Zero-day Vulnerability Database

Change view

Zero-day vulnerabilities discovered: 3

Remote code execution in Adobe Flash Player
CVE-2012-1535

Memory corruption

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error when parsing malicious files. A remote attacker can create a specially crafted Flash (.swf) file embedded in a Microsoft Word (.doc) file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.

Note: the vulnerability was being actively exploited.
i

The vulnerability was reported by Alexander Gavrun. The exploit was used by Aurora Group.

Software: Adobe Flash Player

Known/fameous malware:

Exploit:SWF/CVE-2012-1535.A.

The vulnerability was reported by Alexander Gavrun. The exploit was used by Aurora Group.

Links:

https://lists.opensuse.org/opensuse-security-announce/2012-08/msg00010.html
http://www.adobe.com/support/security/bulletins/apsb12-18.html
https://blogs.technet.microsoft.com/mmpc/2012/08/28/a-technical-analysis-on-cve-2012-1535-adobe-flas...
https://www.symantec.com/connect/blogs/cve-2012-1535-adobe-flash-player-vulnerability-exploited-mult...
https://www.symantec.com/security_response/attacksignatures/detail.jsp?asid=25878
https://www.f-secure.com/en/web/labs_global/cve-2012-1535
http://contagiodump.blogspot.co.uk/2012/08/cve-2012-1535-samples-and-info.html
https://securingtomorrow.mcafee.com/mcafee-labs/adobe-flash-update-counters-cve-2012-1535/
http://blog.talosintel.com/2012/08/cve-2012-1535-flash-0-day-in-wild.html
http://www.digital4rensics.com/blog/2012/08/brief-osint-review-for-cve-2012-1535-attacks/
https://www.alienvault.com/blogs/labs-research/cve-2012-1535-adobe-flash-being-exploited-in-the-wild
http://www.ehackingnews.com/2012/08/cve-2012-1535-adobe-flash-player-exploit.html
http://thehackernews.com/2012/09/operation-aurora-other-zero-day-attacks.html

Full report >

Remote code execution in Adobe Flash Player
CVE-2012-0779

Type Confusion

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to object type confusion error when processing .swf files. A remote attacker can create a specially crafted .swf file, trick the victim into opening it and execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.

Note: the vulnerability was being actively exploited.
i

This vulnerability has been exploited in the wild as part of the "World Uyghur Congress Invitation.doc" e-mail attack.

Software: Adobe Flash Player

Known/fameous malware:

TROJ_SCRIPBRID.A; backdoor BKDR_INJECT.EVL.

This vulnerability has been exploited in the wild as part of the "World Uyghur Congress Invitation.doc" e-mail attack.

Links:

https://www.adobe.com/support/security/bulletins/apsb12-09.html
http://contagiodump.blogspot.com/2012/05/may-3-cve-2012-0779-world-uyghur.html
https://www.symantec.com/connect/blogs/targeted-attacks-using-confusion-cve-2012-0779
http://blog.trendmicro.com/trendlabs-security-intelligence/recent-threats-highlight-vulnerabilities-...
https://krebsonsecurity.com/2012/05/critical-flash-update-fixes-zero-day-flaw/
https://www.alienvault.com/blogs/labs-research/several-targeted-attacks-exploiting-adobe-flash-playe...
https://blogs.technet.microsoft.com/mmpc/2012/05/24/a-technical-analysis-of-adobe-flash-player-cve-2...
http://blog.shadowserver.org/2012/05/15/cyber-espionage-strategic-web-compromises-trusted-websites-s...
https://www.reddit.com/r/netsec/comments/ta12k/several_targeted_attacks_exploiting_adobe_flash/
http://thehackernews.com/2012/09/operation-aurora-other-zero-day-attacks.html
http://www.securityweek.com/adobe-patches-zero-day-vulnerability-used-targeted-attacks
https://www.symantec.com/security_response/attacksignatures/detail.jsp?asid=25718


Full report >

Multiple vulnerabilities in Adobe Flash Player
CVE-2012-0767

Cross-site scripting

The vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-input.A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in userтАЩs browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Note: the vulnerability was being actively exploited.
i

The vulnerability was used to target Webmail accounts.

Software: Adobe Flash Player

The vulnerability was used to target Webmail accounts.

Links:

https://lists.opensuse.org/opensuse-security-announce/2012-02/msg00014.html
http://www.adobe.com/support/security/bulletins/apsb12-03.html
https://blog.fortinet.com/2012/02/17/fortinet-researchers-detect-eight-critical-adobe-flaws
https://www.cnet.com/forums/discussions/security-update-available-for-adobe-flash-player-apsb12-03-5...
http://www.zdnet.com/article/adobe-flash-player-xss-flaw-under-active-attack/
http://www.darkreading.com/attacks-breaches/flash-zero-day-used-in-targeted-email-attacks/d/d-id/113...
http://cert.europa.eu/static/SecurityAdvisories/CERT-EU-SA2012-0019.txt

Full report >

About zero-day vulnerabilities

Zero-day vulnerability is an undisclosed vulnerability in software that hackers can exploit to compromise computer programs, gain unauthorized access to sensitive data, penetrate networks, etc. We consider vulnerability a zero-day when there is no solution provided from software vendor and the vulnerability is being actively exploited by malicious actors.

Zero-day candidate is a potential zero-day vulnerability in software which might have been used in targeted attacks, however there is no evidence to support this suggestion.