Jump to content


Photo

Adobe Flash/Acrobat/Reader exploits-in-the-wild


  • Please log in to reply
37 replies to this topic

#1 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,202 posts

Posted 05 June 2010 - 07:41 AM

FYI...

Adobe Flash/Acrobat/Reader vulns

- http://www.symantec....der-and-acrobat
June 6, 2010 - "We have confirmed the attacks that are exploiting the vulnerability (CVE-2010-1297) Adobe announced on its security advisory* are in the wild. The exploit takes advantage of an unpatched vulnerability in Flash Player, Adobe Reader, and Acrobat, and affects users regardless of whether they use Windows, Macintosh, Solaris, Linux, or UNIX... Attacks can take place in various situations with a few listed below:
• Receiving an email with a malicious PDF attachment.
• Receiving an email with a link to the malicious PDF file or a website with the malicious SWF imbedded in malicious HTML code.
• Stumbling across a malicious PDF or SWF file when surfing the web..."

- http://krebsonsecuri...acrobat-reader/
June 5, 2010

- http://blog.trendmic...en-in-the-wild/
June 5, 2010

- http://blogs.adobe.c...r_adobe_re.html
June 4, 2010

Adobe Flash Player vuln
- http://secunia.com/advisories/40026/
Release Date: 2010-06-05
Criticality level: Extremely critical
Impact: System access
Where: From remote
Solution Status: Vendor Workaround
Software: Adobe Flash Player 10.x, Adobe Flash Player 9.x ...
NOTE: The vulnerability is reportedly being actively exploited.
Solution: Reportedly, the latest version 10.1 Release Candidate is not affected...
- http://labs.adobe.co...shplayer10.html
Reported as a 0-day.
Original Advisory: Adobe:
* http://www.adobe.com.../apsa10-01.html

Adobe Reader/Acrobat vuln
- http://secunia.com/advisories/40034/
Release Date: 2010-06-05
Criticality level: Extremely critical
Impact: System access
Where: From remote
Solution Status: Unpatched ...
NOTE: The vulnerability is currently being actively exploited.
Solution: Delete, rename, or remove access to authplay.dll to prevent running SWF content in PDF files...
Reported as a 0-day.

:ph34r: :ph34r:

Edited by apluswebmaster, 06 June 2010 - 12:40 PM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#2 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,202 posts

Posted 08 June 2010 - 01:16 PM

FYI...

Status update: Adobe vulnerabilities - exploits-in-the-wild ...
- http://www.adobe.com.../apsa10-01.html
Last updated: June 8, 2010 - "... We are in the process of finalizing a fix for the issue, and expect to provide an update for Flash Player 10.x for Windows, Macintosh, and Linux by June 10, 2010. The patch date for Flash Player 10.x for Solaris is still to be determined.
We expect to provide an update for Adobe Reader and Acrobat 9.3.2 for Windows, Macintosh and UNIX by June 29, 2010..."

- http://atlas.arbor.n...dex#-1218073436
Title: Adobe Flash, Reader, and Acrobat 0day authplay Vulnerability
Severity: Extreme Severity
June 09, 2010 - "Analysis: This is an active, critical issue being exploited in the wild. We have multiple sources of these attacks with minimal AV detection. We encourage sites to investigate remediation steps immediately to address this."
Source: http://www.us-cert.g.../TA10-159A.html

- http://www.f-secure....s/00001963.html
June 8, 2010 - "... spam run pushing a PDF exploit... screenshot of the PDF attachment..."

Adobe 0-day used in targeted attacks
- http://community.web...in-attacks.aspx
9 Jun 2010

- http://www.kb.cert.org/vuls/id/486225
Date Last Updated: 2010-06-09

- http://web.nvd.nist....d=CVE-2010-1297
Last revised: 06/09/2010
CVSS v2 Base Score: 9.3 (HIGH)

Mitigations for Adobe vulnerability: CVE-2010-1297
- http://www.sophos.co...hoslabs/?p=9954
June 8, 2010 - "...
1. Renaming authplay.dll: Our testing shows that this workaround, at least for this sample, works successfully (as claimed by Adobe). Acrobat will work normally on regular PDFs, but on exploited files (and potentially others with embedded SWF files), it will crash, but the exploit will fail.
2. Disabling JavaScript: As recommended previously, disabling JavaScript in Acrobat Reader is another workaround for this sample (since it relies on JavaScript to create the shellcode).
3. Alternative PDF reader: The exploit depends upon embedded SWF content, so PDF readers which ignore this ought to be safe..."

:ph34r:

Edited by apluswebmaster, 10 June 2010 - 12:13 PM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#3 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,202 posts

Posted 10 June 2010 - 06:30 PM

FYI...

Adobe Flash v 10.1.53.64 released
- http://www.spywarein...ndpost&p=724870
June 10, 2010

Adobe Reader/Acrobat v9.3.3 released
- http://www.spywarein...ndpost&p=726244
June 29, 2010

:!:

Edited by apluswebmaster, 04 August 2010 - 08:13 AM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#4 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,202 posts

Posted 04 August 2010 - 08:09 AM

FYI...

Adobe Reader 0-day, again...
- http://www.theregist...be_reader_vuln/
4 August 2010 - "... yet another vulnerability in Adobe Reader that allows hackers to execute malicious code on computers by tricking their users into opening booby-trapped files... Brad Arkin, senior director of product security and privacy at Adobe, said members of the company's security team attended Miller's talk and have since confirmed his claims that the vulnerability can lead to remote code execution. The team is in the process of developing a patch and deciding whether to distribute it during Adobe's next scheduled update release or as an “out-of-band” fix that would come out in the next few weeks..."
- http://blogs.adobe.com/adobereader/

- http://secunia.com/advisories/40766/
Last update: 2010-08-06
Criticality level: Highly critical
Impact: System access
Where: From remote
Solution Status: Unpatched...
... Successful exploitation may allow execution of arbitrary code. The vulnerability is confirmed in Adobe Reader versions 8.2.3 and 9.3.3 and Adobe Acrobat version 9.3.3. Other versions may also be affected...

:ph34r: :blink: :ph34r:

Edited by apluswebmaster, 10 August 2010 - 07:11 AM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#5 live help india

live help india

    Member

  • New Member
  • Pip
  • 1 posts

Posted 05 August 2010 - 04:45 AM

Adobe is using sandbox in it as a improved feature which will protect the software from the malicious hacker. very interesting feature as google is also having sandbox.

#6 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,202 posts

Posted 05 August 2010 - 05:21 AM

"Adobe is using sandbox..."

Not yet they aren't. It's still in development:
- http://www.theregist...reader_sandbox/
20 July 2010 - "... Arkin said the sandbox will debut with the next major revision of Reader, which he expects to ship sometime this year..."

For now, we're dealing with yet another 0-day:
- http://www.spywarein...ndpost&p=729482

- http://www.adobe.com.../apsb10-17.html
August 5, 2010 - "Adobe is planning to release updates for Adobe Reader 9.3.3 for Windows, Macintosh and UNIX, Adobe Acrobat 9.3.3 for Windows and Macintosh, and Adobe Reader 8.2.3 and Acrobat 8.2.3 for Windows and Macintosh to resolve critical security issues, including CVE-2010-2862... Adobe expects to make these updates available during the week of August 16, 2010... Note that these updates represent an out-of-band release. Adobe is currently scheduled to release the next quarterly security update for Adobe Reader and Acrobat on October 12, 2010..."
- http://blogs.adobe.c...nd-acrobat.html
___

- http://web.nvd.nist....d=CVE-2010-2862
Last revised: 08/21/2010

Adobe Reader v9.3.4 released
- http://www.spywarein...post__p__731066

:ph34r:

Edited by apluswebmaster, 23 August 2010 - 10:05 AM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#7 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,202 posts

Posted 08 September 2010 - 10:55 AM

FYI...

- http://www.adobe.com.../apsa10-02.html
September 13, 2010 - "... A critical vulnerability exists in Adobe Reader 9.3.4 and earlier versions for Windows, Macintosh and UNIX, and Adobe Acrobat 9.3.4 and earlier versions for Windows and Macintosh. This vulnerability (CVE-2010-2883) could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that this vulnerability is being actively exploited in the wild..."
- http://isc.sans.edu/...ml?storyid=9523
Last Updated: 2010-09-08 18:03:06 UTC
- http://web.nvd.nist....d=CVE-2010-2883
Last revised: 09/10/2010 - "... exploited in the wild in September 2010..."
CVSS v2 Base Score: 9.3

Adobe Reader/Acrobat vuln... unpatched
- http://secunia.com/advisories/41340/
Release Date: 2010-09-08
Criticality level: Extremely critical
Impact: System access
Where: From remote
Solution Status: Unpatched ...
...vulnerability is confirmed in versions 8.2.4 and 9.3.4. Other versions may also be affected.
NOTE: The vulnerability is currently being actively exploited.
Solution: Do not open untrusted files.
Provided and/or discovered by: Reported as a 0-day....

- http://www.virustota...da2b-1283972909
File name: Golf Clinic.pdf
Submission date: 2010-09-08 19:08:29 (UTC)
Result: 11/43 (25.6%)

(Better)...
- http://www.virustota...da2b-1284031469
File name: Golf Clinic.pdf
Submission date: 2010-09-09 11:24:29 (UTC)
Result: 21/43 (48.8%)

:grrr: :ph34r:

Edited by apluswebmaster, 14 September 2010 - 05:12 AM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#8 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,202 posts

Posted 14 September 2010 - 05:13 AM

FYI...

0-day Flash vuln "exploit in the wild"...
- http://www.adobe.com.../apsa10-03.html
September 13, 2010 - "... A critical vulnerability exists in Adobe Flash Player 10.1.82.76 and earlier versions for Windows, Macintosh, Linux, Solaris, and Android operating systems. This vulnerability also affects Adobe Reader 9.3.4 for Windows, Macintosh and UNIX, and Adobe Acrobat 9.3.4 and earlier versions for Windows and Macintosh. This vulnerability (CVE-2010-2884*) could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that this vulnerability is being actively exploited in the wild against Adobe Flash Player on Windows. Adobe is not aware of any attacks exploiting this vulnerability against Adobe Reader or Acrobat to date.
We are in the process of finalizing a fix for the issue and expect to provide an update for Adobe Flash Player for Windows, Macintosh, Linux, Solaris, and Android operating systems during the week of September 27, 2010.
We expect to provide updates for Adobe Reader 9.3.4 for Windows, Macintosh and UNIX, and Adobe Acrobat 9.3.4 for Windows and Macintosh during the week of October 4, 2010..."
- http://isc.sans.edu/...ml?storyid=9544
Last Updated: 2010-09-14 00:40:35 UTC

* http://web.nvd.nist....d=CVE-2010-2884

- http://secunia.com/advisories/41434/
Release Date: 2010-09-14
Criticality level: Extremely critical
Impact: System access
Where: From remote
Solution Status: Unpatched ...

- http://securitytrack...ep/1024432.html
Sep 14 2010

:ph34r:

Edited by apluswebmaster, 15 September 2010 - 01:39 PM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#9 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,202 posts

Posted 19 September 2010 - 07:41 AM

FYI...

Adobe Reader/Acrobat v9.4 update released
- http://www.spywarein...post__p__733877
October 5, 2010
___

Flash Player v10.1.85.3 released
- http://www.spywarein...post__p__733032
Sep. 20, 2010
___

Flash update 2010.09.20 ...
- http://www.adobe.com.../apsa10-03.html
Last updated: September 17, 2010 - "... We now expect to provide an update for Adobe Flash Player for Windows, Macintosh, Linux, Solaris, and Android operating systems on Monday September 20, 2010. A fix is now available for Google Chrome users. Chrome users can update to Chrome 6.0.472.62. To verify your current Chrome version number and update if necessary, follow the instructions here: http://googlechromer...updates_17.html (September 17, 2010). We expect to provide updates for Adobe Reader 9.3.4 for Windows, Macintosh and UNIX, and Adobe Acrobat 9.3.4 for Windows and Macintosh during the week of October 4, 2010..."
- http://web.nvd.nist....d=CVE-2010-2884
Last revised: 09/18/2010 - "... as exploited in the wild in September 2010..."
CVSS v2 Base Score: 9.3 (HIGH)
- http://xforce.iss.ne...orce/xfdb/61771
September 18, 2010 - High Risk

** http://www.google.co...en&answer=95414
"...You can tell if updates are available if the wrench icon on the browser toolbar has a little orange dot: update notification. To apply the update, just close and restart the browser..."

:ph34r:

Edited by AplusWebMaster, 05 October 2010 - 07:41 PM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#10 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,202 posts

Posted 22 October 2010 - 08:55 AM

FYI...

Shockwave v11.5.9.615 released
- http://www.spywarein...post__p__735498
___

Shockwave Player vuln - unpatched
- http://secunia.com/advisories/41932/
Release Date: 2010-10-22
Criticality level: Extremely critical
Impact: System access
Where: From remote
Solution Status: Unpatched ...
The vulnerability is confirmed in version 11.5.8.612...
Solution: Do not visit untrusted websites*...
Original Advisory: Adobe:
http://www.adobe.com.../apsa10-04.html
Last updated: October 27, 2010 - "... As of October 27, Adobe is aware of reports of this vulnerability being exploited in the wild... We are in the process of finalizing a fix for the issue and expect to provide an update for Shockwave Player on October 28, 2010..."
http://blogs.adobe.c...-apsa10-04.html
"... vulnerability (CVE-2010-3653) could cause a crash and potentially allow an attacker to take control of the affected system..."
- http://web.nvd.nist....d=CVE-2010-3653
Last revised: 10/27/2010
CVSS v2 Base Score: 9.3 (HIGH)

* -and/or- UNINSTALL Shockwave Player. You can live without it.

:ph34r:

Edited by AplusWebMaster, 28 October 2010 - 02:31 PM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#11 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,202 posts

Posted 28 October 2010 - 12:00 PM

FYI...

Adobe Flash... 0-day... unpatched
* http://www.adobe.com.../apsa10-05.html
Release date: October 28, 2010
CVE number: CVE-2010-3654
"A critical vulnerability exists in Adobe Flash Player 10.1.85.3 and earlier versions for Windows, Macintosh, Linux and Solaris operating systems; Adobe Flash Player 10.1.95.2 and earlier versions for Android; and the authplay.dll component that ships with Adobe Reader 9.4 and earlier 9.x versions for Windows, Macintosh and UNIX operating systems, and Adobe Acrobat 9.4 and earlier 9.x versions for Windows and Macintosh operating systems. This vulnerability (CVE-2010-3654) could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that this vulnerability is being actively exploited in the wild against Adobe Reader and Acrobat 9.x. Adobe is not currently aware of attacks targeting Adobe Flash Player. We are in the process of finalizing a fix for the issue and expect to provide an update for Flash Player 10.x for Windows, Macintosh, Linux, and Android by November 9, 2010. We expect to make available an update for Adobe Reader and Acrobat 9.4 and earlier 9.x versions during the week of November 15, 2010..."

- http://secunia.com/advisories/41917/
Last Update: 2010-10-29
Criticality level: Extremely critical
NOTE: The vulnerability is currently being actively exploited...
... Adobe plans to release a fixed version on November 9, 2010.
... Reported as a 0-day.
Original Advisory: Adobe APSA10-05*

Adobe Reader/Acrobat ...
- http://secunia.com/advisories/42030/
...Adobe plans to release a fixed version on November 15, 2010.
Original Advisory: Adobe APSA10-05*

Chrome ...
- http://secunia.com/advisories/42031/

- http://www.theregist..._critical_vuln/
28 October 2010
- http://www.virustota...772a-1288229160
File name: nsunday.exe
Submission date: 2010-10-28
Result: 15/42 (35.7%)
There is a more up-to-date report (27/43) for this file...
- http://www.virustota...772a-1288324712
File name: 9F0CEFE847174185030A1F027B3813EC
Submission date: 2010-10-29
Result: 27/43 (62.8%)
___

- http://isc.sans.edu/...ml?storyid=9835
Last Updated: 2010-10-28 21:51:01 UTC - "... mitigation measures recommended by adobe:
Adobe Reader and Acrobat 9.x - Windows
Deleting, renaming, or removing access to the authplay.dll file that ships with Adobe Reader and Acrobat 9.x mitigates the threat for those products, but users will experience a non-exploitable crash or error message when opening a PDF file that contains Flash (SWF) content.
The authplay.dll that ships with Adobe Reader and Acrobat 9.x for Windows is typically located at C:Program FilesAdobeReader 9.0Readerauthplay.dll for Adobe Reader or C:Program FilesAdobeAcrobat 9.0Acrobatauthplay.dll for Acrobat.
Adobe Reader 9.x - Macintosh
1) Go to the Applications->Adobe Reader 9 folder.
2) Right Click on Adobe Reader.
3) Select Show Package Contents.
4) Go to the Contents->Frameworks folder.
5) Delete or move the AuthPlayLib.bundle file.
Acrobat Pro 9.x - Macintosh
1) Go to the Applications->Adobe Acrobat 9 Pro folder.
2) Right Click on Adobe Acrobat Pro.
3) Select Show Package Contents.
4) Go to the Contents->Frameworks folder.
5) Delete or move the AuthPlayLib.bundle file.
Adobe Reader 9.x - UNIX
1) Go to installation location of Reader (typically a folder named Adobe).
2) Within it browse to Reader9/Reader/intellinux/lib/ (for Linux) or Reader9/Reader/intelsolaris/lib/ (for Solaris).
3) Remove the library named "libauthplay.so.0.0.0."
More information at
- http://contagiodump....layer-zero.html ..."
___

- http://www.kb.cert.org/vuls/id/298081
2010-10-28 - "... consider the following workarounds: Disable Flash..."

ThreatCon... Elevated.
- http://www.symantec....eatconlearn.jsp
Oct. 29, 2010 - "... Adobe Flash Player, Adobe Reader, and Acrobat... vulnerability... being actively exploited in the wild..."

- http://web.nvd.nist....d=CVE-2010-3654
Last revised: 10/29/2010

:ph34r: :ph34r: :ph34r:

Edited by AplusWebMaster, 29 October 2010 - 02:31 PM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#12 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,202 posts

Posted 02 November 2010 - 09:05 PM

FYI...

Flash v10.1.102.64 released
- http://www.spywarein...post__p__736013
Critical
___

- http://isc.sans.edu/...ml?storyid=9892
Last Updated: 2010-11-04 22:27:50 UTC - "... current 'State of Adobe'...
Product Latest Version
PDF Reader - v9.4.0 - vulnerable: http://secunia.com/advisories/42095/
Flash Player - 10.1.102.64
Shockwave Player- 11.5.9.615 - vulnerable: http://secunia.com/advisories/42112/
Acrobat - 9.4.0 - vulnerable: http://web.nvd.nist....d=CVE-2010-3654
Air - 2.5 ..."
- http://isc.sans.edu/tag.html?tag=adobe
___

Flash update now expected 11.4.2010...
- http://www.adobe.com.../apsa10-05.html
Last updated: November 2, 2010 - "... We are in the process of finalizing a fix for the issue and expect to provide an update for Flash Player 10.x for Windows, Macintosh, Linux and Solaris by November 4, 2010. We expect to make available an update for Flash Player 10.x for Android by November 9, 2010..."
- http://web.nvd.nist....d=CVE-2010-3654
Last revised: 11/01/2010
CVSS v2 Base Score: 9.3 (HIGH)

:!:

Edited by AplusWebMaster, 05 November 2010 - 08:28 AM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#13 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,202 posts

Posted 08 November 2010 - 07:43 AM

FYI...

More Adobe vulns ...

Adobe Reader vuln
- http://secunia.com/advisories/42095/
Last Update: 2010-11-17
Criticality level: Highly critical
Impact: System access
Where: From remote
Solution: Update to version 9.4.1.

Adobe Shockwave Player vuln - unpatched
- http://secunia.com/advisories/42112/
Last Update: 2010-11-16
Criticality level: Moderately critical
Impact: System access
Where: From remote
Solution Status: Unpatched ...
... The vulnerability is confirmed in version 11.5.9.615. Other versions may also be affected.
Solution: Do not open the "Shockwave Settings" window when viewing Shockwave content..."
- http://www.securityt....com/id?1024682
Nov 4 2010
- http://web.nvd.nist....d=CVE-2010-4092
Last revised: 11/11/2010
CVSS v2 Base Score: 9.3 (HIGH)

* -and/or- UNINSTALL Shockwave Player. You can live without it.

:ph34r: :ph34r:

Edited by AplusWebMaster, 27 November 2010 - 09:55 AM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#14 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,202 posts

Posted 10 November 2010 - 04:32 PM

Adobe Reader/Acrobat v9.4.1 released
- http://www.spywarein...post__p__736692
___

Adobe PDF Reader status:

- http://www.adobe.com.../apsb10-28.html
November 12, 2010 - "... updates for Adobe Reader 9.4... and Adobe Acrobat 9.4... Adobe expects to make updates for Windows and Macintosh available on Tuesday, November 16, 2010. An update for UNIX is expected to be available on Monday, November 30, 2010..."
- http://web.nvd.nist....d=CVE-2010-3654
Original release date: 10/29/2010 - Last revised: 11/11/2010
CVSS v2 Base Score: 9.3 (HIGH) "... as exploited in the wild in October 2010..."
- http://web.nvd.nist....d=CVE-2010-4091
Original release date: 11/07/2010 - Last revised: 11/11/2010
CVSS v2 Base Score: 9.3 (HIGH)
- http://secunia.com/advisories/42030/
Release Date: 2010-10-28
- http://secunia.com/advisories/42095/
Last Update: 2010-11-08

- http://contagiodump....-2010-3654.html
November 10, 2010

Alternative:
- http://www.spywarein...post__p__737380
FoxIt Reader v4.3.0.1110

:ph34r: :ph34r:

Edited by AplusWebMaster, 08 December 2010 - 10:45 AM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#15 Gof

Gof

    Member

  • Security Colleague
  • Pip
  • 12 posts

Posted 13 November 2010 - 07:25 AM

Hello :)

Maybe interesting for you => (Adobe Reader, Adobe Acrobat, Foxit Reader, etc) PDF Current Threats

#16 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,202 posts

Posted 14 March 2011 - 04:40 PM

FYI...

Flash 0-day targeted attacks...
- http://isc.sans.edu/...l?storyid=10549
Last Updated: 2011-03-14 20:09:26 UTC - "Adobe posted a security advisory*... These attacks seem to be particularly sneaky – the Flash exploit is embedded in an Excel file which is also used to setup memory so the exploit has a higher chance of succeeding. We will keep an eye on this and if the 0-day starts being used in the wild..."
___

- http://blog.trendmic...-exploit-found/
Mar. 16, 2011
___

* http://www.adobe.com.../apsa11-01.html
March 14, 2011 - "Summary: A critical vulnerability exists in Adobe Flash Player 10.2.152.33 and earlier versions (Adobe Flash Player 10.2.154.13 and earlier for Chrome users) for Windows, Macintosh, Linux and Solaris operating systems, Adobe Flash Player 10.1.106.16 and earlier versions for Android, and the Authplay.dll component that ships with Adobe Reader and Acrobat X (10.0.1) and earlier 10.x and 9.x versions of Reader and Acrobat for Windows and Macintosh operating systems. This vulnerability (CVE-2011-0609) could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that this vulnerability is being exploited in the wild in targeted attacks via a Flash (.swf) file embedded in a Microsoft Excel (.xls) file delivered as an email attachment... We are in the process of finalizing a fix for the issue and expect to make available an update for Flash Player 10.x and earlier versions for Windows, Macintosh, Linux, Solaris and Android, and an update for Adobe Acrobat X (10.0.1) and earlier 10.x and 9.x versions for Windows and Macintosh, Adobe Reader X (10.0.1) for Macintosh, and Adobe Reader 9.4.2 and earlier 9.x versions during the week of March 21, 2011..."

- http://blogs.adobe.c...h-schedule.html
March 14, 2011 - "... The current attack leverages a malicious Flash (.swf) file inside a Microsoft Excel (.xls) file. The .xls file is used to set up machine memory to take advantage of a crash triggered by the corrupted .swf file. The final step of the attack is to install persistent malware on the victim’s machine..."

- http://secunia.com/advisories/43751/
Release Date: 2011-03-15
Criticality level: Extremely critical
Impact: System access
Where: From remote
Solution Status: Unpatched
Software: Adobe Flash Player 10.x
... The vulnerability is reportedly being actively exploited.
Solution: Adobe plans to release a fixed version during the week of March 21, 2011...

- http://secunia.com/advisories/43772
___

- http://www.us-cert.g...y_advisory_for6
March 15, 2011

- http://www.kb.cert.org/vuls/id/192052
Last Updated: 2011-03-15

- http://web.nvd.nist....d=CVE-2011-0609
Last revised: 03/15/2011
CVSS v2 Base Score: 9.3 (HIGH)

- http://www.securityt....com/id/1025210
Mar 15 2011
- http://www.securityt....com/id/1025211
Mar 15 2011

:grrr:

Edited by AplusWebMaster, 17 March 2011 - 12:10 PM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#17 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,202 posts

Posted 21 March 2011 - 10:04 AM

FYI...

Flash/Reader/Acrobat critical updates released
- http://www.spywarein...post__p__743968
March 21, 2011
___

Flash 10.2 update - for Androids only...
- http://blogs.adobe.c...le-devices.html
March 18, 2011 - "... To see if your device is certified for Flash Player 10.2, visit:
- http://www.adobe.com...tified_devices/
___

- http://web.nvd.nist....d=CVE-2011-0609
Last revised: 03/15/2011
CVSS v2 Base Score: 9.3 (HIGH)
___

- http://www.adobe.com.../apsb11-02.html
Last updated: March 18, 2011 - "... Adobe recommends users of Adobe Flash Player 10.1.102.64 and earlier versions for Windows, Macintosh, Linux, and Solaris update to Adobe Flash Player 10.2.152.26..."

- http://www.adobe.com.../apsa11-01.html
Last updated: March 18, 2011 - "... A critical vulnerability exists in Adobe Flash Player 10.2.152.33 and earlier... We are in the process of finalizing a fix for the issue and expect to make available an update for Flash Player 10.x and earlier versions for Windows, Macintosh, Linux, Solaris, and an update for Adobe Acrobat X (10.0.1) and earlier 10.x and 9.x versions for Windows and Macintosh, Adobe Reader X (10.0.1) for Macintosh, and Adobe Reader 9.4.2 and earlier 9.x versions during the week of March 21, 2011..."

.

Edited by AplusWebMaster, 21 March 2011 - 08:58 PM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#18 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,202 posts

Posted 23 March 2011 - 07:30 AM

FYI...

PDF file loaded w/malware used in attack on Spotify...
- http://www.spywarein...post__p__744138
"... Blackhole Exploit Kit... One of the vulnerabilities the exploit kit uses is a vulnerability in Adobe Reader/Acrobat. The kit uses a heavily obfuscated PDF file..."
* http://www.virustota...7acf-1301413767
File name: L9FPB1.pdf
Submission date: 2011-03-29 15:49:27 (UTC)
Result: 12/43 (27.9%)
___

Flash exploits in-the-wild - SPAM attachments...
- http://www.f-secure....s/00002127.html
March 23, 2011 - "Attackers have been taking advantage of the situation in Japan to trick their targets into opening malicious files. These cases have used infected Excel attachments with Flash exploits... Another sample we've seen (md5:20ee090487ce1a670c192f9ac18c9d18) is an Excel file containing an embedded Flash object that exploits a known vulnerability (CVE-2011-0609). When the XLS file is opened, it shows an empty Excel spreadsheet and starts exploit code via a Flash object. The Flash object starts by doing a heap-spray... the Flash object constructs and loads a second Flash object in runtime... This second Flash object is the main exploit in this malware and it exploits CVE-2011-0609 to execute the shellcode in the heap... As an aside: the main exploit appears to have been delivered in this fashion in an attempt to evade detection. As it is loaded in memory, no physical file is available for scanning by an antivirus engine. Embedding the Flash object that loads the main exploit in an Excel file may be an attempt to further disguise the attack... users should update their Flash player as Adobe has already released a patch for this particular vulnerability. For more information, please see their security advisory*..."
(Screenshots available at the URL above.)
* http://www.spywarein...post__p__743968
Flash Player v10.2.153.1 released

- http://www.f-secure....s/00002127.html
March 23, 2011

- http://sunbeltblog.b...less-japan.html

- http://web.nvd.nist....d=CVE-2011-0609
Last revised: 03/31/2011
CVSS v2 Base Score: 9.3 (HIGH)
"... as exploited in the wild in March 2011..."

:!: :ph34r:

Edited by AplusWebMaster, 02 April 2011 - 06:37 AM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#19 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,202 posts

Posted 11 April 2011 - 04:35 PM

FYI...

Flash 0-day exploit in-the-wild ...
- http://krebsonsecuri...eing-exploited/
April 11, 2011 3:32 pm - "Attackers are exploiting a previously unknown security flaw in Adobe’s ubiquitous Flash Player software to launch targeted attacks, according to several reliable sources... the attacks exploit a vulnerability in fully-patched versions of Flash, and are being leveraged in targeted spear-phishing campaigns launched against select organizations and individuals that work with or for the U.S. government. Sources say the attacks so far have embedded the Flash exploit inside of Microsoft Word files made to look like important government documents... A scan of one tainted file used in this attack that was submitted to Virustotal.com* indicates that just one out of 42 anti-virus products used to scan malware at the service detected this thing as malicious..."
* http://www.virustota...507f-1302359653
File name: Disentangling Industrial Policy and Competition Policy.doc
Submission date: 2011-04-09 14:34:13 (UTC)
Result: 1/42 (2.4%)
There is a more up-to-date report...
- http://www.virustota...507f-1304526431
File name: Disentangling Industrial Policy and Competition Policy.doc
Submission date: 2011-05-04 16:27:11 (UTC)
Result: 29/41 (70.7%)

Screenshot of malicious e-mail:
- http://regmedia.co.u...icous_email.jpg
___

Security Advisory for Adobe Flash Player, Adobe Reader and Acrobat
- http://www.adobe.com.../apsa11-02.html
April 11, 2011
CVE number: http://web.nvd.nist....d=CVE-2011-0611
A critical vulnerability exists in Flash Player 10.2.153.1 and earlier versions (Adobe Flash Player 10.2.154.25 and earlier for Chrome users) for Windows, Macintosh, Linux and Solaris, Adobe Flash Player 10.2.156.12 and earlier versions for Android, and the Authplay.dll component that ships with Adobe Reader and Acrobat X (10.0.2) and earlier 10.x and 9.x versions for Windows and Macintosh operating systems. This vulnerability (CVE-2011-0611) could cause a crash and potentially allow an attacker to take control of the affected system... We are in the process of finalizing a schedule for delivering updates...
Affected software versions:
• Adobe Flash Player 10.2.153.1 and earlier versions for Windows, Macintosh, Linux and Solaris operating systems
• Adobe Flash Player 10.2.154.25 and earlier for Chrome users
• Adobe Flash Player 10.2.156.12 and earlier for Android
• The Authplay.dll component that ships with Adobe Reader and Acrobat X (10.0.2) and earlier 10.x and 9.x versions for Windows and Macintosh operating systems
NOTE: Adobe Reader 9.x for UNIX, Adobe Reader for Android, and Adobe Reader and Acrobat 8.x are not affected by this issue...

- http://secunia.com/advisories/44119/
Release Date: 2011-04-12
Criticality level: Extremely critical
Impact: System access
Where: From remote
Solution Status: Unpatched
... The vulnerability is currently being actively exploited via Office Word documents (.doc) containing malicious Flash content...
Original Advisory: Adobe:
http://blogs.adobe.c...-apsa11-02.html

- http://secunia.com/advisories/44149/
Release Date: 2011-04-12
Criticality level: Highly critical
Impact: System access
Where: From remote
Solution Status: Unpatched
... The vulnerability is caused due to a vulnerable bundled version of Flash Player (authplay.dll)...

- http://www.securityt....com/id/1025324
Apr 12 2011
- http://www.securityt....com/id/1025325
Apr 12 2011

:grrr: :ph34r:

Edited by AplusWebMaster, 07 May 2011 - 06:24 AM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#20 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,202 posts

Posted 14 April 2011 - 04:43 AM

FYI...

Adobe Reader, Acrobat security updates
- http://www.spywarein...post__p__745404
April 21,2011
___

Flash Player v10.2.159.1 released
- http://www.spywarein...post__p__745075
___

Flash, Reader, Acrobat critical updates scheduled...
- http://www.adobe.com.../apsa11-02.html
April 13, 2011- "... We... expect to make available an update for Flash... on Friday, April 15, 2011. We expect to make available an update for Adobe Acrobat... and Adobe Reader... no later than the week of April 25, 2011..."

- http://web.nvd.nist....d=CVE-2011-0611
Last revised: 04/13/2011
CVSS v2 Base Score: 9.3 (HIGH)
"... as exploited in the wild in April 2011..."

:ph34r:

Edited by AplusWebMaster, 21 April 2011 - 02:25 PM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#21 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,202 posts

Posted 20 April 2011 - 05:45 AM

FYI...

Drive-by Flash cache attacks...
- http://www.theregist...drive_by_cache/
19 April 2011 - "Miscreants have deployed a subtle variant of the well established drive-by-download attack tactics against the website of human rights organisation Amnesty International. In traditional drive-by-download attacks malicious code is planted on websites. This code redirects surfers to an exploit site, which relies on browser vulnerabilities or other exploits to download and execute malware onto visiting PCs. The attack on the Amnesty website, detected by security firm Armorize*, relied on a different sequence of events. In this case, malicious scripts are used to locate the malware which is already sitting in the browser's cache directory, before executing it. This so-called drive-by cache approach make attacks harder to detect because no attempt is made to download a file and write it to disk, a suspicious maneuver many security software packages are liable to detect. By bypassing this step dodgy sorts are more likely to slip their wares past security software undetected. The Amnesty International attack ultimately relied on an Adobe Flash zero-day exploit, patched by Adobe** late last week..."
* http://blog.armorize...sed-in-new.html

- http://www.virustota...c227-1303129354
File name: display[1].swf
Submission date: 2011-04-18 12:22:34 (UTC)
Result: 1/40 (2.5%)

** Flash Player v10.2.159.1 released
- http://www.spywarein...post__p__745075

:grrr: :ph34r:

Edited by AplusWebMaster, 20 April 2011 - 07:39 PM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#22 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,202 posts

Posted 13 May 2011 - 01:51 PM

FYI...


> http://www.spywarein...post__p__746537
"... update to Adobe Flash Player 10.3.181.14..."
- http://www.securityt....com/id/1025533
May 13 2011 - "... One of the vulnerabilities [CVE-2011-0627*] is being actively exploited on Windows-based systems via a Flash (.swf) file embedded in a Microsoft Word (.doc) or Microsoft Excel (.xls) file and delivered via email attachment..."
* http://web.nvd.nist....d=CVE-2011-0627
Last revised: 05/13/2011

:!: :!:

Edited by AplusWebMaster, 13 May 2011 - 08:44 PM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#23 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,202 posts

Posted 06 June 2011 - 12:29 PM

FYI...

Hacks exploit Flash bug in new attacks against Gmail users
- http://www.computerw...nst_Gmail_users
June 6, 2011 - "Adobe today confirmed that the Flash Player bug it patched Sunday is being used to steal login credentials of Google's Gmail users... '... we cannot assume that other Web mail providers may not be targeted as well'..."

> http://www.spywarein...post__p__748293

:grrr: :ph34r:

Edited by AplusWebMaster, 06 June 2011 - 08:34 PM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#24 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,202 posts

Posted 15 June 2011 - 10:57 AM

FYI...

- http://secunia.com/advisories/44964/
Release Date: 2011-06-15 ... vulnerability is reportedly being actively exploited in targeted attacks... (Flash Player) 10.3.181.23 and earlier...
Solution: Apply updates... (10.3.181.26*)...

- http://www.securityt....com/id/1025651
Jun 14 2011 - CVE-2011-2110
... This vulnerability is being actively exploited via targeted web pages.
Impact: A remote user can create Flash content that, when loaded by the target user, will execute arbitrary code on the target user's system.
Solution: The vendor has issued a fix 10.3.181.26*...

* http://www.spywarein...post__p__749041

:!: :ph34r:

Edited by AplusWebMaster, 15 June 2011 - 11:32 AM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#25 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,202 posts

Posted 17 June 2011 - 01:34 PM

FYI...

Flash exploits on the loose...
- http://www.shadowser...lendar/20110617
17 June 2011 - "... earlier in the week Adobe issued multiple security updates, which included an update for Adobe Flash Player by way of APSB11-18. What you may not know is that the issue fixed by this update, CVE-2011-2110, is being exploited in the wild on a fairly large scale. In particular this exploit is showing up as a drive-by in several legitimate websites, including those belonging to various NGOs, aerospace companies, a Korean news site, an Indian Government website, and a Taiwanese University. The links are also being used in targeted spear phishing attacks designed to lure particular individuals into clicking the links with hopes of compromising their machines. In case there is any doubt at all, this is very bad. If you run a version of Adobe Flash that is -older- than 10.3.181.26 (or 10.3.181.24 for Android), then is is absolutely -critical- that you update your Flash Player. You can check your Flash version by clicking here*...
* http://kb2.adobe.com...5/tn_15507.html
... exploit takes advantage of a vulnerability in the ActionScript Virtual Machine. It then uses heap information leakage in order to avoid spraying the heap and crashing the process. The exploit is also able to bypass Window's data execution prevention (DEP)... We are aware of several sites in the wild that are either compromised and pointing to exploits or are actually housing the exploits themselves. In some cases a single site may be both compromised and housing the malicious download. Right now we only have a limited set of exploit sites we can share due to various restrictions...
Note: Do not visit these URLs as they are malicious and should be considered dangerous..."
(More detail and list at the shadowserver URL above.)

>> http://www.spywarein...post__p__749041

- http://web.nvd.nist....d=CVE-2011-2110
Last revised: 06/17/2011
CVSS v2 Base Score: 10.0 (HIGH)
"... before 10.3.181.26... as exploited in the wild..."
___

MMPC Telemetry on CVE-2011-2110 Attack Attempts during June 17 – 30, 2011
- http://www.microsoft.../BID593-004.png
1 Jul 2011
- http://blogs.technet...nerability.aspx
___

- http://www.malwaredo...rdpress/?p=1872
June 17th, 2011 in 0day, Domain News - "... Several domains containing mailicious payloads are listed. We’ll be adding these domains on the next update, but you should add the domains and IP addresses to your domain and ip blocklist ASAP."

:ph34r: :ph34r:

Edited by AplusWebMaster, 02 July 2011 - 05:49 AM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#26 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,202 posts

Posted 17 July 2011 - 07:32 PM

FYI...

60% of Adobe Reader users unpatched...
- http://www.darkreadi...le/id/231001642
Jul 13, 2011 - "Six out of every 10 users of Adobe Reader are running unpatched versions of the program, leaving them vulnerable to a variety of malware attacks... In a study of its own antivirus users, Avast Software found that 60.2 percent of those with Adobe Reader were running a vulnerable version of the program... More than 80 percent of Avast users run a version of Adobe Reader... Brad Arkin, senior director of product security and privacy at Adobe, agreed with the Avast analysis. "We find that most consumers donít bother updating a free app, such as Adobe Reader, as PDF files can be viewed in the older version," he said... Malware PDF exploit packages will typically look for a variety of security weaknesses in the targeted computer, attacking when an uncovered vulnerability is discovered..."

:ph34r: :scratchhead:

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#27 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,202 posts

Posted 10 August 2011 - 03:44 PM

FYI...

Adobe Reader - Unpatched in the Enterprise ...
- http://www.zscaler.c...-Web-2011Q2.pdf
Zscaler 2011-Q2 Report PDF pg. 12 - "... Adobe reader is installed in 83% of all enterprise browsers, and is out of date in 56% of those installations... the increasingly popular Blackhole Exploit kit includes a variety of payloads designed to target recent Adobe Reader vulnerabilities..."
August 10, 2011

Graphic: Out-of-date plugins
- http://i.zdnet.com/b...ser_plugins.png
August 9, 2011

- http://www.h-online....iew=zoom;zoom=1
16 August 2011

:blink: :!: :ph34r:

Edited by AplusWebMaster, 16 August 2011 - 08:06 PM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#28 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,202 posts

Posted 06 December 2011 - 05:02 PM

FYI...

Adobe Reader/Acrobat Security Advisory - APSA11-04
- http://www.adobe.com.../apsa11-04.html
December 6, 2011
Summary : A critical vulnerability has been identified in Adobe Reader X (10.1.1) and earlier versions for Windows and Macintosh, Adobe Reader 9.4.6 and earlier 9.x versions for UNIX, and Adobe Acrobat X (10.1.1) and earlier versions for Windows and Macintosh. This vulnerability (CVE-2011-2462) could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that the vulnerability is being actively exploited in limited, targeted attacks in the wild against Adobe Reader 9.x on Windows. We are in the process of finalizing a fix for the issue and expect to make available an update for Adobe Reader 9.x and Acrobat 9.x for Windows no later than the week of December 12, 2011. Because Adobe Reader X Protected Mode and Adobe Acrobat X Protected View would prevent an exploit of this kind from executing, we are currently planning to address this issue in Adobe Reader X and Acrobat X for Windows with the next quarterly security update for Adobe Reader and Acrobat, currently scheduled for January 10, 2012. We are planning to address this issue in Adobe Reader and Acrobat X and earlier versions for Macintosh as part of the next quarterly update scheduled for January 10, 2012. An update to address this issue in Adobe Reader 9.x for UNIX is planned for January 10, 2012. For further context on this schedule, please see the corresponding ASSET blog* post."
* http://blogs.adobe.c...-2011-2462.html
December 6, 2011

- http://web.nvd.nist....d=CVE-2011-2462
Last revised: 12/08/2011
CVSS v2 Base Score: 10.0 (HIGH)
"... as exploited in the wild in December 2011..."

- http://h-online.com/-1391441
7 December 2011

Reader 0-day exploit in-the-wild...
- http://www.symantec....-exploited-wild
___

- http://www.securityt....com/id/1026376
Dec 6 2011
Impact: Execution of arbitrary code via network, User access via network
... A remote user can create a specially crafted PDF file that, when loaded by the target user, will trigger a memory corruption error and execute arbitrary code on the target system. The code will run with the privileges of the target user...

- https://secunia.com/advisories/47133/
Criticality level: Extremely critical
Impact: System access
Where: From remote
Solution Status: Unpatched
CVE Reference: CVE-2011-2462
Solution: Do not open untrusted PDF files. A fix is scheduled to be released for Adobe Reader and Acrobat 9.x for Windows in the week of December 12, 2011.
Provided and/or discovered by: Reported as a 0-day.
Original Advisory: http://www.adobe.com.../apsa11-04.html

:ph34r:

Edited by AplusWebMaster, 11 December 2011 - 12:17 PM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#29 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,202 posts

Posted 08 December 2011 - 07:54 AM

FYI...

Flash Player 0-day vulns - unpatched
- http://www.securityt....com/id/1026392
Date: Dec 8 2011
Impact: Execution of arbitrary code via network, User access via network...
Version(s): 11.1.102.55 and prior versions
Description: Two vulnerabilities were reported in Adobe Flash Player. A remote user can cause arbitrary code to be executed on the target user's system...
Impact: A remote user can create Flash content that, when loaded by the target user, will execute arbitrary code on the target user's system.
Solution: No solution was available at the time of this entry.
___

- http://arstechnica.c...ware-vendor.ars
December 8, 2011 - "InteVyDis, a Russian firm specializing in packaging software security exploits, has released a software module that can give a remote computer access to an up-to-date Windows 7 machine running the most recent version of Adobe Flash Player 11..."
___

- http://web.nvd.nist....d=CVE-2011-4693
CVSS v2 Base Score: 9.3 (HIGH)
- http://web.nvd.nist....d=CVE-2011-4694
CVSS v2 Base Score: 9.3 (HIGH)
Original release date: 12/07/2011
Last revised: 12/13/2011

- https://isc.sans.edu...l?storyid=12166
Last Updated: 2011-12-08 21:52:32 UTC

- https://secunia.com/advisories/47161/
Release Date: 2011-12-08
Criticality level: Highly critical
Impact: System access
Where: From remote
Solution Status: Unpatched
... vulnerability is reported in version 11.1.102.55. Other versions may also be affected.
Solution: Do not browse untrusted sites or disable the player.
Original Advisory:
- http://archives.neoh...11-q4/0081.html
Dec 06 2011 - "... bypasses DEP/ASLR and works on Win7/WinXP with FF, Chrome and IE..."

Oracle Solaris Adobe Flash Player...
- https://secunia.com/advisories/47180/
Release Date: 2011-12-09
Criticality level: Highly critical...

:!: :ph34r:

Edited by AplusWebMaster, 10 January 2012 - 05:17 PM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#30 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,202 posts

Posted 15 December 2011 - 08:43 AM

FYI...

- http://www.spywarein...post__p__759179
Dec. 16, 2011
___

- http://www.symantec....eatconlearn.jsp
Updated: Dec 21 - "... For the period of December 8, 2011 through December 20, 2011, Symantec intelligence products have detected a total of -780- attempted exploits of CVE-2011-2462*. Exercise extreme caution when opening PDF files from untrusted sources. Any email attachments received from unfamiliar senders or unexpectedly from known senders should be treated suspiciously. Email attachments are a common vector for targeted attacks using vulnerabilities of this kind..."
___

- https://www.adobe.co.../apsa11-04.html
Last updated: December 15, 2011 - "... We are in the process of finalizing a fix for the issue and expect to make available an update for Adobe Reader 9.x and Acrobat 9.x for Windows on December 16, 2011..."

* http://web.nvd.nist....d=CVE-2011-2462
Last revised: 12/21/2011
CVSS v2 Base Score: 10.0 (HIGH)
"... as exploited in the wild in December 2011..."

:!: :ph34r:

Edited by AplusWebMaster, 21 December 2011 - 08:53 AM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#31 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,202 posts

Posted 24 February 2012 - 08:59 AM

FYI...

Flash Player v11.1.102.62 update
- http://www.symantec....eatconlearn.jsp
Feb 24, 2012 - "On February 15, 2012, Adobe released a patch for Flash Player fixing vulnerabilities on all platforms. One of these is a cross-site scripting (XSS) vulnerability that is being exploited in the wild through links in emails (CVE-2012-0767*, BID 52040). A cross-site scripting vulnerability can allow an attacker to make HTTP requests masquerading as the affected user. Since this vulnerability was reported by Google, it is likely that it has been used in attempted attacks on Gmail accounts - similarly to the XSS vulnerability exploited in June 2011 to infiltrate victims' Gmail accounts (CVE-2011-2107). An attacker must entice a user into visiting a malicious link in the email to trigger the vulnerability. Customers are advised to install applicable updates as soon as possible.
Adobe Security Bulletin: Security update available for Adobe Flash Player ..."
http://www.spywarein...post__p__762374

* http://web.nvd.nist....d=CVE-2012-0767
Last revised: 02/25/2012 - "... before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.6 on Android 2.x and 3.x; and before 11.1.115.6 on Android 4.x... as exploited in the wild in February 2012"

:!: :ph34r:

Edited by AplusWebMaster, 25 February 2012 - 10:24 AM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#32 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,202 posts

Posted 09 March 2012 - 12:13 PM

FYI...

Flash exploit released...
- http://atlas.arbor.n...ndex#-957676977
Severity: Elevated Severity
Published: Thursday, March 08, 2012 20:33
An exploit for a month-old Adobe Flash vulnerability has been released to the public. Ensure systems are protected.
Analysis: This security vulnerability, patched on Feb 15th, was used in a targeted attack around March 5th
- http://contagiodump....ns-oil-and.html *
... and now a Metasploit module has been released to the public. Given the widespread install base of Flash, users are strongly encouraged to ensure that patching has taken place. Now that the code is public, it will likely be used in commodity exploit kits very soon to install malware."
* http://web.nvd.nist....d=CVE-2012-0754 - 10.0 (HIGH)

* https://www.virustot...5ca62/analysis/
File name: us.exe
Detection ratio: 27/43
Analysis date: 2012-03-07 16:19:36 UTC
* https://www.virustot...sis/1331313285/
File name: CVE-2012-0744-xls.swf
Detection ratio: 8/43
Analysis date: 2012-03-09 17:14:45 UTC
* https://www.virustot...3f4a4/analysis/
File name: 12e36f86ce54576cc38b2edfd13e3a5aa6c8d51c.bin
Detection ratio: 24/43
Analysis date: 2012-03-10 23:57:50 UTC

>> http://www.spywarein...post__p__763340

:( :!: :ph34r:

Edited by AplusWebMaster, 10 March 2012 - 10:28 PM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#33 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,202 posts

Posted 07 November 2012 - 05:36 PM

FYI...

Adobe PDF Reader 0-day in-the-wild ...
- https://krebsonsecur...r-adobe-reader/
Nov 7th, 2012 - "Software vendor Adobe says it is investigating claims that instructions for exploiting a previously unknown critical security hole in the latest versions of its widely-used PDF Reader software are being sold in the cybercriminal underground. The finding comes from malware analysts at Moscow-based forensics firm Group-IB, who say they’ve discovered that a new exploit capable of compromising the security of computers running Adobe X and XI (Adobe Reader 10 and 11) is being sold in the underground for up to $50,000. This is significant because — beginning with Reader X– Adobe introduced a “sandbox” feature aimed at blocking the exploitation of previously unidentified security holes in its software, and so far that protection has held its ground. But according to Andrey Komarov, Group-IB’s head of international projects, this vulnerability allows attackers to sidestep Reader’s sandbox protection...
> https://www.youtube....GF8VDBkK0M#t=0s
... Adobe spokeswoman Wiebke Lips said the company was not contacted by Group-IB, and is unable to verify their claims, given the limited amount of information currently available... Group-IB says the vulnerability is included in a new, custom version of the Blackhole Exploit Kit, a malicious software framework sold in the underground that is designed to be stitched into hacked Web sites and deploy malware via exploits such as this one... consumers should realize that there are several PDF reader option apart from Adobe’s, including Foxit, PDF-Xchange Viewer, Nitro PDF and Sumatra PDF*."
* http://blog.kowalczy...pdf-viewer.html
___

- http://h-online.com/-1746442
8 Nov 2012

:ph34r: :ph34r:

Edited by AplusWebMaster, 08 November 2012 - 10:53 AM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#34 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,202 posts

Posted 19 December 2012 - 06:00 PM

FYI...

Shockwave player - vulnerable Flash runtime
* http://www.kb.cert.org/vuls/id/323161
Last revised: 17 Dec 2012 - "Adobe Shockwave Player 11.6.8.638 and earlier versions on the Windows and Macintosh operating systems provide a vulnerable version of the Flash runtime..."

- http://h-online.com/-1772754
19 Dec 2012 - "US-CERT has warned that a security hole exists in Adobe's Shockwave Player*. Version 11.6.8.638 and earlier versions that were installed using the company's "Full" installer are affected. These all include an older version of Flash (10.2.159.1) that contains several exploitable vulnerabilities. Shockwave uses a custom Flash runtime instead of a globally installed Flash plugin. According to US-CERT, the Flash vulnerabilities can be exploited to execute arbitrary code at the user's privilege level via specially crafted Shockwave content. As the Shockwave Player tends to be used only rarely, simply uninstalling the software can provide protection. Adobe is even offering an uninstaller** for this purpose..."
** https://www.adobe.co...oad/alternates/
(See "Shockwave Player Uninstaller".)

- https://krebsonsecur...-shockwave-bug/
Dec 19, 2012 - "... U.S. CERT first warned Adobe about the vulnerability in October 2010, and Adobe says it won’t be fixing it until February 2013..."

- http://www.securityt....com/id/1027903
- http://www.securityt....com/id/1027904
- http://www.securityt....com/id/1027905
Dec 20 2012

- https://web.nvd.nist...d=CVE-2012-6270 - 9.3 (HIGH)
- https://web.nvd.nist...d=CVE-2012-6271 - 9.3 (HIGH)

:blink: :ph34r: :ph34r:

Edited by AplusWebMaster, 24 December 2012 - 10:47 AM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#35 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,202 posts

Posted 01 February 2013 - 07:15 AM

FYI...

Backdoor/phish targets...
- http://www.symantec....efense-industry
30 Jan 2013 - "... we observed a spear phishing campaign targeting groups in the aerospace and defense industry. We identified at least -12- different organizations targeted in this attack. These organizations include aviation, air traffic control, and government and defense contractors...
> https://www.symantec...s/Figure1_3.png
... The attackers used a report published in 2012 regarding the outlook of the aerospace and defense industries as the lure. The intention of the attackers was to make it seem as though this email originally came from the company that authored the report. The emails were also crafted to look as though they were being forwarded by internal employees or by individuals from within the industries identified. When the malicious PDF attached to the email is opened, it attempts to exploit the Adobe Flash Player CVE-2011-0611 'SWF' File Remote Memory Corruption Vulnerability.. If successful, it drops malicious files as well as a clean PDF file to keep the ruse going.
> https://www.symantec.../Figure2New.png
In addition to the clean PDF file, the threat drops a malicious version of the svchost.exe file. This file then drops a malicious version of ntshrui.dll into the Windows directory. The threat leverages a technique known as DLL search order hijacking (the ntshrui.dll file is not protected by KnownDLLs). When the svchost.exe file calls the explorer.exe file, it will load the malicious ntshrui.dll file in the Windows folder -instead- of the legitimate ntshrui.dll file in the Windows system directory. Symantec detects both the svchost.exe and ntshrui.dll files as Backdoor.Barkiofork. This version of Backdoor.Barikiofork has the following capabilities:
• Enumerates disk drives
• Contacts the command-and-control (C&C) server at osamu.update .ikwb .com *
• Steals system information
• Downloads and executes further updates
This spear phishing campaign continues to show the sophistication and preparation of attackers, especially gathering intelligence on what social engineering will best entice targets. Organizations should ensure proper email security is in place and also make patch management a priority, as the vulnerability exploited here was patched in 2011."
* 192.74.239.245 / https://www.google.c...c?site=AS:54600
 

:grrr: :ph34r:


This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#36 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,202 posts

Posted 13 February 2013 - 07:25 AM

FYI...

- http://www.spywarein...vulns/?p=777126
Feb 20, 2013
___

Adobe 0-day Reader/Acrobat exploit in-the-wild
- https://blogs.adobe....ity-report.html
Feb 12, 2013 - "Adobe is aware of a report of a vulnerability in Adobe Reader and Acrobat XI (11.0.1) and earlier versions being exploited in the wild. We are currently investigating this report and assessing the risk to our customers. We will provide an update as soon as we have more information. Please continue monitoring the Adobe PSIRT blog* for the latest information."
* http://blogs.adobe.com/psirt/

 

- https://secunia.com/advisories/52196/
Release Date: 2013-02-14
Criticality level: Extremely critical
Impact: System access
Where: From remote
Solution: No official solution is currently available.
... Reported as a 0-day.
Original Advisory:
- https://www.adobe.co.../apsa13-02.html
Last updated: Feb 16, 2013
CVE number: CVE-2013-0640, CVE-2013-0641
"... Mitigations: Users of Adobe Reader XI and Acrobat XI for Windows can protect themselves from this exploit by enabling Protected View. To enable this setting, choose the "Files from potentially unsafe locations" option under the Edit > Preferences > Security (Enhanced) menu. Enterprise administrators can protect Windows users across their organization by enabling Protected View in the registry and propagating that setting via GPO or any other method. Further information about enabling Protected View for the enterprise is available here:
> https://www.adobe.co...tectedview.html
... Adobe is in the process of working on fixes for these issues and plans to make available updates for Adobe Reader and Acrobat XI (11.0.01 and earlier) for Windows and Macintosh, X (10.1.5 and earlier) for Windows and Macintosh, 9.5.3 and earlier 9.x versions for Windows and Macintosh, and Adobe Reader 9.5.3 and earlier 9.x versions for Linux during the week of February 18, 2013..."

- http://arstechnica.c...-on-by-default/
Feb 14, 2013 - "... the "protected view" feature prevents the current attacks from working — but only if it's manually enabled. To turn it on, access Preferences > Security (Enhanced) and then check the "Files from potentially unsafe locations," or even the "All files" option. Then click OK.
There's also a way for administrators to enable protected view on Windows machines across their organization... It's unclear why protected view isn't turned on by default..."

>> http://www.f-secure....otectedView.png

- http://blog.fireeye....s-pdf-time.html
Feb 13, 2013 - "... we identified that a PDF zero-day is being exploited in the wild, and we observed successful exploitation on the latest Adobe PDF Reader 9.5.3, 10.1.5, and 11.0.1. Upon successful exploitation, it will drop two DLLs. The first DLL shows a fake error message and opens a decoy PDF document, which is usually common in targeted attacks. The second DLL in turn drops the callback component, which talks to a remote domain... we have been working with Adobe and have jointly agreed to refrain from posting the technical details of the zero-day at this time. This post was intended to serve as a warning to the general public..."

- http://www.f-secure....s/00002500.html
Feb 13, 2013 - "... Consider mitigating your Adobe Reader usage until there's an update from Adobe..."


- http://blog.trendmic...s-adobe-reader/
Feb 13, 2013 - "... Java, Internet Explorer, Adobe Flash Player, and now, Adobe Reader – just two months into 2013, we have already witnessed high-profile cases in which attackers used zero-day exploits to execute their schemes... To prevent this attack, we highly discourage users from opening unknown .PDF files or those acquired from unverified sources..."
___

ThreatCon is currently at Level 2: Elevated.
- https://www.symantec...eatconlearn.jsp
"... On February 7, 2013, Adobe released a patch for Adobe Flash Player. This release addresses CVE-2013-0633 (BID 57788) and CVE-2013-0634 (BID 57787), which are being actively exploited in the wild, distributed through malicious Word documents...
[superseded by APSB13-05: https://www.adobe.co.../apsb13-05.html
... Adobe Flash Player 11.6.602.168... February 12, 2013
CVE number: CVE-2013-1372, CVE-2013-0645, CVE-2013-1373, CVE-2013-1369, CVE-2013-1370, CVE-2013-1366, CVE-2013-0649, CVE-2013-1365, CVE-2013-1374, CVE-2013-1368, CVE-2013-0642, CVE-2013-0644, CVE-2013-0647, CVE-2013-1367, CVE-2013-0639, CVE-2013-0638, CVE-2013-0637

https://web.nvd.nist...3months&cves=on ...]"

:ph34r: :ph34r:


Edited by AplusWebMaster, 20 February 2013 - 01:22 PM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#37 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,202 posts

Posted 22 March 2014 - 09:15 AM

FYI...

Flash exploit in-the-wild ...
- http://www.threattra...-cve-2014-0502/
Mar 21, 2014 - "... new exploit in the wild going after a known Adobe vulnerability... detected the file cc.swf delivered via the malicious link hxxp ://java-sky .com/swf/cc.swf**... Only 7/51 antivirus vendors on VirusTotal* detect the malicious payload at the time of this post..."

* https://www.virustot...9d87f/analysis/

** 50.62.99.1 - https://www.virustot....1/information/

- http://google.com/sa...c?site=AS:26496

- https://web.nvd.nist...d=CVE-2014-0502 - 10.0 (HIGH)

Latest Flash version 12.0.0.77
- http://www.spywarein...vulns/?p=787074

Flash test site:
- http://www.adobe.com...re/flash/about/
 

:grrr:  :ph34r:


Edited by AplusWebMaster, 22 March 2014 - 04:03 PM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.


#38 AplusWebMaster

AplusWebMaster

    AplusWebMaster

  • SWI Friend
  • PipPipPipPipPip
  • 9,202 posts

Posted 30 May 2014 - 07:07 AM

FYI...

Exploit for Flash vuln targets users in Japan for financial info
- http://www.symantec....ial-information
Updated: 30 May 2014 - "... research now indicates that the attacks are being performed on a massive scale and that majority of them are focused on Japan. Back in April, CVE-2014-0515 was originally being exploited in watering-hole attacks against specific organizations or industries. Later in the same month, Adobe released a patch* for the vulnerability. However, just a few weeks later Symantec telemetry indicated that instead of the initial targets, the exploit was now being used to target a wider range of Internet users.
> http://www.symantec..../Figure1_12.png
... more than 90 percent of the attacks exploiting the vulnerability are targeting Japanese users. The attacks are typically carried out through drive-by-download and leverage compromised legitimate websites to host malicious code. The websites then redirect traffic to a malicious site prepared by the attacker... Once the browsers are redirected to the malicious site, which has the IP address 1.234.35.42**, they render the exploit code that attempts to exploit CVE-2014-0515. If an older version of the software is installed on the computer, the attack will execute a series of malicious files to compromise the computer...
Cumulative number of attacks on Japanese users:
> http://www.symantec....1/Figure3_6.png
Infostealer.Bankeiya.B monitors the Web browsers Google Chrome, Mozilla Firefox and Microsoft Internet Explorer. The Trojan gathers specific user data typically found in online banking transactions. The malware can also update itself, enabling it to target more banks and add more capabilities in order to perform additional malicious actions..."
* https://helpx.adobe..../apsb14-13.html

* https://web.nvd.nist...d=CVE-2014-0515 - 10.0 (HIGH)
"... as exploited in the wild in April 2014..."

 

> Most recent version:
- https://helpx.adobe..../apsb14-16.html
June 10, 2014 - "... Flash Player 14.0.0.125..."
Available here: https://www.adobe.co...tribution3.html

>> https://www.adobe.co...re/flash/about/

** 1.234.35.42: https://www.virustot...42/information/
Last: 2014-06-25

- http://www.reuters.c...N0EB02M20140531
May 30, 2014 10:02pm EDT

- http://blog.trendmic...its-japan-hard/
June 2, 2014
 

:ph34r: :ph34r:


Edited by AplusWebMaster, 26 June 2014 - 07:59 AM.

This machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.





2 user(s) are reading this topic

0 members, 2 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button