Kaspersky Lab Details Exploits Targeting Just-Patched Adobe Zero-day

February 6, 2014

Kaspersky Lab Details Exploits Targeting Just-Patched Adobe Zero-day

SecurityWeek, By Mike Lennon

On Tuesday afternoon, Adobe released an out-of-band security update to address a critical zero-day security vulnerability in Adobe Flash Player. The remotely exploitable vulnerability is being used in attacks in the wild and allows an attacker to take control of an affected system.

The vulnerability, CVE-2014-0497, was reported to Adobe by Alexander Polyakov and Anton Ivanov of Kaspersky Lab.

Now that a patch has been released by Adobe, Kaspersky Lab has provided a technical analysis of the exploits and payload that the security firm discovered—a total of 11 exploits.

“All of the exploits exploit the same vulnerability and all are unpacked SWF files,” Vyacheslav Zakorzhevsky, a Kaspersky Lab Expert, wrote on a blog post Wednesday. “All have identical actionscript code, which performs an operating system version check. The exploits only work under the following Windows versions: XP, Vista, 2003 R2, 2003, 7, 7x64, 2008 R2, 2008, 8, 8x64. Some of the samples also have a check in place which makes the exploits terminate under Windows 8.1 and 8.1 x64.” Read more.

Kaspersky Lab Details Exploits Targeting Just-Patched Adobe Zero-day

Kaspersky

Kaspersky Lab Details Exploits Targeting Just-Patched Adobe Zero-day

About Kaspersky

Kaspersky is a global cybersecurity and digital privacy company founded in 1997. Innovating the industry with a Cyber Immunity approach, Kaspersky safeguards consumers, businesses, critical infrastructure, and governments from cyberthreats, with over a billion devices protected to date.

Kaspersky ensures Cybersecurity True to Business, focusing on providing clear outcomes, protecting revenue, easing workloads and preventing downtime. Kaspersky’s deep threat intelligence and security expertise is constantly transforming into innovative solutions and services for organizations of every size, from small businesses to large enterprises, combining proven AI-driven protection technologies with simple management and expert support.

Recognized in independent tests and trusted by millions of individuals worldwide and nearly 200,000 organizations, Kaspersky helps detect threats earlier, respond faster and operate with greater confidence and freedom, protecting what matters most to our clients. Learn more at www.kaspersky.com.

Share with your friends

Kaspersky Lab Details Exploits Targeting Just-Patched Adobe Zero-day

Kaspersky Lab Details Exploits Targeting Just-Patched Adobe Zero-day

About Kaspersky

Related Articles Press Releases

Kaspersky Lab Joins Forces with Merchant Risk Council to Help Combat eCommerce Fraud

Kaspersky Lab North America Recognized on CRN’s 2018 Security 100 List

Kaspersky Lab North America Releases its Inaugural Corporate Social Responsibility Report

Kaspersky Lab Appeals U.S. Department of Homeland Security Debarment

Poor Security Practices put Cloud-Driven Business Growth and Cost Savings at Risk

Kaspersky Lab Story of the Year 2017: More Than One Quarter of Ransomware Attacks Target Businesses

Kaspersky Lab Survey: IT Security Experts Uncertain on How to Combat Targeted Attacks

Kaspersky Lab Creates Pop-Up Shop Experience Using New Currency to Showcase the Value of Personal Data

Kaspersky Lab Enters Endpoint Detection and Response Market with New Solution

Kaspersky Lab North America Champions National Cyber Security Awareness Month 2017