The Latest in IT Security

iPhone 5 Rumors Used as Bait for Adobe Exploit CVE-2012-1535


Thanks to Santiago Cortes for his assistance with this research.

Some samples exploiting the Adobe Flash Player CVE-2012-1535 Remote Code Execution Vulnerability through malicious Word documents have been captured. These samples were observed on Adobe Flash Player 11 Active X, version

The attackers spread the malicious Word documents through email and entice their victims with file names referencing Apple’s iPhone.

The .doc files attached to the email contain hidden malicious .swf files. The .swf files then drop more files onto the compromised computer, which are then opened, for example:

  • %Temp%\~WRD0001.doc           
  • %Temp%\Word8.0\ShockwaveFlashObjects.exd
  • %Temp%\Word8.0\ShockwaveFlashObjects.exd             
  • %Temp%\Word8.0\ShockwaveFlashObjects.exd
  • %UserProfile%\Application Data\Macromedia\Flash Player\\support\flashplayer\sys\settings.sol

Meanwhile, the threat is also downloaded and then executed.

The .dll files dropped by the threat are detected as Backdoor.Briba and the dropped .doc files are detected as Trojan.Mdropper.

Adobe has released a security update to correct this vulnerability.

Leave a reply


SUNDAY, JUNE 07, 2020

Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...



Latest Comments