Wednesday, April 13, 2011

Analysis of the CVE-2011-0611 Adobe Flash Player Vulnerability Exploitation

Via Microsoft Malware Protection Center (MMPC) -

About a month ago, we blogged about an Adobe Flash Player vulnerability (CVE-2011-0609) that was actively exploited in the wild. That exploit was hidden inside a Microsoft Excel document. Over the weekend, a new Adobe Flash Player 0-day (CVE-2011-0611) was reported by Adobe in a recent advisory (APSA11-02).

It all started with spam emails enticing users to open its attachment, typically a Microsoft Word document (or a zip file of a Microsoft Word document), which contained the malicious Flash exploit inside.


Inside the .doc file a malformed Adobe Flash file is embedded. Once a user opens the document, Flash Player will load the malicious file and exploitation will occur. Unlike the previous vulnerability, a bug in the ActionScript Virtual Machine version 1 is now used in the exploitation process. Another difference is that this is not a result of fuzzing clean files. We won’t disclose any detail on what triggers the vulnerability, for security reasons, obviously.

No comments:

Post a Comment