Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Share Post: Reddit Facebook
New 0-day exploit (Flash Player)
#1
Quote: Zero-day spotted embedded in malicious Office documents uploaded on VirusTotal.

Adobe released patches today for a new zero-day vulnerability discovered in the company's popular Flash Player app. The zero-day has been spotted embedded inside malicious Microsoft Office documents. These documents were discovered last month after they've been uploaded on VirusTotal, a web-based file scanning service, from a Ukrainian IP address.
If victims who received the documents allowed the Flash Active X object to execute, researchers said the malicious code would escalate its access from the Office app to the underlying OS. Here it would drop a JPG file, then unzip another RAR file attached at the end of this JPG file to drop an EXE file on the victim's PC, and then run this file (a basic barebones backdoor trojan).

Quote: Adobe released security updates for Flash Player that address two vulnerabilities, including a critical flaw, tracked as CVE-2018-15982, exploited in targeted attacks.
Adobe fixed two flaws including a critical use-after-free bug, tracked as CVE-2018-15982, exploited by an advanced persistent threat actor aimed at a healthcare organization associated with the Russian presidential administration.

The flaw could be exploited by attackers to execute arbitrary code, Adobe addressed it with the release of Flash Player 32.0.0.101 for Windows, macOS, Linux, and Chrome OS.

“Adobe has released security updates for Adobe Flash Player for Windows, macOS, Linux and Chrome OS. These updates address one critical vulnerability in Adobe Flash Player and one important vulnerability in Adobe Flash Player installer.” reads the security advisory published by Adobe.

“Successful exploitation could lead to Arbitrary Code Execution and privilege escalation in the context of the current user respectively.

Adobe is aware of reports that an exploit for CVE-2018-15982 exists in the wild.”

Adobe confirmed that it is aware of attacks exploiting the flaw in the wild.

Adobe has credited the following experts for reporting the CVE-2018-15982 flaw:
  • Chenming Xu and Ed Miles of Gigamon ATR
  • Yang Kang (@dnpushmen) and Jinquan (@jq0904) of Qihoo 360 Core Security (@360CoreSec)
  • He Zhiqiu, Qu Yifan, Bai Haowen, Zeng Haitao and Gu Liang of 360 Threat Intelligence of 360 Enterprise Security Group
  • independent researcher b2ahex
Attackers used decoy Word documents including Flash file with zero-day vulnerability. The Word document is included in a RAR archive with a JPG picture. When the Flash vulnerability is triggered, the malware extracts the RAT code embedded in the JPG picture.
First link: VirusTotal
Second link: EdgeSpot - Free online exploit detection service

Source: CVE-2018-15982 Adobe zero-day exploited in targeted attacks

[Image: document-1.png]

[Image: CVE-2018-15982.gif]
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  Adobe Flash Player Update Released for Remote Code Execution Vulnerability tarekma7 0 1,446 11-22-2018 , 12:11 PM
Last Post: tarekma7
  Adobe Patch Tuesday Is Out With Fixes for Flash Player, Creative Cloud, Connect tarekma7 0 1,510 05-09-2018 , 12:18 AM
Last Post: tarekma7
  Microsoft Releases KB4074595 to Fix Zero-Day Flash Player Flaw mrtrout 0 1,249 02-10-2018 , 01:17 AM
Last Post: mrtrout
  (security fixes for) Adobe Releases Flash Player 28.0.0.137 mrtrout 0 2,342 01-09-2018 , 09:58 PM
Last Post: mrtrout

Forum Jump:


Users browsing this thread: 1 Guest(s)