Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

New Adobe Flash Player Flaw Shares Similarities With Previous Vulnerability: Trend Micro

Researchers at Trend Micro say the zero-day vulnerability patched Tuesday by Adobe Systems has a similar underlying cause as an older flaw.

Researchers at Trend Micro say the zero-day vulnerability patched Tuesday by Adobe Systems has a similar underlying cause as an older flaw.

On Tuesday, Adobe patched CVE-2015-3113 – a vulnerability in Adobe Flash Player being exploited in the wild by the attack group APT3.

“Our analysis of the current flaw reveals that the root cause of CVE-2015-3113 is similar to CVE-2015-3043,” blogged Trend Micro Threats Analyst Peter Pi. “Both cause a buffer overflow within the Flash Player code. In fact, code targeting the previous exploit can also cause crashes in version 18.0.0.160 (the version immediately before this emergency update).”

Both vulnerabilities can be used to run arbitrary code on targeted systems if they visit a site with a malicious Flash file. Both are also heap overflow vulnerabilities in the FLV audio parsing flow, reside in how Flash Player processes audio with the Nellymoser codec and can be triggered by modifying the FLV file’s audio tag, explained Pi.

“They both overflow a hardcoded length heap buffer with a length of 0x2000,” he wrote. “CVE-2015-3043 and CVE-2015-3113 both trigger this bug using sample_count * sample_size > 0x2000, and bypass the length check.”

Adobe patched CVE-2015-3043 in 17.0.0.169 by limiting the sample count acquired from the FLV audio tag. In version 18.0.0.160, the code underwent significant changes, Pi noted.

“The GetSampleCount function checks the final buffer size needed,” he explained. “If the final buffer size is larger than 0x2000, it will limit it to 0x2000. However, this ignores the Nellymoser decode function’s hardcoded double operation; this can be used to trigger a heap buffer overflow once again.”

According to Pi, both vulnerabilities “share the same underlying root cause.”

“This incident highlights how important careful development of patches is, to prevent patched bugs from being re-exploited at a later time,” Pi wrote. “Regression testing must also be a part of software development in order to check that old bugs do not threaten new versions of software.”

In a statement to SecurityWeek, Adobe said it performs regression testing as part of its standard testing process.

“As the Trend Micro article notes, CVE-2015-3113 and CVE-2015-3043 are similar, but different,” according to the company. “We will be performing a 0-day review on this issue to determine whether the regression test did not consistently reproduce the issue or whether there is another reason the similarity was not immediately noted and addressed.”

Written By

Click to comment

Expert Insights

Related Content

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

Mobile & Wireless

Apple’s iOS 12.5.7 update patches CVE-2022-42856, an actively exploited vulnerability, in old iPhones and iPads.

Vulnerabilities

Security researchers have observed an uptick in attacks targeting CVE-2021-35394, an RCE vulnerability in Realtek Jungle SDK.

Mobile & Wireless

Two vulnerabilities in Samsung’s Galaxy Store that could be exploited to install applications or execute JavaScript code by launching a web page.

Vulnerabilities

Several vulnerabilities have been patched in OpenText’s enterprise content management (ECM) product.

Vulnerabilities

Google has awarded more than $25,000 to the researchers who reported the vulnerabilities patched with the release of the latest Chrome update.