The Latest in IT Security

Zero-Day Vulnerabilities Found in Adobe Flash Player

09
Feb
2013

Adobe released an out-of-band update for two critical zero-day vulnerabilities just a few days in advance to its regular monthly patch cycle. The Buffer overflow vulnerability (CVE-2013-0633), which exists in Flash Player can lead to remote code execution or denial of service conditions when exploited. This vulnerability, which has been exploited in the wild, targets Windows systems via ActiveX version of Flash Player. These attacks have been intended to deceive users by embedding malicious Flash (.SWF) file in Microsoft Word documents.

Another vulnerability being exploited in the wild is the remote memory-corruption vulnerability covered in CVE-2013-0634. Once successfully exploited, it can lead to remote code execution or application crash. According to the Adobe advisory, these vulnerabilities are currently being exploited in the wild via sending crafted .SWF files as email attachments or by tricking the user to click a URL. Trend Micro detects these exploits as TROJ_MDROP.REF. When executed, this malware drops a backdoor detected as BKDR_PLUGAX.A. This backdoor, in turn, has the capability to gather information such as computer name, hostname, and OS version among others. It can also download and load plugins and send and receive information from a malicious website thus compromising the security of the system. Here’s the list of affected product versions:

  • Adobe Flash Player 11.5.502.146 and earlier versions for Windows and Macintosh
  • Adobe Flash Player 11.2.202.261 and earlier versions for Linux
  • Adobe Flash Player 11.1.115.36 and earlier versions for Android 4.x
  • Adobe Flash Player 11.1.111.31 and earlier versions for Android 3.x and 2.x

Just last month, we reported on the Java zero-day exploit employed by toolkits, Cool Exploit Kit (CEK) and Blackhole Exploit Kit (BHEK). Java released an update to address this zero-day exploit. Ironically, cybercriminals are quick to jump in and abused this opportunity to make a malware that poses as an update for Java.

Trend Micro Deep Security has released following new DPI rules to protect user systems against attacks using these zero-day exploits:

  • 1005360 – Adobe Flash Player Remote Memory Corruption Vulnerability (CVE-2013-0634)
  • 1005359 – Adobe Flash Player Heap Based Buffer Overflow Vulnerability (CVE-2013-0633)

It also advised to apply following existing smart DPI rules to protect against accessing any Microsoft Excel or Word Documents containing Flash (SWF) objects over Web:

  • 1004647 – Restrict Microsoft Office File With Embedded SWF
  • 1005158 – Restrict Microsoft Office Files With Embedded SWF – 2

Trend Micro Smart Protection Network also provides protection by detecting the malicious files.

Leave a reply


Categories

SUNDAY, NOVEMBER 17, 2019
WHITE PAPERS

Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...

Featured

Archives

Latest Comments