Flash-Zero-Day

A new zero-day (CVE-2014-0515) exploit exists in the wild, and is being used to target Flash Player users on the Windows systems. The vulnerability was discovered by Kaspersky Lab in Mid April.

There is a buffer overflow vulnerability in the Pixel Bender component which is designed for video and image processing that can be used to execute arbitrary code. This flaw allows attackers to take complete control of the systems remotely. An attack is conducted by convincing users to visit a specially crafted website hosted by an attacker.

According to Kaspersky Lab blog, they found two new SWF exploits in mid-April. These exploits were stored as movie.swf and include.swf at an infected site. The only difference between the two pieces of malware is their shellcodes. The Action Script code inside was neither obfuscated nor encrypted.

Affected versions are Adobe Flash Player 13.0.0.182 and earlier on Windows, 13.0.0.201 and earlier on Mac and 11.2.202.350 and earlier on Linux systems.

Courtesy: Adobe Systems

Courtesy: Adobe Systems

Adobe released security bulletin APSB14-13 addressing CVE-2014-0515 vulnerability.

SecPod Saner helps fix this issues by upgrading the Adobe Flash Player to a non-vulnerable version, through its easy to use interface. 

Download Saner now and keep your systems updated and secure.

– Veerendra GG

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedIn
Loading Facebook Comments ...

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes:

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>