CVE-2014-0497 – a 0-day vulnerability
Vyacheslav Zakorzhevsky
Kaspersky Lab Expert
Posted February 05, 15:15 GMT
Tags: Adobe Flash, Malware Technologies, Vulnerabilities and exploits, Zero-day vulnerabilities
Kaspersky Lab Expert
Posted February 05, 15:15 GMT
Tags: Adobe Flash, Malware Technologies, Vulnerabilities and exploits, Zero-day vulnerabilities
0.5
A short while ago, we came across a set of similar SWF exploits and were unable to determine which vulnerability they exploited.
We reported this to Adobe and it turned out that these ITW exploits targeted a 0-day vulnerability. Today, Adobe released a patch for the vulnerability.
This post provides a technical analysis of the exploits and payload that we discovered.
All in all, we discovered a total of 11 exploits, which work on the following versions of Adobe Flash Player:
11.3.372.94
11.3.375.10
11.3.376.12
11.3.377.15
11.3.378.5
11.3.379.14
11.6.602.167
11.6.602.180
11.7.700.169
11.7.700.202
11.7.700.224