Quantcast
Channel: E Hacking News - Latest Hacker News and IT Security News
Viewing all articles
Browse latest Browse all 6409

CVE-2012-1535: Adobe Flash player being exploited in the wild

$
0
0

A word document 'iPhone 5 Battery.doc' containing a malicious embedded flash file explotis the recently patched Adobe Flash player vulnerability(CVE-2012-1535), Alienvault researchers warns.

About CVE-2012-1535:Unspecified vulnerability in Adobe Flash Player before 11.3.300.271 on Windows and Mac OS X and before 11.2.202.238 on Linux allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted SWF content.

Once victim open the the malicious document , it will exploit the vulnerability and executes the shellcode. Once the payload is executed, it drops a malicious dll file. While executing the malicious code, the malware displays a genuine article about leaked iPhone 5 battery Images.

This backdoor is know as c0d0so0 and also Backdoor.Briba and it has been seen in other targeted attacks exploiting CVE-2012-0779 among others during the past few months.

The backdoor contacts the remote sever publicnews.mooo.com using a HTTP POST request and attempts to download an executable file encapsulated in a ZIP and disguised as a GIF.

"The use of Dynamic DNS providers like DynDNS.org , 3322.net.. is very common in this kind of threats. You should be monitoring the requests to dynamic dns providers in your network,"Researcher says.

Viewing all articles
Browse latest Browse all 6409

Trending Articles