Integer underflow in Adobe Flash Player prior to 11.7.700.261 and 11.8.x up to and including 12.0.x prior to 12.0.0.44 on Windows and Mac OS X, and prior to 11.2.202.336 on Linux, allows remote malicious users to execute arbitrary code via unspecified vectors.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
adobe flash_player |
Perhaps one of the most explosively discussed subjects of 2015 was the compromise and data dump of Hacking Team, the infamous Italian spyware company. For those who are not familiar with the subject, Hacking Team was founded in 2003 and specialized in selling spyware and surveillance tools to governments and law enforcement agencies. On July 5, 2015, a large amount of data from the company was leaked to the Internet with a hacker known as “Phineas Fisher” claiming responsibility for the brea...
Darkhotel APT attacks dated 2014 and earlier are characterized by the misuse of stolen certificates, the deployment of .hta files with multiple techniques, and the use of unusual methods like the infiltration of hotel Wi-Fi to place backdoors in targets’ systems. In 2015, many of these techniques and activities remain in use. However, in addition to new variants of malicious .hta, we find new victims, .rar attachments with RTLO spearphishing, and the deployment of a 0day from Hacking Team. The...
There is no honour among thieves
A black hat trouble maker appears to have released recent source code for one of the most popular exploit kits, malware-probers say. The dump was posted online by a user known as (@EkMustDie) before it was removed. The leaker appears to have previously tried to sell access to the exploit kit. Independent malware investigators including UK hacker known as MalwareTech (@MalwareTechBlog) and French bod Kaffeine (@kafeine) discovered the source code being slung on HackForums by the apparent former r...
66,000 users popped by malicious Flash fudging add-on
Web admins beware: social media buttons that load scripts from unknown external sites could see your sites foisting the FlashPack exploit kit to visitors. Several sources warn that popular JavaScript social media panels are being modified to load external resources that pulled down FlashPack, formerly known as SafePack, which has so far compromised at least 66,000 users. It was loaded onto visitor computers who failed to apply a February Adobe Flash patch (CVE-2014-0497), which would capture a d...