Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Recent Posts

  • Calendar

    July 2014
    S M T W T F S
    « Jun    
     12345
    6789101112
    13141516171819
    20212223242526
    2728293031  
  • About Us

    Attackers continuously leverage vulnerabilities in popular software like Microsoft Windows and Adobe products.  Just recently, Adobe released an out-of-band update addressing three critical vulnerabilities in Flash Player. The said update APSB14-07 resolves the following issues in Flash Player:

    • Stack-based buffer overflow vulnerability (CVE-2014-0498) allows attackers to execute arbitrary code via unspecified vectors.
    • Out-of-bound read vulnerability (CVE-2014-0499) does not prevent access to address information, which in turn makes it easier for attackers to evade existing mitigation technology like Address Space Layout Randomization (ASLR). Successful exploitation results in information disclosure.
    • Double free vulnerability (CVE-2014-0502) can be exploited to cause memory corruption. Once successfully exploited, it allows remote attackers to execute arbitrary code. Adobe confirms that this is a zero-day actively exploited in the wild.  It is reported several websites being affected which redirected visitors to a malicious server containing a malicious Flash file. Based on our investigation, once users visit the compromised websites  they will unknowingly download a malicious .SWF file detected by Trend Micro as SWF_EXPLOYT.LPE.  This SWF exploit then downloads a PlugX variant detected as BKDR_PLUGX.NSC. PlugX is a remote access tool known for its stealth mechanism.

    These are the affected platforms:

    Product Updated version Platform Priority rating
    Adobe Flash Player 12.0.0.70 Windows 1
    12.0.0.70 Internet Explorer 10 for Windows 8.0 1
    12.0.0.70 Internet Explorer 11 for Windows 8.1 1
    12.0.0.70 Chrome for Windows and Linux 1
    11.7.700.269 Windows 1
    11.2.202.341 Linux 3

    Trend Micro Deep Security has released the following new deep packet inspection (DPI) rules to protect against exploits leveraging these vulnerabilities:

    • 1005918 – Adobe Flash Player Stack-based Buffer Overflow Vulnerability (CVE-2014-0498)
    • 1005919 – Adobe Flash Player Out Of Bound Read Vulnerability (CVE-2014-0499)
    • 1005922 – Adobe Flash Player Remote Code Execution Vulnerability (CVE-2014-0502)

    Aside from Deep Security solutions, our browser exploit prevention technology in Titanium 7 also protects from exploits targeting CVE-2014-0498 and CVE-2014-0502. As for CVE-2014-0499, we recommend you to update to the latest version.

    Trend Micro blocks all related threats and URLs associated with this attack. We advise users to keep updating the latest version of installed software.

    With additional analysis from Kai Yu.





    Share this article
    Get the latest on malware protection from TrendLabs
    Email this story to a friend   Technorati   NewsVine   MySpace   Google   Live   del.icio.us   StumbleUpon




    Comments are closed.



     

    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice