Away from the Flash, away from the dangerous: from Flash 0day vulnerability disclosure to the integrated penetration tools package, only used 4-day-vulnerability warning-the black bar safety net

ID MYHACK58:62201564176
Type myhack58
Reporter 佚名
Modified 2015-06-30T00:00:00


6 on 2 7 January, a penetration testing Toolkit Magnitude has been successfully Adobe Flash Player 0day vulnerability, and this time only in the Adobe release fix vulnerabilities patch after four days, kit software the author recently become the fastest to achieve the use of the Flash Player vulnerabilities to the developers. Vulnerability the king of Flash and there are 0day vulnerabilities. 6 on 2 3 August,security firm FireEye released a report on the use of Adobe Flash Player 0day Vulnerability(cve-2 0 1 5-3 1 1 3)on the target of the attack report. The security company says that some users will receive a special phishing email, the phishing message contains a link that can be linked to a containing a 0-day exploit sites. In FireEye released the report at the same time, Adobe announced that it has on the vulnerabilities were fixed. Vulnerability details ! This Flash Video File exploit is to use the Nellymoser audio decoder stack in the code beyond its maximum length resulting in a buffer overflow vulnerability. This bug much earlier in the CVE-2 0 1 5-3 0 4 3(Trend Micro)is also used. CVE-2 0 1 5-3 0 4 3 initially in the 1 7. 0. 0. 1 6 9, is patch, by limiting the From the FLV audio tags to obtain the sample count. ! We can find the number of samples is limited to the 0×4 0 to 0. We can calculate the maximum buffer: FLV size specified is 4, as each sample of the maximum size. Nellymoser encoder hard-coded size is a multiple of 2 as shown in the following code. Therefore, the required maximum buffer is 0×4 0 042=0×2 0 0 0。 ! The new patch 1 8. 0. 0. 1 6 0 However, the code here has undergone major changes, now the code is as follows: ! GetSampleCount function can check the final required buffer size. If the final buffer size is greater than 0×2 0 0 0, it will be limited to 0×2 0 0 0 in. However, this ignores the Nellymoser decoding function of the hard-coded dual operation; can be used again to trigger a bunch of buffer overflow. Four days will be exploited by hackers 6 on 2 7-day penetration testing Toolkit Magnitude already successfully exploited the vulnerability, and this time only in the Adobe release fix vulnerabilities patch after four days. Magnitude EK are that the malware Cryptowall is mounted to the unsuspecting user device, which the author recently become the fastest to achieve the use of the Flash Player vulnerabilities to the developers, while other developers will this exploit to add to their own Toolkit, is only a matter of time. According to Secunia Friday to provide the data display, as of 6 May 2 6 May global about 9 5% of users have installed Adobe Flash, and 5 5% of users installed the patch. This proportion in the United States is even lower, only 5 0 percent. This number is huge, it's easy to see why Flash Player vulnerabilities of the most affected by the attacker's preference. In fact, the attacker has many advantages, in the absence of fully resolving an unsafe or complex coding before they can re-build an exploit to bypass the front of the patch. To be or not to be it? If you haven't installed the patch, please you now immediately go! Install to Google Chrome and Windows 8. x in IE Adobe Flash Player will automatically update to the latest version, but if you are a standalone installation and is not set to automatically update, you have to self rescue. It is undeniable that the full Flash Player from the device removal is a simple and crude but not a bad idea. You can always enable the now popular web browser point-multicast(click-to-play functions, in order to reduce unnecessary risk. Perhaps, now is the time and Flash say bye bye!