A new zero-day (CVE-2014-0515) exploit exists in the wild, and is being used to target Flash Player users on the Windows systems. The vulnerability was discovered by Kaspersky Lab in Mid April.
There is a buffer overflow vulnerability in the Pixel Bender component which is designed for video and image processing that can be used to execute arbitrary code. This flaw allows attackers to take complete control of the systems remotely. An attack is conducted by convincing users to visit a specially crafted website hosted by an attacker.
According to Kaspersky Lab blog, they found two new SWF exploits in mid-April. These exploits were stored as movie.swf and include.swf at an infected site. The only difference between the two pieces of malware is their shellcodes. The Action Script code inside was neither obfuscated nor encrypted.
Affected versions are Adobe Flash Player 220.127.116.11 and earlier on Windows, 18.104.22.168 and earlier on Mac and 22.214.171.1240 and earlier on Linux systems.
Adobe released security bulletin APSB14-13 addressing CVE-2014-0515 vulnerability.
SecPod Saner helps fix this issues by upgrading the Adobe Flash Player to a non-vulnerable version, through its easy to use interface.
Download Saner now and keep your systems updated and secure.
– Veerendra GG