Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Mobile Vulnerabilities

  • Zero-Day Alerts

  • Recent Posts

  • Calendar

    September 2015
    S M T W T F S
    « Aug    
  • Email Subscription

  • About Us

    Author Archive - Yuki Chen (Threat Solution Engineer)

    This blog discusses our analysis of the recent Adobe Flash zero-day vulnerability. Trend Micro received a sample Shockwave Flash (.SWF) file that exploited this 0-day vulnerability. Since the original blog post was posted, we have been analyzing this sample to determine how the exploit works.

    Static Analysis

    Let’s call the sample .SWF file exploit.swf. Quick analysis reveals that it contains ActionScript 3.0 tags. (ActionScript is a scripting language developed by Adobe, which is used in .SWF files.) This exploit will use ActionScript commands to spray shellcode into memory and load another .SWF file using the LoadBytes function of ActionScript 3.0.

    Read the rest of this entry »



    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice