An exploit for another zero-day vulnerability in Adobe Flash Player was very recently found just a couple of weeks after Adobe patched a similar critical vulnerability, which was actively exploited and used for attacks.
According to the security advisory Adobe released, the vulnerability identified as APSA11-02 is currently being exploited in the wild in the form of an .SWF file embedded in a Microsoft Word document. According to reports, the said exploit was also being distributed through email. We are currently trying to find more information on the nature of the email messages through which the exploit arrives.
We were able to analyze a sample of the Microsoft Word document wherein the exploit was embedded. The document bears the file name Disentangling_Industrial_Policy_and_Competition_Policy.doc and is now detected as TROJ_MDROP.WMP. It contains an .SWF file, which is now detected as SWF_EXPLOIT.WMP. SWF_EXPLOIT.WMP, when decrypted, is actually a backdoor program that is, in turn, detected as BKDR_SHARK.WMP.
Software affected by this vulnerability include:
- Adobe Flash Player 10.2.153.1 and earlier versions for Windows, Macintosh, Linux, and Solaris OSs
- Adobe Flash Player 10.2.154.25 and earlier for Chrome users
- Adobe Flash Player 10.2.156.12 and earlier for Android users
- The Authplay.dll component that is shipped with Adobe Reader and Acrobat X (10.0.2) and earlier 10.x and 9.x versions for Windows and Macintosh OSs
Adobe has yet to release a patch for this vulnerability.
The way this exploit arrives in users’ systems is very similar to the one used for APSA11-01. Both exploits arrive as .SWF files embedded in Microsoft Office documents (the previous one is embedded in Microsoft Excel spreadsheets). Such kind of threats, when used for sophisticated schemes like targeted attacks, can cause a lot of damage. It could be recalled that APSA11-01 was reportedly used in several attacks, including one related to the Japanese earthquake and to the breach that affected RSA.
As this vulnerability remains unpatched, there is a huge possibility that it will be used for malware attacks. Users are strongly advised to practice extreme caution in dealing with email messages (especially those that come with attachments) from unverified sources.
Post from: TrendLabs | Malware Blog – by Trend Micro
Another Adobe Flash Zero-Day Found, Embedded in Word Documents
Related Posts
- Adobe Flash under fire with another zero-day exploit (Digital Trends)
Digital Trends - Less than a week after warning users about a zero-day exploit in its PDF software, Adobe found another zero-day exploit in Flash. Adobe said hackers are already taking advantage of a ... - Zero-Day Vulnerability in Adobe Flash Player, Reader and Acrobat
Adobe released a security advisory in which it warns from a zero-day vulnerability within current version of Adobe Flash Player, Reader and Acrobat. Affected are Flash Player 10.2.153.1 and earlier ve... - Excel File Containing Adobe Zero-Day Exploit Found
We got hold of an exploit targeting the vulnerability Adobe reported in its most recent security advisory.
The exploit, detected as TROJ_ADOBFP.B (now detected as TROJ_ADOBFP.SM), takes advantage of t... - Zero-day Flash bugs squashed by Adobe
Adobe has issued a security update for its widely-used Flash software, protecting against a number of critical security vulnerabilities that could be exploited by malicious hackers.
In a security bul... - Blog: Sykipot exploits an Adobe Flash Zero-Day
Yesterday, Adobe published an advisory about a critical vulnerability in their Flash Player that is already being actively exploited. The exploit we are seeing right now has a payload which, while not... - Technical Analysis of the Recent Adobe Flash Zero-Day Vulnerability
This blog discusses our analysis of the recent Adobe Flash zero-day vulnerability. Trend Micro received a sample Shockwave Flash (.SWF) file that exploited this 0-day vulnerability. Since the original... - Adobe sounds alarm on Flash zero-day attacks
Less than a week after warning users that hackers were exploiting an unpatched bug in its Reader PDF viewer, Adobe on Monday said Flash, its other prominent program, was also under fire.
View full ... - Adobe Fixes Flash Zero-Day with Massive Security Update
Adobe has been in the headlines for all the wrong reasons recently with new attacks exploiting flaws in Adobe Flash and Adobe Reader. Adobe has addressed the security vulnerabilities now with an immen... - Adobe Flash Update Fixes Zero-Day and 31 Other Vulns
Adobe has released Flash 10.1, fixing 32 separate vulnerabilities including one which has been the target of zero-day attacks on Acrobat and Reader.
The new version of Flash is specifically ... - Analysis of a Zero-day Exploit for Adobe Flash and Reader
Last weekend, we warned our customers about a Zero-day exploit targeting Adobe Flash and Reader in the wild. The corresponding BID can be seen here. We have updated our antivirus definitions in order...
Posted on 13 April 2011. Tags: Adobe, another, Documents, Embedded, flash, Found, word, ZeroDay
The above information is reprinted from and copyrighted © by Trend Micro.
