Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

New Adobe Flash Player Flaw Shares Similarities With Previous Vulnerability: Trend Micro

Researchers at Trend Micro say the zero-day vulnerability patched Tuesday by Adobe Systems has a similar underlying cause as an older flaw.

Researchers at Trend Micro say the zero-day vulnerability patched Tuesday by Adobe Systems has a similar underlying cause as an older flaw.

On Tuesday, Adobe patched CVE-2015-3113 – a vulnerability in Adobe Flash Player being exploited in the wild by the attack group APT3.

“Our analysis of the current flaw reveals that the root cause of CVE-2015-3113 is similar to CVE-2015-3043,” blogged Trend Micro Threats Analyst Peter Pi. “Both cause a buffer overflow within the Flash Player code. In fact, code targeting the previous exploit can also cause crashes in version 18.0.0.160 (the version immediately before this emergency update).”

Both vulnerabilities can be used to run arbitrary code on targeted systems if they visit a site with a malicious Flash file. Both are also heap overflow vulnerabilities in the FLV audio parsing flow, reside in how Flash Player processes audio with the Nellymoser codec and can be triggered by modifying the FLV file’s audio tag, explained Pi.

“They both overflow a hardcoded length heap buffer with a length of 0x2000,” he wrote. “CVE-2015-3043 and CVE-2015-3113 both trigger this bug using sample_count * sample_size > 0x2000, and bypass the length check.”

Adobe patched CVE-2015-3043 in 17.0.0.169 by limiting the sample count acquired from the FLV audio tag. In version 18.0.0.160, the code underwent significant changes, Pi noted.

“The GetSampleCount function checks the final buffer size needed,” he explained. “If the final buffer size is larger than 0x2000, it will limit it to 0x2000. However, this ignores the Nellymoser decode function’s hardcoded double operation; this can be used to trigger a heap buffer overflow once again.”

According to Pi, both vulnerabilities “share the same underlying root cause.”

Advertisement. Scroll to continue reading.

“This incident highlights how important careful development of patches is, to prevent patched bugs from being re-exploited at a later time,” Pi wrote. “Regression testing must also be a part of software development in order to check that old bugs do not threaten new versions of software.”

In a statement to SecurityWeek, Adobe said it performs regression testing as part of its standard testing process.

“As the Trend Micro article notes, CVE-2015-3113 and CVE-2015-3043 are similar, but different,” according to the company. “We will be performing a 0-day review on this issue to determine whether the regression test did not consistently reproduce the issue or whether there is another reason the similarity was not immediately noted and addressed.”

Written By

Marketing professional with a background in journalism and a focus on IT security.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

Vulnerabilities

A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

Vulnerabilities

Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.

Vulnerabilities

The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.