CISA releases deadline for patching Google Chrome and Adobe Magneto zero-day vulnerabilities (CVE-2022-24086 & CVE-2022-0609)

The US Cybersecurity and Infrastructure Security Agency (CISA) has added nine new vulnerabilities to its list of regularly exploited vulnerabilities. This list includes two zero-days that affect Google Chrome and Adobe Commerce/Magento Open Source.    CISA stated that until March 1st, 2022, all Federal Civilian Executive Branch Agencies (FCEB) must install patches for these two … Continue reading “CISA releases deadline for patching Google Chrome and Adobe Magneto zero-day vulnerabilities (CVE-2022-24086 & CVE-2022-0609)”

Microsoft Windows Adobe Type Manager Library Remote Code Execution zero-day Vulnerability (ADV200006)

Summary: Amidst the global pandemic, there has been an emerge of a zero-day reported in Microsoft Windows. On March 23, Microsoft acknowledged the existence of a critical security vulnerability in multiple versions of Windows and Windows Server, in Adobe Type Manager (ATM) Library, an integrated PostScript font library found in all versions of Windows. Description: … Continue reading “Microsoft Windows Adobe Type Manager Library Remote Code Execution zero-day Vulnerability (ADV200006)”

Adobe Media Encoder Out-of-Bounds Write Vulnerability (CVE-2020-3764)

Summary: In third week of February,2020, after MSPT, an out-of-bounds (OOB) write vulnerability was observed in Adobe Media Encoder that leads to arbitrary code execution. This vulnerability was observed only for Microsoft Windows platform. Description: Adobe Media Encoder, is a software for encoding and compressing audio or video files. When the untrusted input is processed, … Continue reading “Adobe Media Encoder Out-of-Bounds Write Vulnerability (CVE-2020-3764)”

Adobe Acrobat Reader OCG Heap-based Buffer Overflow : CVE-2018-4910

A heap overflow vulnerability was discovered in Adobe Acrobat Pro DC. The issue occurs due to improper handling of OCG content. Upon successful exploitation an attacker can corrupt memory,control-flow hijack. CVE-2018-4910 has been assigned to track this vulnerability.The issue affects Adobe Acrobat Pro DC 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions Vulnerability … Continue reading “Adobe Acrobat Reader OCG Heap-based Buffer Overflow : CVE-2018-4910”

Sundown Exploit Kit and The EITEST Campaign

Abstract: After the vanishing of Angler and Neutrino Exploit kits (EK), the underground cyber world of EK was left with only one major player with Rig EK. Pseudo-Darkleech and EITEST, the two most popular website compromise campaigns, both redirected their victims to Rig EK. However, a few days back, our systems recently detected a major … Continue reading “Sundown Exploit Kit and The EITEST Campaign”

Adobe Flash Player CVE-2016-4171 Zero Day and Active Attacks

Adobe Flash Player 21.0.0.242 are earlier versions for Windows, Macintosh, Linux, and Chrome OS are currently being exploited and there is no patch. Therefore we have marked them as ‘Zero Day’ as well as ‘Active Attacks’ in ThreatPROTECT.  The exploit uses CVE-2016-4171 in targeted attacks. Adobe is expected to address this vulnerability on June 16. We have … Continue reading “Adobe Flash Player CVE-2016-4171 Zero Day and Active Attacks”

Adobe Flash new 0-day – Update

Update: three ExploitKits have so far integrated this new vulnerability. Our RTI for QId: 120098 in ThreatPROTECT is nowExploitKit and ActiveAttacks. Original: According to Adobe a new 0-day vulnerability in its Flash player is under attack in the wild. The vulnerability in tagged as CVE-2016-4117 and affects Flash player version equal or less than V21.0.0.226. Adobe expects … Continue reading “Adobe Flash new 0-day – Update”

Adobe Flash partial 0-day patched in OOB release

Adobe addressed a partial 0-day vulnerability its Flash player with a software release on April 7, 2016. The new version of Flash fixes 24 vulnerabilities, with CVE-2016-1019 under active attack through the Magnitude Exploit Kit. The vulnerability is a partial 0-day because in the newest version of Flash a mitigation strategy introduced by Adobe prevents … Continue reading “Adobe Flash partial 0-day patched in OOB release”

Adobe patches 0-day in Flash with out-of-band update

On March 10 Adobe released an out-of-band update for their Flash Player that addresses a vulnerability (CVE-2016-1010) actively exploited in targeted attacks. APSB16-08 addresses also another 22 vulnerabilities. A successful exploit of this vulnerability gives the attacker Remote Code Execution on the target machine. Attack vector includes malicious websites set up for the purpose of … Continue reading “Adobe patches 0-day in Flash with out-of-band update”

Angler ExploitKit integrates Flash APSB16-01

On January 22 the Angler ExploitKit integrated the recent vulnerability CVE-2015-8651 into its arsenal. With that the exploit becomes widely available. We have updated the corresponding RTI to “ExploitKit”. Patching Adobe Flash player by applying APSB16-01 now becomes crucial as attacks against the vulnerability are now bound to be common. https://vimeo.com/162606661/