Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Malware & Threats

Adobe Patches Zero Day Vulnerability Used in Targeted Attacks

CVE-2012-0779 Used in Targeted Attacks Aimed At Manufacturers of Products Used by Defense Industry

On Friday, Adobe issued a security bulletin to address a recently discovered critical vulnerability in its Flash Player, that according to reports, is being used in targeted attacks.

CVE-2012-0779 Used in Targeted Attacks Aimed At Manufacturers of Products Used by Defense Industry

On Friday, Adobe issued a security bulletin to address a recently discovered critical vulnerability in its Flash Player, that according to reports, is being used in targeted attacks.

The attacks are leveraging the recently disclosed CVE-2012-0779 “Object Type Confusion Remote Code Execution Vulnerability”, which Symantec says been in the wild for over a week. The exploit targets the Adobe Flash Player on Internet Explorer for Windows platforms only, via custom crafted emails with malicious attachments.

Symantec said that it has seen many of these files circulating in the wild so far, and that the attacks have been aimed at multiple targets across manufacturers of products used by the defense industry, though the security firm warned that other targets are likely to follow in the days ahead.

“The malicious documents contain an embedded reference to a malicious Flash file hosted on a remote server,” Symantec noted in a blog post. “When the Flash file is acquired and opened, it sprays the heap with shellcode and triggers the CVE-2012-0779 exploit. Once the shellcode gains control, it looks for the payload in the original document, decrypts it, drops it to disk, and executes it.”

Symantec, which detects the payload as Trojan.Pasam, explained that when a user opens the malicious attachment, the vulnerability is exploited in the background and the document is displayed to the unsuspecting user. “The malware authors created several junk documents for such display. Some used scraps of information from public press releases and some were written with the pretext of inviting the recipient to conferences. Others contained random data,” they said.

Symantec also noted that the malware has been seen contacting command and control servers located in China, Korea, and the United States to complete the exploitation.

Users of Adobe Flash Player 11.2.202.233 and earlier versions should update immediately. To see what version of Flash player you have installed you can check using this page from Adobe.

Advertisement. Scroll to continue reading.

Microsoft Vulnerability Research (MSVR) was credited with reporting the vulnerability.

Written By

For more than 15 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is founder and director of several leading cybersecurity industry conferences around the world.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Discover strategies for vendor selection, integration to minimize redundancies, and maximizing ROI from your cybersecurity investments. Gain actionable insights to ensure your stack is ready for tomorrow’s challenges.

Register

Dive into critical topics such as incident response, threat intelligence, and attack surface management. Learn how to align cyber resilience plans with business objectives to reduce potential impacts and secure your organization in an ever-evolving threat landscape.

Register

People on the Move

Karl Triebes has joined Ivanti as Chief Product Officer.

Steven Hernandez has joined USAID as CISO and Deputy CIO.

Data security and privacy firm Protegrity has named Michael Howard as its CEO.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.