Zero-day Vulnerability Database
Zero-day vulnerabilities discovered: 10
Multiple vulnerabilities in Adobe Flash Player
CVE-2015-8651
Integer overflow
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to integer overflow. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation results in arbitrary code execution on the vulnerable system.
Note: the vulnerability was being actively exploited.
Software: Adobe Flash Player
Known/fameous malware:
Exploit kits: Angler, Neutrino, Nuclear Pack and RIG
Links:
https://helpx.adobe.com/security/products/flash-player/apsb16-01.html
https://blogs.forcepoint.com/security-labs/popular-site-leads-angler-ek-cve-2015-8651-flash-player-e...
https://www.symantec.com/security_response/writeup.jsp?docid=2015-122818-3536-99&tabid=2
https://blogs.forcepoint.com/security-labs/popular-site-leads-angler-ek-cve-2015-8651-flash-player-e...
https://krebsonsecurity.com/tag/cve-2015-8651/
https://blogs.technet.microsoft.com/mmpc/2016/06/20/reverse-engineering-dubniums-flash-targeting-exp...
https://krebsonsecurity.com/tag/cve-2015-8651/
https://www.scmagazine.com/adobe-issues-critical-flash-player-patch/article/533434/
http://vulnerablespace.blogspot.com/2016/06/malware-analysing-and-repurposing-rigs.html
https://blog.qualys.com/laws-of-vulnerabilities/2015/12/28/last-adobe-0-day-patched-for-the-year
https://www.reddit.com/r/ReverseEngineering/comments/43a1i5/an_analysis_on_the_principle_of_cve20158...
http://www.securityweek.com/adobe-issues-emergency-patch-flash-zero-day-under-attack
http://securityaffairs.co/wordpress/43131/cyber-crime/adobe-flash-zero-day.html
http://securityaffairs.co/wordpress/54120/reports/exploit-kits-top-flaws.html
https://blog.malwarebytes.com/threat-analysis/exploits-threat-analysis/2016/07/a-look-into-some-rig-...
http://www.darkreading.com/vulnerabilities---threats/here-are-4-vulnerabilities-ransomware-attacks-a...
https://www.recordedfuture.com/recent-ransomware-vulnerabilities/
http://resources.infosecinstitute.com/most-exploited-vulnerabilities-by-whom-when-and-how/#gref
http://neurogadget.net/2016/12/08/adobe-flash-player-bugs-issues-exploits-computers/48666
http://thehackernews.com/2015/12/adobe-flash-security-update.html
http://www.theregister.co.uk/2015/12/28/adobe_flash_security_update/
https://www.solutionary.com/resource-center/blog/2015/12/adobe-flash-player-vulnerability/
http://wccftech.com/flash-player-receives-emergency-security-patch/
http://news.softpedia.com/news/adobe-fixes-flash-zero-day-bug-discovered-by-huawei-498184.shtml
Remote code execution in Adobe Flash Player
CVE-2015-7645
Type confusion
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to type confusion error. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation results in arbitrary code execution on the vulnerable system.
Note: the vulnerability was being actively exploited.
Was used in Pawn Storm Campaign Targeting Foreign Affairs Ministries. Exploited by the Fancy Bear APT.
The vulnerability was reported by Peter Pi of Trend Micro.
Software: Adobe Flash Player
Known/fameous malware:
Exploit Kits: Angler, Hunter, Magnitude, Neutrino, Nuclear Pack, RIG, Spartan.
The vulnerability was reported by Peter Pi of Trend Micro.
Links:
https://helpx.adobe.com/security/products/flash-player/apsa15-05.html
https://helpx.adobe.com/security/products/flash-player/apsb15-27.html
http://blog.trendmicro.com/trendlabs-security-intelligence/new-adobe-flash-zero-day-used-in-pawn-sto...
http://resources.infosecinstitute.com/the-shadow-of-the-russian-cyber-army-behind-the-2016-president...
https://www.symantec.com/security_response/attacksignatures/detail.jsp?asid=28924
https://www.symantec.com/security_response/writeup.jsp?docid=2015-101903-5534-99
https://www.mysonicwall.com/sonicalert/searchresults.aspx?ev=article&id=869
http://www.theregister.co.uk/2016/12/08/need_xmas_ideas_try_cve20157645_a_flash_gift_that_keeps_on_g...
http://www.securityweek.com/adobe-patches-flash-zero-day-exploited-pawn-storm
http://vulnerablespace.blogspot.com/2016/04/malware-analysing-and-repurposing.html
https://blog.malwarebytes.com/threat-analysis/2015/10/new-flash-player-zero-day-in-the-wild/
https://arstechnica.com/security/2015/10/new-zero-day-exploit-hits-fully-patched-adobe-flash/
http://securityaffairs.co/wordpress/41123/cyber-crime/flash-zero-day-exploit.html
http://www.infoworld.com/article/3046531/security/ransomware-targets-flash-and-silverlight-vulnerabi...
https://www.tripwire.com/state-of-security/latest-security-news/flash-player-zero-day-patched-by-ado...
http://www.welivesecurity.com/2015/10/15/adobe-flash-zero-day/
https://threatpost.com/emergency-adobe-flash-zero-day-patch-arrives-ahead-of-schedule/115073/
http://thehackernews.com/2015/10/flash-patch-update.html
https://www.scmagazine.com/adobe-addresses-latest-flash-player-zero-day-vulnerability/article/533522...
Two remote code execution vulnerabilities in Adobe Flash Player
CVE-2015-5123
тАЬUse-after-freeтАЭ error
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to use-after-free error in the ActionScript 3 BitmapData class. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation results in arbitrary code execution on the vulnerable system.
Note: the vulnerability was being actively exploited.
The exploit code was revealed after Hacking Team data leak.
Software: Adobe Flash Player
Known/fameous malware:
SWF_EKSPLOYT.EDF. (TrendMicro).
Links:
https://helpx.adobe.com/security/products/flash-player/apsa15-04.html
https://www.symantec.com/connect/blogs/third-adobe-flash-zero-day-exploit-cve-2015-5123-leaked-hacki...
http://blog.trendmicro.com/trendlabs-security-intelligence/new-zero-day-vulnerability-cve-2015-5123-...
https://helpx.adobe.com/security/products/flash-player/apsb15-18.html
http://blog.trendmicro.com/trendlabs-security-intelligence/new-zero-day-vulnerability-cve-2015-5123-...
http://securityaffairs.co/wordpress/38574/cyber-crime/hacking-team-cve-2015-5123.html
https://www.tripwire.com/state-of-security/vulnerability-management/another-zero-day-flash-exploit-r...
https://www.scmagazine.com/researchers-report-flash-player-zero-day-bugs-after-hacking-team-leaks/ar...
http://www.securityweek.com/two-new-flash-player-zero-day-bugs-found-hacking-team-leak
https://threatpost.com/flash-player-update-patches-two-hacking-team-zero-days/113776/ https://www.zscaler.com/blogs/research/hacking-team-leak-flash-0day-exploit-payloads-and-more
http://www.zdnet.com/article/adobe-promises-patch-for-latest-wave-of-critical-hacking-team-zero-day-...
http://securityaffairs.co/wordpress/38518/cyber-crime/hacking-team-new-0zero.html
Two remote code execution vulnerabilities in Adobe Flash Player
CVE-2015-5122
тАЬUse-after-freeтАЭ error
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to use-after-free error in the ActionScript 3 opaqueBackground class. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation results in arbitrary code execution on the vulnerable system.
Note: the vulnerability was being actively exploited.
The exploit code was revealed after Hacking Team data leak. The exploit was used against Japanese organizations.
The vulnerability was reported by Dhanesh Kizhakkinan of FireEye as well as Peter Pi of TrendMicro.
Software: Adobe Flash Player
Known/fameous malware:
Exploit kits: Angler EK - 2015-07-11 Neutrino - 2015-07-13 Nuclear Pack - 2015-07-14 RIG - 2015-07-14 Magnitude - 2015-07-15 NullHole - 2015-07-22 Spartan - 2015-09-11
The vulnerability was reported by Dhanesh Kizhakkinan of FireEye as well as Peter Pi of TrendMicro.
Links:
https://helpx.adobe.com/security/products/flash-player/apsa15-04.html
https://helpx.adobe.com/security/products/flash-player/apsb15-18.html
https://www.symantec.com/security_response/attacksignatures/detail.jsp?asid=28060
http://blog.trendmicro.com/trendlabs-security-intelligence/another-zero-day-vulnerability-arises-fro...
https://krebsonsecurity.com/2015/07/adobe-to-fix-another-hacking-team-zero-day/
https://packetstormsecurity.com/files/132663/Adobe-Flash-opaqueBackground-Use-After-Free.html
http://www.hackingtutorials.org/metasploit-tutorials/metasploit-cve-2015-5122-flash-exploit-tutorial...
http://securityaffairs.co/wordpress/38531/cyber-crime/hacking-team-2-flash-0day.html
http://www.theregister.co.uk/2015/07/12/adobe_flash_zero_day_cve_2015_5122/
http://researchcenter.paloaltonetworks.com/2015/07/watering-hole-attack-on-aerospace-firm-exploits-c...
https://arstechnica.com/security/2015/07/two-new-flash-exploits-surface-from-hacking-team-combine-wi...
https://www.tripwire.com/state-of-security/vulnerability-management/another-zero-day-flash-exploit-r...
https://www.scmagazine.com/researchers-report-flash-player-zero-day-bugs-after-hacking-team-leaks/ar...
http://www.zdnet.com/article/adobe-promises-patch-for-latest-wave-of-critical-hacking-team-zero-day-...
Remote code execution in Adobe Flash Player
CVE-2015-5119
Use-after-free error
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to use-after-free error when processing .swf files. A remote attacker can create a specially crafted Web-site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.
Note: the vulnerability was being actively exploited.
The exploit code was revealed after Hacking Team data leak. Was also used in phishing campaigns conducted by two Chinese advanced persistent threat (APT) groups: APT3 and APT18.
The vulnerability was reported by Google Project Zero and Morgan Marquis-Boire.
Software: Adobe Flash Player
The vulnerability was reported by Google Project Zero and Morgan Marquis-Boire.
Links:
https://helpx.adobe.com/security/products/flash-player/apsb15-16.html
https://helpx.adobe.com/security/products/flash-player/apsa15-03.html
http://securityaffairs.co/wordpress/38707/cyber-crime/phishing-cve-2015-5119.html
https://www.zscaler.com/blogs/research/adobe-flash-vulnerability-cve-2015-5119-analysis
https://www.fireeye.com/blog/threat-research/2015/07/demonstrating_hustle.html
http://www.bankinfosecurity.com/zero-day-exploit-alert-flash-java-a-8396
https://www.zscaler.com/blogs/research/adobe-flash-vulnerability-cve-2015-5119-analysis
https://www.trustwave.com/Resources/SpiderLabs-Blog/A-Flash-Exploit-(CVE-2015-5119)-From-the-Hacking...
http://null-byte.wonderhowto.com/how-to/hack-like-pro-use-hacking-teams-adobe-flash-exploit-0163051/
http://blog.trendmicro.com/trendlabs-security-intelligence/hacking-team-flash-zero-day-integrated-in...
https://krebsonsecurity.com/2015/07/adobe-to-patch-hacking-teams-flash-zero-day/#more-31458
https://blog.malwarebytes.com/threat-analysis/2015/07/hacking-team-leak-exposes-new-flash-zero-day/
https://www.scmagazine.com/adobe-fixes-flash-player-zero-day-bug-identified-in-hacking-team-leak/art...
Remote code execution in Adobe Flash Player
CVE-2015-3113
Heap-based buffer overflow
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to heap-based buffer overflow when processing .swf files. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation results in arbitrary code execution on the vulnerable system.
Note: the vulnerability was being actively exploited.
Exploited by a China-based cyberespionage group. Operation Clandestine Wolf тАУ Adobe Flash Zero-Day in APT3 Phishing Campaign.
Software: Adobe Flash Player
Known/fameous malware:
Magnitude exploit kit.
Links:
https://helpx.adobe.com/security/products/flash-player/apsb15-14.html
https://hitmanpro.wordpress.com/2015/07/02/how-apt3-evaded-anti-exploits-with-cve-2015-3113/
https://nakedsecurity.sophos.com/2015/06/29/latest-flash-hole-already-exploited-ransomware/
http://securityaffairs.co/wordpress/38044/cyber-crime/adobe-fixed-cve-2015-3113.html
http://www.securityweek.com/adobe-flash-player-zero-day-exploited-attack-campaign
http://blog.trendmicro.com/trendlabs-security-intelligence/new-adobe-zero-day-shares-same-root-cause...
http://www.computerweekly.com/news/4500248673/Adobe-patches-Flash-Player-vulnerability-CVE-2015-3113
http://researchcenter.paloaltonetworks.com/2015/07/ups-observations-on-cve-2015-3113-prior-zero-days...
https://arstechnica.com/security/2015/06/patch-early-patch-often-adobe-pushes-emergency-fix-for-acti...
http://www.pcworld.com/article/2939552/adobe-patches-zeroday-flash-player-flaw-used-in-targeted-atta...
http://www.techtimes.com/articles/63254/20150624/adobe-releases-patch-to-plug-flash-players-zero-day...
https://www.recordedfuture.com/use-cases/vulnerability-identification/
http://www.theregister.co.uk/2015/06/29/ransomware_exploit_kit_slinger_exploits_flash_remote_code_ex...
http://www.computerworlduk.com/security/cybercriminals-pounce-on-serious-flash-zero-day-flaw-3618019..
Multiple vulnerabilities in Adobe Flash Player
CVE-2015-3043
Memory corruption
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to boundary error. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation results in arbitrary code execution on the vulnerable system.
Note: the vulnerability was being actively exploited.
Attackers exploited the vulnerabilities together to attack a government entity to and steal politically sensitive data that is a known target of the Russian group (APT campaign).
Software: Adobe Flash Player
Links:
https://helpx.adobe.com/security/products/flash-player/apsb15-06.html http://resources.infosecinstitute.com/the-shadow-of-the-russian-cyber-army-behind-the-2016-president...
https://krebsonsecurity.com/2015/04/critical-updates-for-windows-flash-java/#more-30672
http://www.securityweek.com/russia-linked-hackers-used-two-zero-days-recent-targeted-attack-fireeye
http://www.zdnet.com/article/russian-hackers-exploit-flash-windows-flaws-to-spy-on-diplomat-targets/
https://www.fireeye.com/blog/threat-research/2015/04/probable_apt28_useo.html
http://www.eweek.com/security/russian-based-attackers-use-two-zero-days-in-one-attack.html
http://securityaffairs.co/wordpress/36105/cyber-crime/apt28-russian-hackers.html
https://www.advancedbusinesssolutions.com/blog/curated-content/russian-hackers-use-flash-windows-zer...
https://www.infosecurity-magazine.com/news/apt28-back-russiandoll-attack/
Multiple vulnerabilities in Adobe Flash Player
CVE-2015-0313
Use-after-free error
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to use-after-free error when processing .swf content. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation results in arbitrary code execution on the vulnerable system.
Note: the vulnerability was being actively exploited.
The vulnerability was used during malwertising campaign against visitors of dailymotion.com.
Software: Adobe Flash Player
Known/fameous malware:
SWF_EXPLOIT.MJST
Hanjuan Exploit Kit
Links:
https://helpx.adobe.com/security/products/flash-player/apsa15-02.html
https://helpx.adobe.com/security/products/flash-player/apsb15-04.html
http://blog.trendmicro.com/trendlabs-security-intelligence/trend-micro-discovers-new-adobe-flash-zer...
http://www.securityweek.com/adobe-prepares-patch-another-critical-flash-player-vulnerability
https://krebsonsecurity.com/2015/02/yet-another-flash-patch-fixes-zero-day-flaw/#more-29724
http://www.greatsoftline.com/another-critical-zero-day-vulnerability-in-adobe-flash-player/
https://nakedsecurity.sophos.com/2015/02/03/news-flash-3rd-time-newunlucky-0-day-hits-adobes-browser...
https://www.recordedfuture.com/top-vulnerabilities-2015/
http://www.networkworld.com/article/3003176/security/8-of-top-10-vulnerabilities-used-by-exploit-kit...
http://www.itnews.com.au/news/hackers-target-third-new-zero-day-for-adobe-flash-399960
http://researchcenter.paloaltonetworks.com/2015/02/palo-alto-networks-traps-protects-enterprises-zer...
http://www.fin24.com/Tech/News/Hackers-target-Adobe-Flash-again-20150205
https://arstechnica.com/security/2015/02/as-flash-0day-exploits-reach-new-level-of-meanness-what-are...
http://www.techtimes.com/articles/30925/20150206/adobe-releases-patch-for-dangerous-flash-player-zer...
http://www.darkreading.com/new-adobe-flash-0-day-used-in-malvertising-campaign/d/d-id/1318900
https://philipcao.com/2015/02/04/palo-alto-networks-traps-protects-enterprises-from-zero-day-cve-201...
https://betanews.com/2015/02/02/surprise-adobe-flash-has-a-security-flaw-on-windows-mac-and-linux/
Remote code execution in Adobe Flash Player
CVE-2015-0311
Use-after-free error
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to use-after-free error when processing .swf files. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation results in arbitrary code execution on the vulnerable system.
Note: the vulnerability was being actively exploited.
The vulnerability was discovered by French security researcher тАЬKafeineтАЭ.
It was actively being exploited in the wild via drive-by-download attacks against systems running Internet Explorer and Firefox on Windows 8.1 and below. It was used by Angler EK and infected at least 1,800 known domains.
Software: Adobe Flash Player
Known/fameous malware:
SWF/Exploit.CVE-2015-0311.N(2)
Trojan.Swifi (Symantec)
Angler EK
It was actively being exploited in the wild via drive-by-download attacks against systems running Internet Explorer and Firefox on Windows 8.1 and below. It was used by Angler EK and infected at least 1,800 known domains.
Links:
https://helpx.adobe.com/security/products/flash-player/apsb15-03.html
http://blog.trendmicro.com/trendlabs-security-intelligence/os-x-zero-days-on-the-rise-a-2015-midyear...
http://blog.trendmicro.com/trendlabs-security-intelligence/analyzing-cve-2015-0311-flash-zero-day-vu...
http://researchcenter.paloaltonetworks.com/2015/01/unpatched-flash-vulnerability-cve-2015-0311-block...
http://securityaffairs.co/wordpress/32687/security/adobe-fix-cve-2015-0311-0day.html
http://www.kamnet.com/adobe-flash-player-vulnerability-cve-2015-0311/
http://www.criticalwatch.com/faqs/zero-day-vulnerability-in-adobe-flash/
http://www.free-remove-spyware.com/post/Cannot-Remove-SWFExploit.CVE-2015-0311.N2-SWFExploit.CVE-201...
http://www.securityweek.com/adobe-fixes-second-flash-player-zero-day-vulnerability
http://www.pcworld.com/article/2878792/flash-player-plagued-by-third-zeroday-flaw-in-a-month-updates...
Security bypass in Adobe Flash Player
CVE-2015-0310
Security bypass
The vulnerability allows a remote attacker to circumvent memory address randomization on the target system.
The weakness exists due to memory leak error. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption, bypass memory address randomization on the Windows platform and obtain sensitive information.
Note: the vulnerability was being actively exploited.
The vulnerability was discovered and reported by security researcher Kafeine.
The vulnerability was used in attacks against older versions of Flash Player.
Software: Adobe Flash Player
Known/fameous malware:
Angler EK.
The vulnerability was used in attacks against older versions of Flash Player.
Links:
https://helpx.adobe.com/security/products/flash-player/apsb15-02.html
https://ae.norton.com/security_response/writeup.jsp?docid=2015-021009-2659-99
https://www.beyondtrust.com/blog/adobe-patches-zero-day-flaw-being-exploited-in-the-wild/
https://www.intego.com/mac-security-blog/flash-player-0day-vulnerability-jolts-rushed-update/
http://www.pcworld.com/article/2874172/adobe-fixes-just-one-of-two-actively-exploited-zeroday-vulner...
http://www.eweek.com/security/new-zero-day-exploit-adds-to-adobe-flash-security-woes.html