulnerable system.
Note: the vulnerability was being actively exploited.
Exploited by a China-based cyberespionage group. Operation Clandestine Wolf тАУ Adobe Flash Zero-Day in APT3 Phishing Campaign.
Software: Adobe Flash Player
Known/fameous malware:
Magnitude exploit kit.
Links:
https://helpx.adobe.com/security/products/flash-player/apsb15-14.html
https://hitmanpro.wordpress.com/2015/07/02/how-apt3-evaded-anti-exploits-with-cve-2015-3113/
https://nakedsecurity.sophos.com/2015/06/29/latest-flash-hole-already-exploited-ransomware/
http://securityaffairs.co/wordpress/38044/cyber-crime/adobe-fixed-cve-2015-3113.html
http://www.securityweek.com/adobe-flash-player-zero-day-exploited-attack-campaign
http://blog.trendmicro.com/trendlabs-security-intelligence/new-adobe-zero-day-shares-same-root-cause...
http://www.computerweekly.com/news/4500248673/Adobe-patches-Flash-Player-vulnerability-CVE-2015-3113
http://researchcenter.paloaltonetworks.com/2015/07/ups-observations-on-cve-2015-3113-prior-zero-days...
https://arstechnica.com/security/2015/06/patch-early-patch-often-adobe-pushes-emergency-fix-for-acti...
http://www.pcworld.com/article/2939552/adobe-patches-zeroday-flash-player-flaw-used-in-targeted-atta...
http://www.techtimes.com/articles/63254/20150624/adobe-releases-patch-to-plug-flash-players-zero-day...
https://www.recordedfuture.com/use-cases/vulnerability-identification/
http://www.theregister.co.uk/2015/06/29/ransomware_exploit_kit_slinger_exploits_flash_remote_code_ex...
http://www.computerworlduk.com/security/cybercriminals-pounce-on-serious-flash-zero-day-flaw-3618019..
Multiple vulnerabilities in Adobe Flash Player
CVE-2015-3043
Memory corruption
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to boundary error. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation results in arbitrary code execution on the vulnerable system.
Note: the vulnerability was being actively exploited.
Attackers exploited the vulnerabilities together to attack a government entity to and steal politically sensitive data that is a known target of the Russian group (APT campaign).
Software: Adobe Flash Player
Links:
https://helpx.adobe.com/security/products/flash-player/apsb15-06.html http://resources.infosecinstitute.com/the-shadow-of-the-russian-cyber-army-behind-the-2016-president...
https://krebsonsecurity.com/2015/04/critical-updates-for-windows-flash-java/#more-30672
http://www.securityweek.com/russia-linked-hackers-used-two-zero-days-recent-targeted-attack-fireeye
http://www.zdnet.com/article/russian-hackers-exploit-flash-windows-flaws-to-spy-on-diplomat-targets/
https://www.fireeye.com/blog/threat-research/2015/04/probable_apt28_useo.html
http://www.eweek.com/security/russian-based-attackers-use-two-zero-days-in-one-attack.html
http://securityaffairs.co/wordpress/36105/cyber-crime/apt28-russian-hackers.html
https://www.advancedbusinesssolutions.com/blog/curated-content/russian-hackers-use-flash-windows-zer...
https://www.infosecurity-magazine.com/news/apt28-back-russiandoll-attack/
Multiple vulnerabilities in Adobe Flash Player
CVE-2015-0313
Use-after-free error
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to use-after-free error when processing .swf content. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation results in arbitrary code execution on the vulnerable system.
Note: the vulnerability was being actively exploited.
The vulnerability was used during malwertising campaign against visitors of dailymotion.com.
Software: Adobe Flash Player
Known/fameous malware:
SWF_EXPLOIT.MJST
Hanjuan Exploit Kit
Links:
https://helpx.adobe.com/security/products/flash-player/apsa15-02.html
https://helpx.adobe.com/security/products/flash-player/apsb15-04.html
http://blog.trendmicro.com/trendlabs-security-intelligence/trend-micro-discovers-new-adobe-flash-zer...
http://www.securityweek.com/adobe-prepares-patch-another-critical-flash-player-vulnerability
https://krebsonsecurity.com/2015/02/yet-another-flash-patch-fixes-zero-day-flaw/#more-29724
http://www.greatsoftline.com/another-critical-zero-day-vulnerability-in-adobe-flash-player/
https://nakedsecurity.sophos.com/2015/02/03/news-flash-3rd-time-newunlucky-0-day-hits-adobes-browser...
https://www.recordedfuture.com/top-vulnerabilities-2015/
http://www.networkworld.com/article/3003176/security/8-of-top-10-vulnerabilities-used-by-exploit-kit...
http://www.itnews.com.au/news/hackers-target-third-new-zero-day-for-adobe-flash-399960
http://researchcenter.paloaltonetworks.com/2015/02/palo-alto-networks-traps-protects-enterprises-zer...
http://www.fin24.com/Tech/News/Hackers-target-Adobe-Flash-again-20150205
https://arstechnica.com/security/2015/02/as-flash-0day-exploits-reach-new-level-of-meanness-what-are...
http://www.techtimes.com/articles/30925/20150206/adobe-releases-patch-for-dangerous-flash-player-zer...
http://www.darkreading.com/new-adobe-flash-0-day-used-in-malvertising-campaign/d/d-id/1318900
https://philipcao.com/2015/02/04/palo-alto-networks-traps-protects-enterprises-from-zero-day-cve-201...
https://betanews.com/2015/02/02/surprise-adobe-flash-has-a-security-flaw-on-windows-mac-and-linux/
Remote code execution in Adobe Flash Player
CVE-2015-0311
Use-after-free error
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to use-after-free error when processing .swf files. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation results in arbitrary code execution on the vulnerable system.
Note: the vulnerability was being actively exploited.
The vulnerability was discovered by French security researcher тАЬKafeineтАЭ.
It was actively being exploited in the wild via drive-by-download attacks against systems running Internet Explorer and Firefox on Windows 8.1 and below. It was used by Angler EK and infected at least 1,800 known domains.
Software: Adobe Flash Player
Known/fameous malware:
SWF/Exploit.CVE-2015-0311.N(2)
Trojan.Swifi (Symantec)
Angler EK
It was actively being exploited in the wild via drive-by-download attacks against systems running Internet Explorer and Firefox on Windows 8.1 and below. It was used by Angler EK and infected at least 1,800 known domains.
Links:
https://helpx.adobe.com/security/products/flash-player/apsb15-03.html
http://blog.trendmicro.com/trendlabs-security-intelligence/os-x-zero-days-on-the-rise-a-2015-midyear...
http://blog.trendmicro.com/trendlabs-security-intelligence/analyzing-cve-2015-0311-flash-zero-day-vu...
http://researchcenter.paloaltonetworks.com/2015/01/unpatched-flash-vulnerability-cve-2015-0311-block...
http://securityaffairs.co/wordpress/32687/security/adobe-fix-cve-2015-0311-0day.html
http://www.kamnet.com/adobe-flash-player-vulnerability-cve-2015-0311/
http://www.criticalwatch.com/faqs/zero-day-vulnerability-in-adobe-flash/
http://www.free-remove-spyware.com/post/Cannot-Remove-SWFExploit.CVE-2015-0311.N2-SWFExploit.CVE-201...
http://www.securityweek.com/adobe-fixes-second-flash-player-zero-day-vulnerability
http://www.pcworld.com/article/2878792/flash-player-plagued-by-third-zeroday-flaw-in-a-month-updates...
Security bypass in Adobe Flash Player
CVE-2015-0310
Security bypass
The vulnerability allows a remote attacker to circumvent memory address randomization on the target system.
The weakness exists due to memory leak error. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption, bypass memory address randomization on the Windows platform and obtain sensitive information.
Note: the vulnerability was being actively exploited.
The vulnerability was discovered and reported by security researcher Kafeine.
The vulnerability was used in attacks against older versions of Flash Player.
Software: Adobe Flash Player
Known/fameous malware:
Angler EK.
The vulnerability was used in attacks against older versions of Flash Player.
Links:
https://helpx.adobe.com/security/products/flash-player/apsb15-02.html
https://ae.norton.com/security_response/writeup.jsp?docid=2015-021009-2659-99
https://www.beyondtrust.com/blog/adobe-patches-zero-day-flaw-being-exploited-in-the-wild/
https://www.intego.com/mac-security-blog/flash-player-0day-vulnerability-jolts-rushed-update/
http://www.pcworld.com/article/2874172/adobe-fixes-just-one-of-two-actively-exploited-zeroday-vulner...
http://www.eweek.com/security/new-zero-day-exploit-adds-to-adobe-flash-security-woes.html
Multiple vulnerabilities in Adobe Flash Player
CVE-2014-9163
Stack-based buffer overflow
The vulnerability allows a remote attacker to execute arbitrary code on the target system.The weakness exists due to stack-based buffer overflow when processing .swf files. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.
Note: the vulnerability was being actively exploited.
The vulnerability was discovered by the researcher тАШbilouтАЩ, who reported the bug through HPтАЩs Zero Day Initiative (ZDI).
Has been used in a watering hole attack against US Defense and Financial Services firms, where it was hosted on the compromised Forbes.com website.
Software: Adobe Flash Player
Known/fameous malware:
Trojan.Win32.Bergard.A.
Has been used in a watering hole attack against US Defense and Financial Services firms, where it was hosted on the compromised Forbes.com website.
Links:
https://helpx.adobe.com/security/products/flash-player/apsb14-27.html
https://www.symantec.com/security_response/writeup.jsp?docid=2015-011509-4745-99
http://www.securityweek.com/adobe-patches-flash-player-vulnerability-exploited-wild
http://news.softpedia.com/news/Chinese-Hackers-Target-Forbes-com-In-Watering-Hole-Attack-472871.shtm...
http://www.cso.com.au/article/562228/adobe-patches-flash-zero-day-under-attack/
http://blog.malcovery.com/forbes.com-adobe-flash-player-and-your-email
http://securityaffairs.co/wordpress/33417/cyber-crime/chinese-hackers-hit-forbes.html
https://arstechnica.com/security/2015/02/pwned-in-7-seconds-hackers-use-flash-and-ie-to-target-forbe...
Multiple vulnerabilities in Adobe Flash Player
CVE-2014-8439
Use-after-free error
The vulnerability allows a remote attacker to execute arbitrary code on the target system.The weakness exists due to use-after-free error when processing .swf files. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.
Note: the vulnerability was being actively exploited.
An Adobe Flash vulnerability was discovered in October and promptly patched. The exploits in the Nuclear and Angler kits were detected by the French researcher Kafeine shortly after the company released an update on Oct.14. Despite a patch on 14, October 2014, the vulnerability was not completely mitigated. The vulnerability was patched again in November, 25.
Software: Adobe Flash Player
Known/fameous malware:
Troj/SWFExp-CD.
Exploit kits: Angler, Nuclear, and Astrum.
Links:
https://helpx.adobe.com/security/products/flash-player/apsb14-22.html
https://helpx.adobe.com/security/products/flash-player/apsb14-26.html
https://blogs.technet.microsoft.com/mmpc/2014/12/02/an-interesting-case-of-the-cve-2014-8439-exploit...
http://blog.trendmicro.com/trendlabs-security-intelligence/cve-2014-8439-vulnerability-trend-micro-s...
http://blog.trendmicro.com/trendlabs-security-intelligence/cve-2014-8439-vulnerability-trend-micro-s...
https://www.fireeye.com/blog/threat-research/2015/01/a_different_exploit.html
https://nakedsecurity.sophos.com/2014/11/28/adobe-publishes-out-of-band-flash-update-booster-dose-fo...
http://www.pcworld.com/article/2852412/adobe-tries-again-to-fix-flash-vulnerability.html
http://www.techtimes.com/articles/20976/20141126/adobe-releases-patch-to-re-fix-flash-player-vulnera...
Remote code execution in Adobe Acrobat and Adobe Reader
CVE-2014-0546
Security bypass
The vulnerability allows a remote attacker to execute arbitrary code on the target system.The weakness exists due to improper input validation when processing .pdf files. A remote attacker can create a specially crafted file, trick the victim into opening it, bypass sandbox restrictions and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.
Note: the vulnerability was being actively exploited.
The vulnerability was discovered by Costin Raiu and Vitaly Kamluk of Kaspersky Labs.
Exploited by Animal Farm group.
Software: Adobe Reader
Exploited by Animal Farm group.
Links:
https://helpx.adobe.com/security/products/reader/apsb14-19.html
https://www.symantec.com/security_response/vulnerability.jsp?bid=69193
https://www.symantec.com/security_response/writeup.jsp?docid=2014-082218-1438-99
http://securityaffairs.co/wordpress/27535/cyber-crime/cve-2014-0546-adobe-flaw.html
http://zerosecurity.org/2014/08/cve-2014-0546-found-utilized-small-targeted-attacks
http://www.securityweek.com/adobe-patches-security-flaw-leveraged-targeted-attacks
https://heatsoftware.com/blog/9286/urgent-adobe-users-told-to-patch-reader-and-acrobat-against-zero-...
http://www.burningflameinteractive.com/aj-burning-flame-blog/adobe-patches-zero-day-vulnerability
Remote code execution in Adobe Flash Player
CVE-2014-0515
Buffer overflow
The vulnerability allows a remote attacker to execute arbitrary code on the target system.The weakness exists due to buffer overflow, caused by improper bounds checking by the pixel bender component. A remote attacker can create a specially crafted SWF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.
Note: the vulnerability was being actively exploited.
A sample of the first exploit was detected on April 14, while a sample of the second came on April 16. The first exploit was initially recorded by KSN on April 9, when it was detected by a generic heuristic signature.
The disclosed vulnerability was actively exploited and relates to attack via the website of Syrian Ministry of Justice in September, 2013.
Software: Adobe Flash Player
Known/fameous malware:
Exploit:SWF/CVE-2014-0515
The disclosed vulnerability was actively exploited and relates to attack via the website of Syrian Ministry of Justice in September, 2013.
Links:
https://helpx.adobe.com/security/products/flash-player/apsb14-13.html
https://securelist.com/blog/incidents/59399/new-flash-player-0-day-cve-2014-0515-used-in-watering-ho...
http://blog.trendmicro.com/trendlabs-security-intelligence/analyzing-cve-2014-0515-the-recent-flash-...
https://www.symantec.com/security_response/attacksignatures/detail.jsp?asid=27555
https://www.symantec.com/security_response/attacksignatures/detail.jsp?asid=27552
https://www.zscaler.com/blogs/research/nuclear-exploit-kit-and-flash-cve-2014-0515
http://54.204.81.18/news/stories/39397-blog-new-flash-player-0-day-cve-2014-0515-used-in-watering-ho...
http://www.securityweek.com/adobe-patches-flash-player-zero-day-used-watering-hole-attacks
https://krebsonsecurity.com/2014/04/adobe-update-nixes-flash-player-zero-day/#more-25786
Multiple vulnerabilities in Adobe Flash Player
CVE-2014-0502
Double free
The vulnerability allows a remote attacker to execute arbitrary code on the target system.The weakness exists due to double free error when processing .swf files. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.
Note: the vulnerability was being actively exploited.
Wen Guanxing of Venustech, The Google Security Team and FireEye were working at the vulnerability.
FireEye dubbed the attack exploiting the vulnerability "Operation GreedyWonk".
The vulnerability was exploited to compromise sites of:
- Peterson Institute for International
- Economics American Research Center in Egypt
- Smith Richardson Foundation
Software: Adobe Flash Player
Known/fameous malware:
Elderwood exploit kit.
FireEye dubbed the attack exploiting the vulnerability "Operation GreedyWonk".
The vulnerability was exploited to compromise sites of:
- Peterson Institute for International
- Economics American Research Center in Egypt
- Smith Richardson Foundation
Links:
https://helpx.adobe.com/security/products/flash-player/apsb14-07.html
https://www.alienvault.com/blogs/labs-research/analysis-of-an-attack-exploiting-the-adobe-zero-day-c...
https://www.trustwave.com/Resources/SpiderLabs-Blog/Deep-Analysis-of-CVE-2014-0502-%E2%80%93-A-Doubl...
https://www.mysonicwall.com/sonicalert/searchresults.aspx?ev=article&id=655
https://volatility-labs.blogspot.com/2014/04/building-decoder-for-cve-2014-0502.html
https://blog.threattrack.com/adobe-exploit-cve-2014-0502/
http://www.benhayak.com/2014/05/deep-analysis-of-cve-2014-0502-double.html
http://www.welivesecurity.com/2014/10/31/two-recently-patched-adobe-flash-vulnerabilities-now-used-e...
https://www.symantec.com/security_response/attacksignatures/detail.jsp?asid=27443
http://www.theregister.co.uk/2014/02/20/flash_adobe_posts_emergency_fix/
https://nakedsecurity.sophos.com/2014/02/21/adobe-pushes-out-critical-flash-update-second-zero-day-h...
http://dailyleet.com/how-the-elderwood-platform-is-fueling-2014s-zero-day-attacks/
https://www.scmagazineuk.com/chinese-spies-launch-new-adobe-zero-day-attack/article/541288/
http://arstechnica.com/security/2014/02/adobe-releases-emergency-flash-update-amid-new-zero-day-driv...
Remote code execution in Adobe Flash Player
CVE-2014-0497
Integer underflow
The vulnerability allows a remote attacker to execute arbitrary code on the target system.The weakness exists due to integer underflow when processing .swf files. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.
Note: the vulnerability was being actively exploited.
Exploited by DarkHotel APT.
The vulnerability survived for 84 days after update in November 2013.
Software: Adobe Flash Player
The vulnerability survived for 84 days after update in November 2013.
Links:
https://helpx.adobe.com/security/products/flash-player/apsb14-04.html
https://securingtomorrow.mcafee.com/mcafee-labs/flash-zero-day-vulnerability-cve-2014-0497-lasts-84-...
https://blogs.technet.microsoft.com/mmpc/2014/02/17/a-journey-to-cve-2014-0497-exploit/
https://www.fireeye.com/blog/threat-research/2015/03/flash_in_2015.html
http://securityaffairs.co/wordpress/21937/cyber-crime/adobe-flash-player-fixed.html
https://business.kaspersky.com/darkhotel-hackingteam/4357/
Two remote code execution vulnerabilities in Adobe Flash Player
CVE-2013-5331
Type confusion
The vulnerability allows a remote attacker to execute arbitrary code on the target system.The weakness exists due to type confusion error. A remote attacker can create a specially crafted Web site or . swf file, trick the victim into visiting it and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.
Note: the vulnerability was being actively exploited.
The vulnerability was reported by Adobe as being exploited in the wild. The attackers used Microsoft Word documents with embedded malicious Flash (.swf) content.
Software: Adobe Flash Player
Known/fameous malware:
Troj/SWFExp-CH (Sophos)
Trojan horse Exploit_c.YZX (AVG)
Exploit.Win32.CVE-2013 (Ikarus)
HEUR:Exploit.SWF.CVE-2013-5331.a (Kaspersky)
Exploit:Win32/CVE-2013-5331 (Microsoft)
SWF/Exploit.CVE-2013-5331.A trojan (Eset)
Trojan.Mdropper (Symantec)
Links:
https://helpx.adobe.com/security/products/flash-player/apsb13-28.html
https://www.symantec.com/security_response/attacksignatures/detail.jsp?asid=27558
http://eromang.zataz.com/2015/12/24/cve-2013-5331-adobe-flash-player-type-confusion-remote-code-exec...
http://blog.malwaretracker.com/2014/01/cve-2013-5331-evaded-av-by-using.html
http://eromang.zataz.com/2015/12/24/cve-2013-5331-adobe-flash-player-type-confusion-remote-code-exec...
http://freerepairwindowserrors.com/spytips/Guide-to-Remove-SWFExploit.CVE-2013-5331.A_16_203811.html
Directory traversal in Adobe ColdFusion
CVE-2013-3336
Directory traversal
The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.The weakness exists due to improper validation of the user-supplied input. A remote attacker can create specially crafted HTTP request containing "dot dot" sequences (/../) and view contents of arbitrary files on vulnerable system.
Successful exploitation of the vulnerability may allow an attacker to obtain potentially sensitive information and compromise vulnerable system.
Note: the vulnerability was being actively exploited.
Software: ColdFusion
Links:
http://www.adobe.com/support/security/advisories/apsa13-03.html
http://www.computerworld.com/article/2497237/security0/adobe-warns-of-unpatched-critical-flaw-in-col...
http://mac-security.blogspot.com/2013/05/new-critical-adobe-security-updates.html
http://www.infosecurity-magazine.com/news/anonymous-said-to-be-exploiting-coldfusion-in/
https://www.corero.com/resources/files/security_advisories/advisory_CNS_IPS_Microsoft_Adobe_ColdFusi...
http://www.securityweek.com/server-washington-state-courts-office-hacked-sensitive-data-exposed
https://www.sophos.com/en-us/threat-center/threat-analyses/vulnerabilities/VET-000492.aspx
Multiple vulnerabilities in Adobe Flash Player
CVE-2013-0648
Arbitrary code execution
The vulnerability allows a remote attacker to execute arbitrary code on the target system.The weakness exists due to an error in the ExternalInterface ActionScript feature. A remote attacker can create specially crafted Web site serving malicious Flash (SWF) content, trick the victim into visiting it and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.
Note: the vulnerability was being actively exploited.
Software: Adobe Flash Player
Links:
https://www.adobe.com/support/security/bulletins/apsb13-08.html
https://www.intego.com/mac-security-blog/adobe-squashes-two-exploits-in-the-wild-designed-to-target-...
http://www.computerworlduk.com/it-vendors/new-emergency-flash-update-as-hackers-hit-firefox-3428746/
https://blog.basefarm.com/blog/security-updates-available-for-adobe-flash-player-apsb13-08/
http://doa.alaska.gov/ets/security/S_Advisory/sa2013-023.pdf
http://www.macworld.co.uk/news/apple/adobe-springs-emergency-flash-update-says-hackers-hitting-firef...
https://www.auscert.org.au/render.html?it=17093
http://www.totalsofttech.com.ph/adobe-springs-emergency-flash-update-says-hackers-hitting-firefox/
http://krebsonsecurity.com/tag/cve-2013-0648/
http://www.theregister.co.uk/2013/02/27/adobe_issues_two_critical_flash_vuln_patches/
Multiple vulnerabilities in Adobe Flash Player
CVE-2013-0643
Arbitrary code execution
The vulnerability allows a remote attacker to execute arbitrary code on the target system.The weakness exists due to an error when handling permissions of the Flash Player Firefox sandbox. A remote attacker can create specially crafted Web site serving malicious Flash (SWF) content, trick the victim into visiting it, bypass the sandbox restrictions and execute arbitrary code outside the sandbox with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.
Note: the vulnerability was being actively exploited.
Software: Adobe Flash Player
Links:
http://www.adobe.com/support/security/bulletins/apsb13-08.html
http://doa.alaska.gov/ets/security/S_Advisory/sa2013-023.pdf
https://krebsonsecurity.com/2013/02/flash-player-update-fixes-zero-day-flaws/#more-19186
http://www.techworld.com/news/security/adobe-pushes-out-emergency-flash-update-as-hackers-hit-firefo...
https://www.scmagazine.com/adobe-hurries-update-to-fix-flash-zero-day-vulnerabilities/article/542241...
http://www.computerworld.com/article/2495576/malware-vulnerabilities/adobe-springs-emergency-flash-u...
http://www.theregister.co.uk/2013/02/27/adobe_issues_two_critical_flash_vuln_patches/
https://blog.qualys.com/laws-of-vulnerabilities/2013/02
Two remote code execution vulnerabilities in Adobe Acrobat and Adobe Reader
CVE-2013-0641
Buffer overflow
The vulnerability allows a remote attacker to execute arbitrary code on the target system.The weakness exists due to buffer overflow when handling malicious files. A remote attacker can create specially crafted PDF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.
Note: the vulnerability was being actively exploited.
The sandbox vulnerability was dubbed as "666" by FireEye. CVE-2013-0640 and CVE-2013-0641 have been exploited in MiniDuke, Zegost, PlugX Malware Campaign attacks.
Software: Adobe Reader
Links:
https://www.fireeye.com/blog/threat-research/2013/02/its-a-kind-of-magic-1.html
http://www.adobe.com/support/security/advisories/apsa13-02.html
http://www.adobe.com/support/security/bulletins/apsb13-07.html
http://blog.trendmicro.com/trendlabs-security-intelligence/zero-day-vulnerability-hits-adobe-reader/
https://www.symantec.com/security_response/vulnerability.jsp?bid=57947
http://blog.opensecurityresearch.com/2013/10/analysis-of-malware-rop-chain.html
http://hooked-on-mnemonics.blogspot.com/2013/02/detecting-pdf-js-obfuscation-using.html
https://nakedsecurity.sophos.com/2013/02/14/no-patch-yet-for-pdf-exploits/
https://access.redhat.com/security/cve/cve-2013-0641
http://www.securityweek.com/latest-adobe-zero-day-serious-business-attackers-escape-adobe-reader-san...
https://www.slashgear.com/adobe-says-acrobat-and-reader-vulnerabilities-exploited-with-malicious-pdf...
http://www.pcworld.com/article/2028603/adobe-readies-emergency-patches-for-reader-acrobat.html
http://www.eweek.com/security/adobe-issues-reader-acrobat-security-updates-to-stave-off-attacks
https://securingtomorrow.mcafee.com/mcafee-labs/emerging-stack-pivoting-exploits-bypass-common-secur...
https://www.fireeye.jp/content/dam/fireeye-www/global/en/current-threats/pdfs/wp-zero-day-attacks-in...
Two remote code execution vulnerabilities in Adobe Acrobat and Adobe Reader
CVE-2013-0640
Memory corruption
The vulnerability allows a remote attacker to execute arbitrary code on the target system.The weakness exists due to boundary error when handling malicious files. A remote attacker can create specially crafted PDF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.
Note: the vulnerability was being actively exploited.
The sandbox vulnerability was dubbed as "666" by FireEye. CVE-2013-0640 and CVE-2013-0641 have been exploited in MiniDuke, Zegost, PlugX Malware Campaign attacks.
Software: Adobe Reader
Links:
https://www.fireeye.com/blog/threat-research/2013/02/its-a-kind-of-magic-1.html
http://www.adobe.com/support/security/advisories/apsa13-02.html
http://www.adobe.com/support/security/bulletins/apsb13-07.html
http://www.kb.cert.org/vuls/id/422807
https://labs.portcullis.co.uk/blog/cve-2013-0640-adobe-reader-xfa-oneofchild-un-initialized-memory-v...
http://www.enigmasoftware.com/pdf-cve20130640-vulnerability-exploited-miniduke-zegost-plugx/
http://blog.trendmicro.com/trendlabs-security-intelligence/zero-day-vulnerability-hits-adobe-reader/
http://blog.opensecurityresearch.com/2013/10/analysis-of-malware-rop-chain.html
https://securelist.com/blog/incidents/31112/the-miniduke-mystery-pdf-0-day-government-spy-assembler-...
http://vinsula.com/2013/04/17/cve-2013-0640-adobe-pdf-zero-day-malware/
Two remote code execution vulnerabilities in Adobe Flash Player
CVE-2013-0634
Memory corruption
The vulnerability allows a remote attacker to execute arbitrary code on the target system.The weakness exists due to boundary error in Flash Player for Firefox. A remote attacker can create specially crafted .swf file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.
Note: the vulnerability was being actively exploited.
The vulnerability was discovered by Shadowserver Foundation.
The exploit was used in a cyber espionage campaign dubbed тАЬLadyBoyle".
Software: Adobe Flash Player
The exploit was used in a cyber espionage campaign dubbed тАЬLadyBoyle".
Links:
http://www.adobe.com/support/security/bulletins/apsb13-04.html
https://www.invincea.com/2013/02/exploit-down-analysis-and-protection-against-adobe-flash-exploit-cv...
http://blog.malwaremustdie.org/2013/02/cve-2013-0634-this-ladyboyle-is-not.html
https://www.symantec.com/security_response/attacksignatures/detail.jsp?asid=26455
http://www.enigmasoftware.com/exploitswfcve20130634a-removal/
https://www.fireeye.com/blog/threat-research/2013/02/lady-boyle-comes-to-town-with-a-new-exploit.htm...
https://vulners.com/metasploit/MSF:EXPLOIT/WINDOWS/BROWSER/ADOBE_FLASH_REGEX_VALUE
https://www.intego.com/mac-security-blog/adobe-resolves-flash-player-flaws-being-exploited-in-the-wi...
http://www.spywareremove.com/removeexploitswfcve20130634a.html
https://eromang.zataz.com/2013/02/26/gong-da-gondad-exploit-pack-add-flash-cve-2013-0634-support/
https://krebsonsecurity.com/tag/cve-2013-0634/
http://www.infoworld.com/article/2613576/security/adobe-blames-na-ve-office-users-for-latest-flash-p...
https://nakedsecurity.sophos.com/2013/02/08/adobe-patches-flash-heads-off-attacks-on-windows-and-app...
https://www.intego.com/mac-security-blog/two-adobe-vulnerabilities-attacked-in-the-wild-now-patched/
https://www.invincea.com/2013/02/exploit-down-analysis-and-protection-against-adobe-flash-exploit-cv...
http://www.securityweek.com/adobe-patches-flash-player-against-active-attacks
https://www.fireeye.jp/content/dam/fireeye-www/global/en/current-threats/pdfs/wp-zero-day-attacks-in...
Two remote code execution vulnerabilities in Adobe Flash Player
CVE-2013-0633
Buffer overflow
The vulnerability allows a remote attacker to execute arbitrary code on the target system.The weakness exists due to buffer overflow in ActiveX version of Flash Player. A remote attacker can create specially crafted .swf file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.
Note: the vulnerability was being actively exploited.
The vulnerability was reported to Adobe by Sergey Golovanov and Alexander Polyakov of Kaspersky.
The vulnerability was being used in a series of targeted attacks mostly against human rights activists and political dissidents from Africa and the Middle East.
Software: Adobe Flash Player
Known/fameous malware:
Exploit: SWF/CVE-2013-0633.
The vulnerability was being used in a series of targeted attacks mostly against human rights activists and political dissidents from Africa and the Middle East.
Links:
http://www.adobe.com/support/security/bulletins/apsb13-04.html
https://www.symantec.com/security_response/attacksignatures/detail.jsp?asid=26453
https://www.symantec.com/security_response/vulnerability.jsp?bid=57788
http://krebsonsecurity.com/tag/cve-2013-0633/
https://www.fireeye.com/blog/threat-research/2013/02/lady-boyle-comes-to-town-with-a-new-exploit.htm...
https://eromang.zataz.com/2013/02/26/gong-da-gondad-exploit-pack-add-flash-cve-2013-0634-support/
http://www.kaspersky.com/au/about/news/virus/2013/Kaspersky_Lab_Experts_Credited_for_Identifying_and...
https://securelist.com/blog/research/64215/adobe-flash-player-0-day-and-hackingteams-remote-control-...
http://www.pcworld.com/article/2027916/researchers-surveillance-malware-distributed-via-flash-player-exploit.html
http://www.infoworld.com/article/2613576/security/adobe-blames-na-ve-office-users-for-latest-flash-p...
https://securityledger.com/2013/02/adobe-pushes-fix-for-flash-player-cites-attacks-on-windows-mac-an...
https://www.intego.com/mac-security-blog/two-adobe-vulnerabilities-attacked-in-the-wild-now-patched/
http://www.pcadvisor.co.uk/feature/security/adobe-releases-emergency-flash-fixes-for-two-zero-day-bu...
Multiple vulnerabilities in Adobe ColdFusion
CVE-2013-0625
Authentication bypass
The vulnerability allows a remote attacker to bypass authentication and execute arbitrary code on the target system.
The vulnerability exists due to improper authentication, when password is not configured. A remote unauthenticated attacker can bypass authentication process and execute arbitrary code on the target system.
Note: the vulnerability was being actively exploited.
Software: ColdFusion
Links:
http://www.adobe.com/support/security/bulletins/apsb13-03.html
http://www.adobe.com/support/security/advisories/apsa13-01.html
http://eyeonforensics.blogspot.com/2013/03/a-cold-day-in-e-commerce-guest-post.html
http://doa.alaska.gov/ets/security/S_Advisory/SA2013-093.pdf
http://blogs.coldfusion.com/assets/content/security/Security%20Best%20Practices%20for%20ColdFusion.p...
http://www.securityweek.com/adobe-warns-attacks-exploiting-coldfusion-vulnerabilities-fix-coming
http://www.livehacking.com/category/vulnerability/adobe/
http://www.pcworld.com/article/2025406/adobe-patches-actively-exploited-coldfusion-vulnerabilities.h...
http://www.itworld.com/article/2714589/security/adobe-warns-of-actively-exploited-coldfusion-flaws.h...
http://www.computerworld.com/article/2494475/malware-vulnerabilities/adobe-warns-of-actively-exploit...
http://www.mis-asia.com/tech/security/adobe-warns-of-actively-exploited-coldfusion-flaws/
Multiple vulnerabilities in Adobe ColdFusion
CVE-2013-0629
Authentication bypass
The vulnerability allows a remote attacker to bypass authentication.
The vulnerability exists due to an error in authentication process, when a password is not configured. A remote unauthenticated attacker can gain unauthorized access to restricted directories.
Successful exploitation of this vulnerability results in unauthorized gaining access to the directories.
Note: the vulnerability was being actively exploited.Software: ColdFusion
Links:
http://www.adobe.com/support/security/bulletins/apsb13-03.html
http://www.adobe.com/support/security/advisories/apsa13-01.html
https://www.acunetix.com/vulnerabilities/web/adobe-coldfusion-9-administrative-login-bypass
http://eyeonforensics.blogspot.com/2013/03/a-cold-day-in-e-commerce-guest-post.html
http://doa.alaska.gov/ets/security/S_Advisory/SA2013-093.pdf
http://blogs.coldfusion.com/assets/content/security/Security%20Best%20Practices%20for%20ColdFusion.pdf
http://www.securityweek.com/adobe-warns-attacks-exploiting-coldfusion-vulnerabilities-fix-coming
http://www.livehacking.com/category/vulnerability/adobe/
http://www.pcworld.com/article/2025406/adobe-patches-actively-exploited-coldfusion-vulnerabilities.html
http://www.itworld.com/article/2714589/security/adobe-warns-of-actively-exploited-coldfusion-flaws.html
http://www.computerworld.com/article/2494475/malware-vulnerabilities/adobe-warns-of-actively-exploited-coldfusion-flaws.html
http://www.mis-asia.com/tech/security/adobe-warns-of-actively-exploited-coldfusion-flaws/
https://www.trustwave.com/Resources/SpiderLabs-Blog/The-Curious-Case-of-the-Malicious-IIS-Module--Pr...
http://blogs.elis.org/isa/attackers-exploited-coldfusion-vulnerability-to-install-microsoft-iis-malw...
Multiple vulnerabilities in Adobe ColdFusion
CVE-2013-0631
Information disclosure
The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.The weakness exists due to improper access control. A remote attacker can gain access to important data.
Note: the vulnerability was being actively exploited.
Software: ColdFusion
Links:
http://www.adobe.com/support/security/bulletins/apsb13-03.html
http://www.adobe.com/support/security/advisories/apsa13-01.html
https://www.acunetix.com/vulnerabilities/web/adobe-coldfusion-9-administrative-login-bypass
http://eyeonforensics.blogspot.com/2013/03/a-cold-day-in-e-commerce-guest-post.html
http://doa.alaska.gov/ets/security/S_Advisory/SA2013-093.pdf
http://www.securityweek.com/adobe-warns-attacks-exploiting-coldfusion-vulnerabilities-fix-coming
http://www.livehacking.com/category/vulnerability/adobe/
http://www.pcworld.com/article/2025406/adobe-patches-actively-exploited-coldfusion-vulnerabilities.h...
http://www.itworld.com/article/2714589/security/adobe-warns-of-actively-exploited-coldfusion-flaws.h...
http://www.computerworld.com/article/2494475/malware-vulnerabilities/adobe-warns-of-actively-exploit...
http://www.mis-asia.com/tech/security/adobe-warns-of-actively-exploited-coldfusion-flaws/
http://energy.gov/cio/articles/v-063-adobe-coldfusion-bugs-let-remote-users-gain-access-and-obtain-i...
Multiple vulnerabilities in Adobe ColdFusion
CVE-2013-0632
Authentication bypass
The vulnerability allows a remote attacker to bypass authentication and gain unauthorized access to vulnerable system.
The vulnerability exists due to an error within administrator.cfc. A remote unauthenticated attacker can access Adobe ColdFusion application using a default empty password, login to the RDS component and leverage this session to access administrative web interface.
Successful exploitation of this vulnerability results in unauthorized access to Adobe ColdFusion.
Note: the vulnerability was being actively exploited.The vulnerability was used to compromise website of the Washington state Administrative Office of the Courts (AOC).
Software: ColdFusion
Links:
http://www.adobe.com/support/security/advisories/apsa13-01.html
http://www.adobe.com/support/security/bulletins/apsb13-03.html
https://www.symantec.com/security_response/attacksignatures/detail.jsp?asid=27201
https://www.acunetix.com/vulnerabilities/web/adobe-coldfusion-9-administrative-login-bypass
https://vulners.com/metasploit/MSF:EXPLOIT/MULTI/HTTP/COLDFUSION_RDS
http://www.livehacking.com/category/vulnerability/adobe/
http://www.pcworld.com/article/2025406/adobe-patches-actively-exploited-coldfusion-vulnerabilities.h...
http://www.carehart.org/blog/client/index.cfm/2013/1/2/Part2_serious_security_threat
https://www.scmagazine.com/weakness-in-adobe-coldfusion-allowed-court-hackers-access-to-160k-ssns/ar...
http://www.itnews.com.au/news/a-million-drivers-licenses-possibly-stolen-via-coldfusion-hole-342953
http://krebsonsecurity.com/tag/amcrin/
Remote code execution in Adobe Flash Player
CVE-2012-1535
Memory corruption
The vulnerability allows a remote attacker to execute arbitrary code on the target system.The weakness exists due to boundary error when parsing malicious files. A remote attacker can create a specially crafted Flash (.swf) file embedded in a Microsoft Word (.doc) file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.
Note: the vulnerability was being actively exploited.
The vulnerability was reported by Alexander Gavrun. The exploit was used by Aurora Group.
Software: Adobe Flash Player
Known/fameous malware:
Exploit:SWF/CVE-2012-1535.A.
Links:
https://lists.opensuse.org/opensuse-security-announce/2012-08/msg00010.html
http://www.adobe.com/support/security/bulletins/apsb12-18.html
https://blogs.technet.microsoft.com/mmpc/2012/08/28/a-technical-analysis-on-cve-2012-1535-adobe-flas...
https://www.symantec.com/connect/blogs/cve-2012-1535-adobe-flash-player-vulnerability-exploited-mult...
https://www.symantec.com/security_response/attacksignatures/detail.jsp?asid=25878
https://www.f-secure.com/en/web/labs_global/cve-2012-1535
http://contagiodump.blogspot.co.uk/2012/08/cve-2012-1535-samples-and-info.html
https://securingtomorrow.mcafee.com/mcafee-labs/adobe-flash-update-counters-cve-2012-1535/
http://blog.talosintel.com/2012/08/cve-2012-1535-flash-0-day-in-wild.html
http://www.digital4rensics.com/blog/2012/08/brief-osint-review-for-cve-2012-1535-attacks/
https://www.alienvault.com/blogs/labs-research/cve-2012-1535-adobe-flash-being-exploited-in-the-wild
http://www.ehackingnews.com/2012/08/cve-2012-1535-adobe-flash-player-exploit.html
http://thehackernews.com/2012/09/operation-aurora-other-zero-day-attacks.html
Remote code execution in Adobe Flash Player
CVE-2012-0779
Type Confusion
The vulnerability allows a remote attacker to execute arbitrary code on the target system.The weakness exists due to object type confusion error when processing .swf files. A remote attacker can create a specially crafted .swf file, trick the victim into opening it and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.
Note: the vulnerability was being actively exploited.
This vulnerability has been exploited in the wild as part of the "World Uyghur Congress Invitation.doc" e-mail attack.
Software: Adobe Flash Player
Known/fameous malware:
TROJ_SCRIPBRID.A; backdoor BKDR_INJECT.EVL.
Links:
https://www.adobe.com/support/security/bulletins/apsb12-09.html
http://contagiodump.blogspot.com/2012/05/may-3-cve-2012-0779-world-uyghur.html
https://www.symantec.com/connect/blogs/targeted-attacks-using-confusion-cve-2012-0779
http://blog.trendmicro.com/trendlabs-security-intelligence/recent-threats-highlight-vulnerabilities-...
https://krebsonsecurity.com/2012/05/critical-flash-update-fixes-zero-day-flaw/
https://www.alienvault.com/blogs/labs-research/several-targeted-attacks-exploiting-adobe-flash-playe...
https://blogs.technet.microsoft.com/mmpc/2012/05/24/a-technical-analysis-of-adobe-flash-player-cve-2...
http://blog.shadowserver.org/2012/05/15/cyber-espionage-strategic-web-compromises-trusted-websites-s...
https://www.reddit.com/r/netsec/comments/ta12k/several_targeted_attacks_exploiting_adobe_flash/
http://thehackernews.com/2012/09/operation-aurora-other-zero-day-attacks.html
http://www.securityweek.com/adobe-patches-zero-day-vulnerability-used-targeted-attacks
https://www.symantec.com/security_response/attacksignatures/detail.jsp?asid=25718
Multiple vulnerabilities in Adobe Flash Player
CVE-2012-0767
Cross-site scripting
The vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.The vulnerability exists due to insufficient sanitization of user-input.A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in userтАЩs browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
Note: the vulnerability was being actively exploited.
The vulnerability was used to target Webmail accounts.
Software: Adobe Flash Player
Links:
https://lists.opensuse.org/opensuse-security-announce/2012-02/msg00014.html
http://www.adobe.com/support/security/bulletins/apsb12-03.html
https://blog.fortinet.com/2012/02/17/fortinet-researchers-detect-eight-critical-adobe-flaws
https://www.cnet.com/forums/discussions/security-update-available-for-adobe-flash-player-apsb12-03-5...
http://www.zdnet.com/article/adobe-flash-player-xss-flaw-under-active-attack/
http://www.darkreading.com/attacks-breaches/flash-zero-day-used-in-targeted-email-attacks/d/d-id/113...
http://cert.europa.eu/static/SecurityAdvisories/CERT-EU-SA2012-0019.txt
Remote code execution in Adobe Acrobat and Adobe Reader
CVE-2011-4369
Memory corruption
The vulnerability allows a remote attacker to execute arbitrary code on the target system.The weakness exists due to boundary error in the PRC component. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the system with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.
Note: the vulnerability was being actively exploited.
Software: Adobe Reader
Known/fameous malware:
EvilBunny
Links:
http://www.adobe.com/support/security/bulletins/apsb11-30.html
http://www.adobe.com/support/security/bulletins/apsb12-01.html
http://blog.9bplus.com/analyzing-cve-2011-4369-part-one/
https://www.redhat.com/archives/rhsa-announce/2012-January/msg00003.html
http://www.computerworld.com/article/2499997/security0/symantec-confirms-reader-exploits-targeted-de...
http://www.pcworld.com/article/246390/adobe_patches_two_actively_exploited_vulnerabilities_in_reader...
http://technology.ky.gov/COT%20Alerts/Adobe%20Remote%20Code%20Execution%20Vulnerabilities.pdf
http://www.theregister.co.uk/2011/12/17/adobe_reader_critical_update/
http://www.infosecurity-magazine.com/news/adobe-patches-critical-security-holes-in-reader/
http://www.hawaii.edu/technews/notice.php?id=187891
https://msisac.cisecurity.org/advisories/2011/2011-072b.cfm
Remote code execution in Adobe Acrobat and Adobe Reader
тАЛCVE-2011-2462
Memory corruption
The vulnerability allows a remote attacker to execute arbitrary code on the target system.The weakness exists due to boundary error when handling Universal 3D (U3D) data. A remote attacker can create a specially crafted .pdf file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the system with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.
Note: the vulnerability was being actively exploited.
This 0-day vulnerability was discovered by Lockheed MartinтАЩs Computer Incident Response Team and was found that it is part of a targeted attack. The sample of the exploit analyzed by the researchers appears to come from BarclayтАЩs bank in New York City.
Software: Adobe Reader
Known/fameous malware:
Trojan Sykipot.
Links:
http://www.adobe.com/support/security/advisories/apsa11-04.html
https://www.adobe.com/support/security/bulletins/apsb11-30.html
http://contagiodump.blogspot.com/2011/12/adobe-zero-day-cve-2011-2462.html
https://securingtomorrow.mcafee.com/mcafee-labs/inside-adobe-reader-zero-day-exploit-cve-2011-2462/
https://eternal-todo.com/blog/cve-2011-2462-exploit-analysis-peepdf
http://www.trendmicro.com/vinfo/us/threat-encyclopedia/vulnerability/2366/vulnerability-in-u3d-compo...
http://blog.9bplus.com/analyzing-cve-2011-2462/
https://blogs.forcepoint.com/security-labs/adobe-reader-and-acrobat-vulnerability-cve-2011-2462
https://www.totaldefense.com/security-blog/new-zero-day-attack-in-adobe-products-cve-2011-2462
http://www.threatgeek.com/2011/12/adobe-reader-0-day-notes-cve-2011-2462.html
https://vulners.com/metasploit/MSF:EXPLOIT/WINDOWS/FILEFORMAT/ADOBE_READER_U3D
https://www.fireeye.com/blog/threat-research/2013/02/threat-actors-mandiant-apt1-report-spear-phishi...
https://nakedsecurity.sophos.com/2011/12/10/targeted-emails-exploit-new-acrobat-reader-vulnerability...
https://www.totaldefense.com/security-blog/new-zero-day-attack-in-adobe-products-cve-2011-2462
https://www.mysonicwall.com/sonicalert/searchresults.aspx?ev=article&id=398
http://securityresponse.symantec.com/threatreport/topic.jsp?id=vulnerability_trends&aid=notable_zero...
http://www.securityweek.com/adobe-warns-critical-zero-day-vulnerability-reader-and-acrobat-products
Multiple vulnerabilities in Adobe Flash Player
CVE-2011-2444
Cross-site scripting
The vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-input passed via a crafted URL. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in userтАЩs browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
Note: the vulnerability was being actively exploited in click-jacking campaigns.
Reported by Huzaifa S. Sidhpurwala.
That vulnerability shares some traits with an earlier Flash flaw that was used to target Gmail accounts in June.
Software: Adobe Flash Player
That vulnerability shares some traits with an earlier Flash flaw that was used to target Gmail accounts in June.
Links:
https://googlechromereleases.blogspot.com/2011/09/stable-channel-update_20.html
http://www.adobe.com/support/security/bulletins/apsb11-26.html
http://www.techcentral.ie/adobe-patches-critical-flash-bug/
http://energy.gov/cio/articles/t-723adobe-flash-player-multiple-bugs-let-remote-users-obtain-informa...
http://www.macworld.co.uk/news/mac-software/adobe-patches-flash-bug-hackers-are-already-exploiting-3...
http://www.infosecisland.com/blogview/16669-Adobe-Issues-Patch-for-Flash-Zero-Day-Vulnerability.html
http://www.simmtester.com/page/news/shownews.asp?num=14190
http://blogs.utpa.edu/infosecurity/2011/09/23/cross-site-scripting-xss-vulnerability-in-adobe-flash-...
http://blog.trendmicro.com/trendlabs-security-intelligence/adobe-releases-out-of-band-patch/
https://www.intego.com/mac-security-blog/zero-day-flash-vulnerability-prompts-rushed-update/
http://www.its.ms.gov/Services/SecurityAlerts/2011_9_21-Multiple-Vulnerabilities-in-Adobe-Flash-Play...
Remote code execution in Adobe Flash Player
CVE-2011-2110
Memory corruption
The vulnerability allows a remote attacker to execute arbitrary code on the target system.The weakness exists due to an array indexing error in the ActionScript3 AVM2 verification logic. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.
Note: the vulnerability was being actively exploited.
This is the same vulnerability that was used for attacks against Korean based organizations.
The vulnerability wasd exploited to compromise legitimate websites
(including an Indian government site, a US airport site, and an
aerospace site).
Software: Adobe Flash Player
The vulnerability wasd exploited to compromise legitimate websites (including an Indian government site, a US airport site, and an aerospace site).
Links:
http://www.adobe.com/support/security/bulletins/apsb11-18.html
https://www.symantec.com/security_response/attacksignatures/detail.jsp?asid=24336
https://www.zscaler.com/blogs/research/patching-flash-cve-2011-2110-post-mortem
http://zscaler-research.blogspot.com/2011/06/oh-flash-cve-2011-2110-0-day.html
https://www.rapid7.com/db/modules/exploit/windows/browser/adobe_flashplayer_arrayindexing
http://www.shadowserver.org/wiki/pmwiki.php/Calendar/20110617
https://blogs.technet.microsoft.com/mmpc/2011/07/01/a-technical-analysis-on-the-exploit-for-cve-2011...
http://www.infoworld.com/article/2621840/patch-management/adobe-patches-second-flash-zero-day-in-9-d...
Cross-site scripting in Adobe Flash Player
CVE-2011-2107
Cross-site scripting
The vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-input. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in userтАЩs browser in context of website hosting an .swf file.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
Note: the vulnerability was being actively exploited.The pay for an exploit might be around $5k-$10k at the moment.
Software: Adobe Flash Player
Links:
http://www.adobe.com/support/security/bulletins/apsb11-13.html
https://googlechromereleases.blogspot.com/2011/06/stable-channel-update.html
http://support.blackberry.com/kb/articleDetail?ArticleNumber=000027240
https://devcentral.f5.com/articles/flash-player-universal-xss-vulnerability-cve-2011-2107
https://www.symantec.com/security_response/attacksignatures/detail.jsp?asid=24302
http://support.blackberry.com/kb/articleDetail?ArticleNumber=000027240
http://www.macworld.co.uk/news/mac-software/adobe-flash-patched-after-zero-day-attacks-3284214/
https://devcentral.f5.com/Portals/0/Cache/Pdfs/2807/flash-player-universal-xss-vulnerability--cve-20...
http://news.softpedia.com/news/Adobe-Fixes-Actively-Exploited-Flash-Player-XSS-Flaw-204376.shtml
http://www.infoworld.com/article/2621874/hacking/hackers-exploit-flash-bug-in-new-attacks-against-gm...
http://www.eweek.com/c/a/Security/Adobe-Patches-XSS-ZeroDay-Flaw-in-Flash-Used-in-Google-Gmail-Attac...
https://www.cnet.com/au/news/adobe-issues-fix-for-flash-hole-being-used-in-attacks/
http://www.computerdealernews.com/news/adobe-flash-patched-after-zero-day-attacks/7323
Multiple vulnerabilities in Adobe Flash Player
CVE-2011-0627
Memory corruption
The vulnerability allows a remote attacker to execute arbitrary code on the target system.The weakness exists due to boundary error in the Flash Player authplay.dll component. A remote attacker can create a specially crafted Flash (.swf) file embedded in a Microsoft Word (.doc) or Microsoft Excel (.xls) file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.
Note: this vulnerability is being actively exploited.
There are reports of malware attempting to exploit this vulnerability via a Flash (.swf) file embedded in a Microsoft Word (.doc) or Microsoft Excel (.xls) file delivered as an email attachment targeting the Windows platform.
Software: Adobe Flash Player
Multiple vulnerabilities in Adobe Flash Player
CVE-2011-0618
Integer Overflow
The vulnerability allows a remote attacker to execute arbitrary code on the target system.The weakness exists due to integer overflow. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.
Note: the vulnerability was being actively exploited.
According to Symantec the first exploitation of the vulnerability was discovered on 2010-01-03.
Software: Adobe Flash Player
Known/fameous malware:
Bloodhound.Exploit.412
Links:
https://www.symantec.com/security_response/vulnerability.jsp?bid=47815
https://ae.norton.com/security_response/print_writeup.jsp?docid=2011-062402-3901-99
http://www.adobe.com/support/security/bulletins/apsb11-12.html
https://novasecure.neonova.net/threats/details.cgi?id=513314
http://freecode.com/articles/red-hat-an-updated-adobe-flash-player-package-fixes-multiple-security-i...
http://support.blackberry.com/kb/articleDetail?ArticleNumber=000027365
https://users.ece.cmu.edu/~tdumitra/public_documents/bilge12_zero_day.pdf
Remote code execution in Adobe Flash Player
CVE-2011-0611
Memory corruption
The vulnerability allows a remote attacker to execute arbitrary code on the target system.The weakness exists due to boundary error in authplay.dll component. A remote attacker can create a specially Flash (.swf) file embedded in a Microsoft Word (.doc) file, trick the victim into opening it, trigger memory corruption, and execute arbitrary code on the system with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.
Note: the vulnerability was being actively exploited.
The vulnerability has being used during 1 month before disclosure. The campaign started with spam emails enticing users to open its attachment, typically a Microsoft Word document (or a zip file of a Microsoft Word document), which contained inside the malicious Flash exploit.
Software: Adobe Flash Player
Known/fameous malware:
Microsoft - Exploit:SWF/CVE-2011-0611.C, NOD32 - JS/Exploit.Pdfka.OXL.Gen, Symantec - Trojan.Pidief, Ikarus - Exploit.JS.ShellCode.
Links:
https://www.fireeye.com/blog/threat-research/2013/02/operation-beebus.html
https://secunia.com/?action=fetch&filename=Secunia_Whitepaper_CVE-2011-0611.pdf
https://support.symantec.com/en_US/article.TECH157906.html
http://www.adobe.com/support/security/advisories/apsa11-02.html
http://www.adobe.com/support/security/bulletins/apsb11-07.html
http://www.adobe.com/support/security/bulletins/apsb11-08.html
https://blogs.technet.microsoft.com/mmpc/2011/04/12/analysis-of-the-cve-2011-0611-adobe-flash-player...
http://contagiodump.blogspot.com/2011/04/apr-8-cve-2011-0611-flash-player-zero.html
https://blog.qualys.com/securitylabs/2011/04/15/placeholder
http://www.kahusecurity.com/2011/flash-0day-found-in-drive-by/
http://www.securitytube.net/video/1747
http://poc-hack.blogspot.com/2011/04/adobe-flash-player-cve-2011-0611-swf.html
http://securityaffairs.co/wordpress/27224/cyber-crime/kaspersky-report-energetic-bear.html
Remote code execution Adobe Flash Player
CVE-2011-0609
Memory corruption
The vulnerability allows a remote attacker to execute arbitrary code on the target system.The weakness exists due to boundary error in authplay.dll component. A remote attacker can create a specially Flash (.swf) file embedded in a Microsoft Excel (.xls) file, trick the victim into opening it, trigger memory corruption, and execute arbitrary code on the system with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.
Note: the vulnerability was being actively exploited.
The vulnerability was used o target RSA. Two phishing emails with Microsoft Excel document with exploit were sent to two different groups of employees. The document with exploit code was named "2011 Recruitment plan.xls".
Software: Adobe Flash Player
Known/fameous malware:
Exploit:SWF/CVE-2011-0609
Kaspersky Lab products detected the variants as тАЬTrojan-ropper.MSExcel.SWFDropтАЭ.
Links:
http://www.adobe.com/support/security/advisories/apsa11-01.html
http://www.adobe.com/support/security/bulletins/apsb11-06.html
http://www.kb.cert.org/vuls/id/192052
http://bugix-security.blogspot.com/2011/03/cve-2011-0609-adobe-flash-player.html
http://blogs.adobe.com/security/2011/03/background-on-apsa11-01-patch-schedule.html
https://cxsecurity.com/issue/WLB-2011030180
https://vimeo.com/22160459
http://m.2cto.com/Article/201104/87463.html
https://www.cnet.com/forums/discussions/security-advisory-for-adobe-flash-player-reader-acrobat-5204...
http://remove-malware-removal.com/post/How-to-Remove-SWFExploit.CVE-2011-0609.A-Instantly_14_214388....
https://vulners.com/metasploit/MSF:EXPLOIT/WINDOWS/BROWSER/ADOBE_FLASHPLAYER_AVM
https://blogs.rsa.com/anatomy-of-an-attack/
Remote code execution in Adobe Flash Player
CVE-2010-3654
Memory corruption
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to boundary when processing .swf files in Adobe Flash Player. A remote attacker can create a specially crafted. swf file, trick the victim into opening it, cause memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Note: this vulnerability is being actively exploited via specially crafted .pdf files.
The vulnerability has been exploited during Sykipot campaigns and Luckycat attacks.
Software: Adobe Flash Player
Links:
http://www.adobe.com/support/security/advisories/apsa10-05.htm
http://www.adobe.com/support/security/bulletins/apsb10-28.html
http://www.adobe.com/support/security/bulletins/apsb10-26.html?sdid=XKMMHJ2P
http://contagiodump.blogspot.com/2010/10/potential-new-adobe-flash-player-zero.html
https://www.google.com.ua/url?sa=t&rct=j&q=&esrc=s&source=web&cd=19&cad=rja&...
https://blogs.technet.microsoft.com/mmpc/2010/11/16/explore-the-cve-2010-3654-matryoshka/
http://www.eweek.com/c/a/Security/Adobe-Flash-Vulnerability-Advisory-Appears-Alongside-Shockwave-Pat...
http://blog.shavlik.com/new-version-of-adobe-flash-available/
https://blogs.forcepoint.com/security-labs/adobe-flash-player-adobe-reader-and-acrobat-0-day-cve-201...
http://www.rationallyparanoid.com/articles/consistently-vulnerable-systems.html
http://www.pctools.com/security-news/adobe-flash-0day-vulnerability/
https://vulners.com/metasploit/MSF:EXPLOIT/WINDOWS/FILEFORMAT/ADOBE_FLASHPLAYER_BUTTON
Multiple vulnerabilities in Adobe Shockwave Player
CVE-2010-3653
Memory corruption
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing Adobe Director file with a specific value in an "rcsL" field causing an array-indexing error. A remote attacker can create a specially crafted Adobe Director file, trick the victim into opening it, cause memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in compromise of vulnerable system.
Note: this vulnerability is being actively exploited.
Software: Shockwave Player
Known/fameous malware:
Win32/Exploit.CVE-2010-3653.A
Links:
http://www.adobe.com/support/security/advisories/apsa10-04.html
http://www.adobe.com/support/security/bulletins/apsb10-25.html
https://www.publicsafety.gc.ca/cnt/rsrcs/cybr-ctr/2010/av10-047-eng.aspx
https://www.symantec.com/security_response/attacksignatures/detail.jsp?asid=24011
https://threatpost.com/attack-code-published-adobe-shockwave-zero-day-102110/74599/
Multiple vulnerabilities in Adobe Reader and Acrobat
CVE-2010-2884
Memory corruption
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to boundary error when processing malicious SWF files. A remote attacker can create a specially crafted .swf document, trick the victim into opening it, cause memory corruption and execute arbitrary code on vulnerable system.
Successful exploitation of the vulnerability results in compromise of vulnerable system.
Was used to compromise Amnesty Hong Kong website. The vulnerability in Adobe Flash Player was patched on September, 20 in Adobe Reader and Acrobat on October, 5. The vulnerability was disclosed by Mila Parkour.
Software: Adobe Flash Player
Known/fameous malware:
The exploit:swf/cve-2010-2884.c
Links:
http://www.adobe.com/support/security/advisories/apsa10-03.html
http://www.adobe.com/support/security/bulletins/apsb10-22.html
http://www.adobe.com/support/security/bulletins/apsb10-21.html
https://www.nartv.org/2010/11/12/nobel-peace-prize-amnesty-hk-and-malware/
https://blogs.forcepoint.com/security-labs/second-adobe-0-day-vulnerability-just-one-week-cve-2010-2...
https://security.googleblog.com/2010/09/stay-safe-while-browsing.html
http://www.beyondsecurity.com/scan_pentest_network_vulnerabilities_flash_player_unspecified_code_exe...
http://news.softpedia.com/news/Actively-Exploited-Flash-Player-Vulnerability-Patched-in-Chrome-15696...
http://news.softpedia.com/news/Flash-Zero-Day-Actively-Exploited-in-the-Wild-156238.shtml
Remote code execution in Adobe Reader
CVE-2010-2883
Stack-based buffer overflow
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to boundary error when handling specially crafted fonts within PDF document. A remote attacker can create a specially crafted PDF document, trick the victim into opening it, cause stack-based buffer overflow and execute arbitrary code on vulnerable system.
Successful exploitation of the vulnerability results in compromise of vulnerable system.
Note: this vulnerability is being actively exploited.
According to Symantec the first exploitation of the vulnerability was detected on 2008-12-14.
Software: Adobe Reader
Known/fameous malware:
Exploit:Win32/CVE-2010-2883.A
Trojan horse Exploit_c.JLU (AVG)
Exploit.PDF.1533 (Dr.Web)
Exploit.PDF-JS.Gen(Sunbelt Software)
Bloodhound.Exploit.357 (Symantec).
Links:
http://www.adobe.com/support/security/bulletins/apsb10-21.html
http://www.adobe.com/support/security/advisories/apsa10-02.html
https://blogs.forcepoint.com/security-labs/adobe-reader-0-day-vulnerability-cve-2010-2883
/Adobe+SING+table+parsing+exploit+CVE20102883+in+the+wild/9541/
https://www.symantec.com/security_response/attacksignatures/detail.jsp?asid=23889
https://pentestn00b.wordpress.com/2010/09/15/new-adobe-0day-cve-2010-2883/
http://developers-club.com/posts/104137/
https://nakedsecurity.sophos.com/2010/09/08/adobe-advises-reader-acrobat-vulnerability/
https://forum.kaspersky.com/index.php?showtopic=184980
https://quequero.org/2014/09/pdf-analysis-of-nuclear-pack-ek-and-cve-2010-0188-cve-2013-2883/
https://users.ece.cmu.edu/~tdumitra/public_documents/bilge12_zero_day.pdf
Two vulnerabilities in Adobe Reader and Acrobat
CVE-2010-2862
Integer overflow
The vulnerability allows a remote attacker to execute arbitrary code on the target system.The vulnerability exists due to integer overflow in CoolType.dll when processing TrueType fonts with a large maxCompositePoints value in a Maximum Profile (maxp) table within PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it and execute arbitrary code on the target system with privileges of the current user.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Note: this vulnerability is being actively exploited in the wild.
The vulnerability was presented by the researcher Charlie Miller at the Black Hat USA 2010 security conference on July, 25 in Las Vegas.
Adobe credits Google security engineer Tavis Ormandy with its discovery. Apparently this is one of the relatively rare cases where two security researchers discover the same vulnerability independently of each other. In this case Mr. Ormandy reported it to Adobe first and in private.
According to Symantec the first exploitation of the vulnerability was discovered on 2009-03-05.
Software: Adobe Reader
Known/fameous malware:
Exploit: Boodhound.Exploit.353
Adobe credits Google security engineer Tavis Ormandy with its discovery. Apparently this is one of the relatively rare cases where two security researchers discover the same vulnerability independently of each other. In this case Mr. Ormandy reported it to Adobe first and in private.
According to Symantec the first exploitation of the vulnerability was discovered on 2009-03-05.
Links:
http://www.adobe.com/support/security/bulletins/apsb10-17.html
https://threatpost.com/demo-cve-2010-2862-adobe-reader-flaw-exploit-090210/74418/
http://www.zdnet.com/article/adobe-confirms-pdf-security-hole-in-reader/
https://www.suse.com/fr-fr/security/cve/CVE-2010-2862
https://www.cnet.com/forums/discussions/out-of-band-security-updates-for-adobe-reader-and-acrobat-40...
http://news.softpedia.com/news/Out-of-Band-Critical-Security-Updates-for-Reader-and-Acrobat-Released...
http://www.itprofessionalservices.net/ARPatch1017.shtml
http://securitygarden.blogspot.com/2010/08/adobe-reader-and-acrobat-critical.html
ttp://www.zdnet.com/article/adobe-readies-emergency-fix-for-critical-pdf-reader-security-hole/
https://www.youtube.com/watch?v=4OL8Kwz5b6Y
http://blog.shavlik.com/new-adobe-security-advisory-released/
https://www.publicsafety.gc.ca/cnt/rsrcs/cybr-ctr/2010/av10-033-eng.aspx
http://beqiraj.de/post/Adobe-Reader-and-Acrobat-8-2-4-update-available
http://www.planetpdf.com/enterprise/article.asp?ContentID=Adobe_releases_patch_for_Reader_and_Acroba...
http://www.bleepingcomputer.com/forums/t/340741/adobe-reader-out-of-band-security-updates-on-august-...
http://www.itproportal.com/2010/08/06/adobe-prepares-patch-zero-day-pdf-flaw/
http://www.theregister.co.uk/2010/08/05/emergency_adobe_reader_patch/
http://www.pcworld.com/article/203692/patch_critical_security_flaws_in_adobe_reader_and_acrobat.html
https://community.landesk.com/docs/DOC-14222
http://windowssecrets.com/forums/showthread.php/131549-Patch-Watch-update-Critical-Adobe-Reader-patc...
http://www.divinge.com/news/Adobe-readies-emergency-fix-for-critical-PDF-Reader-security-hole/
https://fe-ddis.dk/cfcs/CFCSDocuments/Zeroday.pdf
https://users.ece.cmu.edu/~tdumitra/public_documents/bilge12_zero_day.pdf
Multiple vulnerabilities in Adobe Flash Player
CVE-2010-1297
Heap-based buffer overflow
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing .swf files. A remote attacker can create a specially crafted .swf file, trick the victim into opening it, cause heap-based buffer overflow and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in compromise of vulnerable system.
Note: this vulnerability is being actively exploited.
The vulnerability is called "endless zero-day".
The vulnerability was exploited in Taidoor campaign primarily targeting government organizations located in Taiwan.
Software: Adobe Flash Player
Known/fameous malware:
Trojan.Pidief.J
The vulnerability was exploited in Taidoor campaign primarily targeting government organizations located in Taiwan.
Links:
http://www.adobe.com/support/security/advisories/apsa10-01.html
http://www.adobe.com/support/security/bulletins/apsb10-15.html
https://www.symantec.com/connect/blogs/analysis-zero-day-exploit-adobe-flash-and-reader
https://www.symantec.com/connect/blogs/zero-day-attack-wild-adobe-flash-reader-and-acrobat
https://success.trendmicro.com/solution/1055909
https://nakedsecurity.sophos.com/2010/06/08/mitigations-flash-vulnerability-cve20101297/
https://access.redhat.com/security/cve/cve-2010-1297
http://stopmalvertising.com/malware-reports/analysis-of-budget.pdf-exploit.swf.cve-2010-1297.a.html
http://seclists.org/metasploit/2010/q2/416
https://blogs.forcepoint.com/security-labs/adobe-0-day-vulnerability-flash-adobe-reader-and-acrobat-...
https://www.greyhathacker.net/?p=201
http://www.topitvideos.com/adobe-cve-2010-1297-pdf-exploit-demonstation/
http://developers-club.com/posts/96879/
https://blogs.forcepoint.com/security-labs/month-threat-webscape-june-2010
http://calhoun.nps.edu/bitstream/handle/10945/5016/10Dec_Post.pdf?sequence=1
http://www.pandasecurity.com/mediacenter/security/cloud-av-free-blocks-adobe-0-day/
Multiple vulnerabilities in Adobe Reader and Acrobat
CVE-2010-1241
Heap-based buffer overflow
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to boundary error in the custom heap management system in Adobe Reader and Acrobat. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Note: this vulnerability is being actively exploited in the wild.
According to Symantec the first exploitation of the vulnerability was discovered on 2008-11-29.
Software: Adobe Reader
Known/fameous malware:
Bloodhound.Exploit.293
Multiple vulnerabilities in Adobe Reader and Adobe Acrobat
CVE-2009-3953
Improper validation of array index
The vulnerability allows a remote attacker to execute arbitrary code on the target system.The weakness exists due to array indexing error in U3D support. A remote attacker can create a specially crafted .pdf file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.
Note: this vulnerability is being actively exploited.
The vulnerability was used in spear-phishing attacks in December, 2009.
Software: Adobe Reader
Remote code execution in Adobe Acrobat and Adobe Reader
CVE-2009-4324
Use-after-free error
The vulnerability allows a remote attacker to execute arbitrary code on the target system.The weakness exists due to use-after-free error in the Doc.media.newPlayer method in Multimedia.api. A remote attacker can create a specially crafted .pdf file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.
Note: the vulnerability was being actively exploited.
Software: Adobe Reader
Known/fameous malware:
Trojan.Pidief.H
Links:
http://www.adobe.com/support/security/advisories/apsa09-07.html
http://www.adobe.com/support/security/bulletins/apsb10-02.html
https://www.symantec.com/connect/blogs/zero-day-xmas-present
https://www.symantec.com/security_response/writeup.jsp?docid=2009-121511-4614-99
http://www.shadowserver.org/wiki/pmwiki.php/Calendar/20091214
http://contagiodump.blogspot.com/2009/12/virustotal-httpwww.html
http://blogs.adobe.com/psirt/?p=74
https://isc.sans.edu/diary/Sophisticated%2C+targeted+malicious+PDF+documents+exploiting+CVE-2009-432...
http://www.welivesecurity.com/2010/01/04/adobe-javascript-and-the-cve-2009-4324-exploit/http://temer...
http://www.bitdefender.com/news/critical-zero-day-exploits-hit-internet-explorer-and-adobe-reader-12...
https://www.decalage.info/exefilter_pdf_exploits
https://fe-ddis.dk/cfcs/CFCSDocuments/Zeroday.pdf
https://users.ece.cmu.edu/~tdumitra/public_documents/bilge12_zero_day.pdf
http://blog.trendmicro.com/trendlabs-security-intelligence/new-adobe-zero-day-vulnerability-again/
Remote code execution in Adobe Acrobat and Adobe Reader
CVE-2009-3459
Heap-based buffer overflow
The vulnerability allows a remote attacker to execute arbitrary code on the target system.The weakness exists due to heap-based buffer overflow when processing a malformed PDF file. A remote attacker can create a specially crafted .pdf file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.
Software: Adobe Reader
Known/fameous malware:
PDF/Exploit.CVE-2009-3459.A
Links:
http://www.adobe.com/support/security/bulletins/apsb09-15.html
https://isc.sans.edu/diary/New+Adobe+Vulnerability+Exploited+in+Targeted+Attacks/7300
http://www.enigmasoftware.com/adobe-reader-vulnerability-cve-2009-3459-allows-hackers-insert-backdoo...
https://vulners.com/metasploit/MSF:EXPLOIT/WINDOWS/BROWSER/ADOBE_FLATEDECODE_PREDICTOR02
http://temerc.com/forums/viewtopic.php?t=7821
http://www.rationallyparanoid.com/articles/emet-testing.html
https://media.blackhat.com/bh-eu-10/presentations/Li_Lovet/BlackHat-EU-2010-Li-Lovet-Adobe-Heap-slid...
https://blog.didierstevens.com/2009/10/13/update-pdfid-version-0-0-9-to-detect-another-adobe-0day/
http://blog.trendmicro.com/trendlabs-security-intelligence/new-adobe-zero-day-exploit/
https://blog.fortinet.com/2009/10/19/on-the-recent-pdf-exploit
Remote code execution in Adobe Flash Player
CVE-2009-1862
Memory corruption
The vulnerability allows a remote attacker to execute arbitrary code on the target system.The weakness exists due to boundary error when parsing malformed files. A remote attacker can create a specially .pdf file or .swf file, related to authplay.dll, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.
Note: the vulnerability was being actively exploited.
Software: Adobe Flash Player
Known/fameous malware:
Trojan.Pidief.G
Troj/SWFExp-M
Troj/SWFExp-N
Links:
http://www.adobe.com/support/security/advisories/apsa09-03.html
http://www.adobe.com/support/security/bulletins/apsb09-10.html
https://www.symantec.com/security_response/writeup.jsp?docid=2009-072209-2512-99
https://www.symantec.com/connect/blogs/next-generation-flash-vulnerability
https://www.cnet.com/news/adobe-investigating-zero-day-bug-in-flash/
https://isc.sans.edu/diary/YA0D+%28Yet+Another+0-Day%29+in+Adobe+Flash+player/6847
http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html
http://www.nobunkum.ru/analytics/en-flash
http://idp.cyberoam.com/signatures/2090727071.html
Multiple vulnerabilities in Adobe Reader and Adobe Acrobat
CVE-2009-0927
Stack-based buffer overflow
The vulnerability allows a remote attacker to execute arbitrary code on the target system.The weakness exists due to stack-based buffer overflow in the getIcon() function. A remote attacker can create a specially crafted .pdf file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.
Note: the vulnerability was being actively exploited.
The vulnerability was fixed at first in Adobe Reader 8.x branch, leaving vulnerable Adobe Reader 9.x. It is unclear, if this vulnerability was exploited before Adobe issued patch for Adobe Reader 8.x.
According to Symantec, they have spotted active exploitation of this vulnerability on April 6, 2009.
According to Trustwave report, this vulnerability was exploited in targeted attacks as a zero-day exploit targeting the aviation defense Industry. Given the confusion regarding exploitation we have considered to treat this vulnerability as a zero-day.
Software: Adobe Reader
Known/fameous malware:
TROJ_PIDIEF.OE
The vulnerability was fixed at first in Adobe Reader 8.x branch, leaving vulnerable Adobe Reader 9.x. It is unclear, if this vulnerability was exploited before Adobe issued patch for Adobe Reader 8.x.
According to Symantec, they have spotted active exploitation of this vulnerability on April 6, 2009.
According to Trustwave report, this vulnerability was exploited in targeted attacks as a zero-day exploit targeting the aviation defense Industry. Given the confusion regarding exploitation we have considered to treat this vulnerability as a zero-day.
Links:
http://www.adobe.com/support/security/bulletins/apsb09-04.html
http://blog.trendmicro.com/trendlabs-security-intelligence/adobe-acrobatreader-geticon-vuln-exploit-...
https://www.trustwave.com/Resources/Library/Documents/2013-Trustwave-Global-Security-Report/?dl=1
http://www.ehackingnews.com/2012/09/pdf-exploits-targets-defense-industry.html
Remote code execution in Adobe Acrobat and Adobe Reader
CVE-2009-0658
Buffer overflow
The vulnerability allows a remote attacker to execute arbitrary code on the target system.The weakness exists due to buffer overflow when parsing a malformed JBIG2 image stream. A remote attacker can create a specially crafted .pdf file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.
Note: the vulnerability was being actively exploited.
According to Symantec the first exploitation of the vulnerability was discovered on 2008-09-02.
Software: Adobe Reader
Known/fameous malware:
Trojan.Pidief.E
Links:
http://www.adobe.com/support/security/advisories/apsa09-01.html
http://www.adobe.com/support/security/bulletins/apsb09-04.html
https://www.symantec.com/security_response/writeup.jsp?docid=2009-021212-5523-99&tabid=2
http://www.kb.cert.org/vuls/id/905281https://isc.sans.edu/diary/AdobeAcrobat+0-day+in+the+wild%3F/59...
http://blog.talosintel.com/2009/02/homebrew-patch-for-adobe-acroreader-9.html
https://www.secureworks.com/blog/research-20947
http://blog.securityactive.co.uk/2009/02/23/adobe-reader-and-acrobat-buffer-overflow-cve-2009-0658/
https://users.ece.cmu.edu/~tdumitra/public_documents/bilge12_zero_day.pdf
Code injection in Adobe Flash Player
CVE-2008-3873
Code injection
The vulnerability allows a remote attacker to hijack the clipboard on the target system.The weakness exists due to error in the setClipboard() function. By persuading a victim view a specially crafted shockwave file, an attacker could exploit this vulnerability to insert persistent data into the clipboard.
Successful exploitation of the vulnerability results in modification of data on the vulnerable system.
Note: the vulnerability was being actively exploited.
Software: Adobe Flash Player
Multiple vulnerabilities in Adobe Reader and Adobe Acrobat
CVE-2007-5659
Stack-based buffer overflow
The vulnerability allows a remote attacker to execute arbitrary code on the target system.The weakness exists due to a boundary error within Javascript method. A remote attacker can create a specially .pdf file, trick the victim into opening it, trigger stack-based buffer overflow and execute arbitrary code on the target system with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.
Note: the vulnerability was being actively exploited.
The vendor was notified of this vulnerability on 10/10/2007, however the patched was issued only 7 month later.
Software: Adobe Reader
Known/fameous malware:
Exploit kits: Impact, Incognito, Phoenix, Siberia, Styx.
Links:
https://www.adobe.com/support/security/bulletins/apsb08-13.html
http://www.adobe.com/support/security/advisories/apsa08-01.html
https://www.symantec.com/security_response/writeup.jsp?docid=2009-121708-1022-99
https://zeltser.com/pdf-stream-dumper-malicious-file-analysis/
http://infosec-summit.issa-balt.org/assets/Presentations/Jeremy_Conway_-_A_Look_Inside_the_PDF_Attac...