Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Recent Posts

  • Calendar

    February 2014
    S M T W T F S
    « Jan   Mar »
     1
    2345678
    9101112131415
    16171819202122
    232425262728  
  • About Us
    TrendLabs Security Intelligence Blog(breadcrumbs are unavailable)

    Archive for February 23rd, 2014




    Attackers continuously leverage vulnerabilities in popular software like Microsoft Windows and Adobe products.  Just recently, Adobe released an out-of-band update addressing three critical vulnerabilities in Flash Player. The said update APSB14-07 resolves the following issues in Flash Player:

    • Stack-based buffer overflow vulnerability (CVE-2014-0498) allows attackers to execute arbitrary code via unspecified vectors.
    • Out-of-bound read vulnerability (CVE-2014-0499) does not prevent access to address information, which in turn makes it easier for attackers to evade existing mitigation technology like Address Space Layout Randomization (ASLR). Successful exploitation results in information disclosure.
    • Double free vulnerability (CVE-2014-0502) can be exploited to cause memory corruption. Once successfully exploited, it allows remote attackers to execute arbitrary code. Adobe confirms that this is a zero-day actively exploited in the wild.  It is reported several websites being affected which redirected visitors to a malicious server containing a malicious Flash file. Based on our investigation, once users visit the compromised websites  they will unknowingly download a malicious .SWF file detected by Trend Micro as SWF_EXPLOYT.LPE.  This SWF exploit then downloads a PlugX variant detected as BKDR_PLUGX.NSC. PlugX is a remote access tool known for its stealth mechanism.

    These are the affected platforms:

    Product Updated version Platform Priority rating
    Adobe Flash Player 12.0.0.70 Windows 1
    12.0.0.70 Internet Explorer 10 for Windows 8.0 1
    12.0.0.70 Internet Explorer 11 for Windows 8.1 1
    12.0.0.70 Chrome for Windows and Linux 1
    11.7.700.269 Windows 1
    11.2.202.341 Linux 3

    Trend Micro Deep Security has released the following new deep packet inspection (DPI) rules to protect against exploits leveraging these vulnerabilities:

    • 1005918 – Adobe Flash Player Stack-based Buffer Overflow Vulnerability (CVE-2014-0498)
    • 1005919 – Adobe Flash Player Out Of Bound Read Vulnerability (CVE-2014-0499)
    • 1005922 – Adobe Flash Player Remote Code Execution Vulnerability (CVE-2014-0502)

    Aside from Deep Security solutions, our browser exploit prevention technology in Titanium 7 also protects from exploits targeting CVE-2014-0498 and CVE-2014-0502. As for CVE-2014-0499, we recommend you to update to the latest version.

    Trend Micro blocks all related threats and URLs associated with this attack. We advise users to keep updating the latest version of installed software.

    With additional analysis from Kai Yu.

     
    Posted in Bad Sites | Comments Off


     

    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice