9.3
CVSSv2

CVE-2015-7645

Published: 15/10/2015 Updated: 01/07/2017
CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6
VMScore: 936
Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Summary

Adobe Flash Player 18.x up to and including 18.0.0.252 and 19.x up to and including 19.0.0.207 on Windows and OS X and 11.x up to and including 11.2.202.535 on Linux allows remote malicious users to execute arbitrary code via a crafted SWF file, as exploited in the wild in October 2015.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

adobe flash_player

Vendor Advisories

Adobe Flash Player 18x through 1800252 and 19x through 1900207 on Windows and OS X and 11x through 112202535 on Linux allows remote attackers to execute arbitrary code via a crafted SWF file, as exploited in the wild in October 2015 ...

Exploits

Source: codegooglecom/p/google-security-research/issues/detail?id=547 If IExternalizablewriteExternal is overridden with a value that is not a function, Flash assumes it is a function even though it is not one This leads to execution of a 'method' outside of the ActionScript object's ActionScript vtable, leading to memory corruption ...

Github Repositories

Panopticon Project Fancy Bear Attack Pattern A type of Tactics, Techniques, and Procedures (TTP) that describes ways threat actors attempt to compromise targets Campaign A grouping of adversarial behaviors that describes a set of malicious activities or attacks that occur over a period of time against a specific set of targets Course of Action An action taken to either preve

CVE-Study CVE id CVSS Type CVE-2017-12762 100 BOF CVE-2017-0561 100 - CVE-2017-11176 100 UAF CVE-2017-8890 100 CVE-2017-7895 100 CVE-2017-3106 93 CVE-2017-3064 93 CVE-2017-0430 93 CVE-2017-0429 93 CVE-2017-0428 93 CVE-2017-0427 93 CVE-2017-0528 93 CVE-2017-0510 93 CVE-2017-0508 93 CVE-2017-0507 93 CVE-2017-0455 93

Recent Articles

Neptune Exploit Kit Dropping Cryptocurrency Miners Through Malvertisements
Threatpost • Chris Brook • 22 Aug 2017

Despite a marked decrease in activity, exploit kits haven’t completely disappeared just yet. The Neptune, or Terror Exploit Kit, is alive and well; during the last month, researchers have observed the kit as part of a campaign to abuse a legitimate popup ad service to drop cryptocurrency miners.
Researchers with FireEye said Tuesday the kit has been redirecting victims with popups from fake hiking ads to exploit kit landing pages and in turn to HTML and Adobe Flash exploits. Researchers ...

Hiking Club Malvertisements Drop Monero Miners Via Neptune Exploit Kit
Fireeye Threat Research • by Zain Gardezi , Manish Sardiwal • 22 Aug 2017

Exploit kit (EK) activity has been on the decline ever since Angler Exploit Kit was shut down in 2016. Fewer people using Internet Explorer and a drop in browser support for Adobe Flash – two primary targets of many exploit kits – have also contributed to this decline. Additionally, some popular redirect campaigns using PseudoDarkleech and EITest Gate to Rig Exploit Kit were shut down in first half of this year.
Despite all this, malvertising campaigns involving exploits kits remain ac...

Hiking Club Malvertisements Drop Monero Miners Via Neptune Exploit Kit
Fireeye Threat Research • by Zain Gardezi , Manish Sardiwal • 22 Aug 2017

Exploit kit (EK) activity has been on the decline ever since Angler Exploit Kit was shut down in 2016. Fewer people using Internet Explorer and a drop in browser support for Adobe Flash – two primary targets of many exploit kits – have also contributed to this decline. Additionally, some popular redirect campaigns using PseudoDarkleech and EITest Gate to Rig Exploit Kit were shut down in first half of this year.
Despite all this, malvertising campaigns involving exploits kits remain ac...

Need Xmas ideas? Try CVE-2015-7645, a Flash gift that keeps on giving
The Register • Darren Pauli • 08 Dec 2016

Who the hell needs zero days?

A Flash vulnerability subject to emergency patching by Adobe has been used in all major exploit kits to compromise users not already updated.
The vulnerability (CVE-2015-7645) patched in October last year was the first zero day since Adobe implemented more hardened security.
It was also the most pervasive among the vulnerabilities adopted by exploit kits, according to the Recorded Future study of an eye-watering 141 kits.
The once huge now dead Angler and Neutrino exploit kits ...

Flash Exploit Found in Seven Exploit Kits
Threatpost • Michael Mimoso • 06 Dec 2016

A nasty Adobe Flash zero-day vulnerability that was remediated in an emergency update in October 2015 was thereafter co-opted by seven exploit kits, according to an analysis published today by researchers at Recorded Future.
The Adobe vulnerability, CVE-2015-7645, was also used by the Russian APT group known as APT 28, which laced spear phishing emails with exploits targeting foreign affairs ministries worldwide. APT 28, also known as Sofacy, frequently targets NATO-allied political target...

Game of P0wns: Malvertising menace strikes Pirate Bay season six downloads
The Register • Darren Pauli • 27 Apr 2016

There is no honour among content thieves

Scores of Game of Thrones pirates may have had computers encrypted by ransomware after malvertisers served the dangerous malware through the Pirate Bay during the mega-series' season six première last weekend.
MalwareBytes researcher Jerome Segura says the hard-working Magnitude exploit kit authors were able to target pirates after they bought advertising space on the infamous Bittorrent website targeting users with pop-under ads.
Magnitude is a hugely successful crimeware offering ...

Angler exploit kit now hooking execs with Xmas Flash hole
The Register • Darren Pauli • 28 Jan 2016

Rivals stuck with old Adobe exploits

The Angler exploit kit is again sailing the cyber seas and pillaging with impunity, adding one of the more recent machine-hijacking Flash holes to its arsenal.
The integration of Adobe Flash vulnerability (CVE-2015-8651) patched last month solidifies Angler's position as the most popular and effective exploit kit on underground criminal markets.
Chinese security researcher known as ThreatBook reports the exploit kit is being used in phishing attacks under the so-called DarkHotel camp...

Exploit kits throw Flash bash party, invite Crypt0l0cker, spam bots
The Register • Darren Pauli • 11 Jan 2016

Evilware rivals race to exploit the flaws stoopid folks don't fix

Criminals behind some of the most potent exploit kits, Neutrino and RIG, are ramping up attacks slinging the latest ransomware and hosing users who have not applied recent Adobe Flash patches.
The patched vulnerabilities permit code execution and allow the dangerous hacking kits to compromise user machines.
The two above-mentioned exploit kits jostle for top spot on the evilware charts, with speedy exploitation of Flash vulnerabilities giving one the edge over the other. Damage infli...

You can’t be invulnerable, but you can be well protected
Securelist • Vyacheslav Zakorzhevsky • 23 Dec 2015

Software vulnerabilities are one of those problems that potentially affect all users. A vulnerability is a fault in a program’s implementation that can be used by attackers to gain unauthorized access to data, inject malicious code or put a system out of operation. In most cases, vulnerabilities arise from a lack of attention to fine details at the design stage rather than programming errors. Sometimes a system can seem virtually invulnerable at the design stage, but then, at some point, a new...

'Legacy' Wordpress blog site of The Independent serving malware
The Register • Richard Chirgwin • 10 Dec 2015

Ransomware targets old Flash versions, says Trend Micro

The Independent has become the latest big-name publisher to serve malware.
Trend Micro is warning that the UK news site's Wordpress-based blog section has been compromised.
The company says the attack seems to have begun on November 21, with a compromised page serving the Angler exploit kit, taking advantage of visitors with old Flash version to hit them with the Cryptesla 2.2.0 ransomware.
“The vulnerability involved in this particular instance is discovered to be CVE-2015-7...

Emergency Adobe Flash Zero Day Patch Arrives Ahead of Schedule
Threatpost • Chris Brook • 16 Oct 2015

Adobe has decided to patch the zero day vulnerability that was disclosed in Flash Player earlier this week today — instead of next week as originally scheduled.
According to a security bulletin Adobe posted this morning the update actually fixes three vulnerabilities in the software, but the most pressing one is the zero day, CVE-2015-7645, the company said is being used in limited, targeted attacks.
The flaw, a type confusion vulnerability, has been tied to attacks carried out ...

Emergency Adobe Flash Update Coming Next Week
Threatpost • Michael Mimoso • 15 Oct 2015

The latest version of Adobe Flash Player, which was made available on Tuesday, will have a short shelf life.
Adobe will release an emergency Flash update next week after public attacks were carried out against a zero day vulnerability in the latest version of the software, 19.0.0.207, for Windows and Macintosh systems.
Adobe said only that the Flash update will be available the week of Oct. 19; no specific date was set.
The attacks have been attributed to a Russian-speaking APT...

Pawn Storm attack: Flash zero-day exploit hits diplomatic inboxes
The Register • John Leyden • 15 Oct 2015

Government staff swallow news hook linked to poisoned bait

Hackers behind a long-running cyber-espionage campaign have begun using a new Adobe Flash zero-day exploit in their latest campaign.
The attackers behind Pawn Storm targeted several foreign affairs ministries from around the globe using a Flash-based attack, Trend Micro reports.
The targets received spear phishing emails that contained links pointing towards sites hosting the exploit. These emails were themed so that they appeared to offer links to news analysis articles and pie...

Kill Flash: Adobe says patch to fix under-attack hole still days away
The Register • Iain Thomson in San Francisco • 15 Oct 2015

Disable the plugin – or enable click-to-play

Just a day after its monthly batch of security updates, Adobe has confirmed it will issue an emergency critical patch for Flash next week.
With somewhat regrettable timing, given Adobe's patching cycle, Trend Micro's security researchers announced on Tuesday that it had discovered in the plugin a vulnerability, CVE-2015-7645, and that it was being used by hackers who were targeting officials in governments in NATO.
On Wednesday, Adobe acknowledged that the programming blunder affects...