Flash 0-days

By Thomas Kristensen

At the beginning of March, a 0-day vulnerability surfaced in Adobe Flash Player within the ActionScript Virtual Machine 2 (AVM2), which handles ActionScript 3.0 language. The vulnerability was exploited via Excel documents containing specially crafted Flash content and follow-up reports show that this was exploited e.g. in the compromise of RSA.

A month later, and after a fixed version of Adobe Flash Player being released, another 0-day vulnerability has surfaced in the latest version of Adobe Flash Player. This time it's exploited via Word documents and was reportedly sent to a number of people including assistants of former high-ranked politicians, who are now working at global consulting companies.

This confirms that Adobe Flash Player is still a very popular target for cybercriminals and for good reason as Secunia PSI/CSI statistics show that it's installed on 96.1% of all Windows systems. In the past, Flash Player 0-days were often delivered via PDF files targeting Adobe Reader/Acrobat, which bundles Flash Player, but it seems after the release of Adobe Reader/Acrobat X that Office documents have become the new attack vector.

Secunia Research is currently analysing this vulnerability as well as closely monitoring any news about its exploitation. Additional details will be added to our advisories available on our website and customer area for VIM customers. Also, as soon as patches are available, Secunia PSI users and Secunia CSI customers will be informed and can roll out patches quickly and efficiently to ensure that their systems are updated and protected against malware exploiting this vulnerability.

Stay Secure,

Thomas Kristensen