Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Recent Posts

  • Calendar

    February 2013
    S M T W T F S
    « Jan   Mar »
     12
    3456789
    10111213141516
    17181920212223
    2425262728  
  • About Us
    TrendLabs Security Intelligence Blog(breadcrumbs are unavailable)

    Archive for February 8th, 2013




    Adobe released an out-of-band update for two critical zero-day vulnerabilities just a few days in advance to its regular monthly patch cycle. The Buffer overflow vulnerability (CVE-2013-0633), which exists in Flash Player can lead to remote code execution or denial of service conditions when exploited. This vulnerability, which has been exploited in the wild, targets Windows systems via ActiveX version of Flash Player. These attacks have been intended to deceive users by embedding malicious Flash (.SWF) file in Microsoft Word documents.

    Another vulnerability being exploited in the wild is the remote memory-corruption vulnerability covered in CVE-2013-0634. Once successfully exploited, it can lead to remote code execution or application crash. According to the Adobe advisory, these vulnerabilities are currently being exploited in the wild via sending crafted .SWF files as email attachments or by tricking the user to click a URL. Trend Micro detects these exploits as TROJ_MDROP.REF. When executed, this malware drops a backdoor detected as BKDR_PLUGAX.A. This backdoor, in turn, has the capability to gather information such as computer name, hostname, and OS version among others. It can also download and load plugins and send and receive information from a malicious website thus compromising the security of the system. Here’s the list of affected product versions:

    • Adobe Flash Player 11.5.502.146 and earlier versions for Windows and Macintosh
    • Adobe Flash Player 11.2.202.261 and earlier versions for Linux
    • Adobe Flash Player 11.1.115.36 and earlier versions for Android 4.x
    • Adobe Flash Player 11.1.111.31 and earlier versions for Android 3.x and 2.x

    Just last month, we reported on the Java zero-day exploit employed by toolkits, Cool Exploit Kit (CEK) and Blackhole Exploit Kit (BHEK). Java released an update to address this zero-day exploit. Ironically, cybercriminals are quick to jump in and abused this opportunity to make a malware that poses as an update for Java.

    Read the rest of this entry »

     
    Posted in Exploits, Vulnerabilities | Comments Off


     

    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice