Adobe Flash Player Type Confusion Vulnerability : CVE-2017-11292

A type confusion vulnerability was discovered in Adobe Flash Player version 27.0.0.159 and earlier. This vulnerability can be exploited remotely to achieve arbitrary code execution on the target machine. The type confusion occurs due to improper array index calculation. The vulnerability has been assigned CVE-2017-11292The table below lists the affected products 

Product Version OS
Adobe Flash Player Desktop Runtime 27.0.0.159 and earlier versions Windows, Macintosh
Adobe Flash Player for Google Chrome 27.0.0.159 and earlier versions Windows, Macintosh, Linux ,Chrome OS
Adobe Flash Player for Microsoft Edge and Internet Explorer 11 27.0.0.159 and earlier versions Windows 10, 8.1
Adobe Flash Player Desktop Runtime 27.0.0.159 and earlier versions Linux

This issue has been addressed by Adobe in APSB17-32 on version 27.0.0.170. The vulnerability was reported by Anton Ivanov of Kaspersky Labs. The exploit was discovered in the wild, it was delivered as part of malicious Microsoft Office Document embedded with an ActiveX object. The use of the exploit has been attributed to “BlackOasis” and “APT28”. On successful execution the target machine is infected with FinSpy malware or DealersChoice attack depending on the source of the document.

Vulnerability
As mentioned earlier a type confusion vulnerability leads to arbitrary code execution. The vulnerability is present in “com.adobe.tvsdk.mediacore.BufferControlParameters” class. An incorrect bytecode verification procedure, which allows an un-trusted value to be used to calculate the array index. On successful exploitation the code will gain arbitrary read/write capability. This can be leveraged to write and execute shellcode .

Mitigation
We request organizations to install the latest version of Adobe Flash Player and scan your network with the QIDs listed below to detect vulnerable machines.

QID Description
100321 Microsoft Windows Adobe Flash Player Security Update for October 2017
236529 Red Hat Update for flash-plugin (RHSA-2017:2899)
370604 Adobe Flash Player Remote Code Execution Vulnerability (APSB17-32)

Please continue to follow ThreatProtect for information on vulnerabilities.

References
CVE-2017-11292
APSB17-32
BlackOasis
APT28
DealersChoice

Leave a Reply

Your email address will not be published. Required fields are marked *