News Centre

Adobe Flash Zero-Day Exploit Found Hidden Inside MS Office Docs

Article by diogo@techpatrol.com.au
December 7, 2018

SHARE THIS POST:

Tech-Patrol

Vulnerabilities have been found within Adobe once again. Cybersecurity researchers have discovered a new zero-day vulnerability in Adobe Flash Player that hackers are actively exploiting in the wild as part of a targeted campaign that appears to be targeting a Russian state health care institution before it moves to the rest of the world.

The vulnerability that’s being tracked as CVE-2018-15982, is a use-after-free flaw residing in the Flash PLayer that, if exploited successfully, can allow an attacker to execute arbitrary code on the targeted computer and eventually gain full control over the system.

This vulnerability was spotted last week by researchers inside malicious Microsoft Office documents, which were submitted to online multi-engine malware scanning service VirusTotal that uses a Ukrainian IP address.

 

 

How does this exploit work?

The carefully crafted malicious Microsoft Office documents contained an embedded Flash Active X control in the header of the document that renders when the targeted user opens it, causing exploitation of the reported Flash Player vulnerability. However, according to the researchers, neither the Flash Exploit or the MS file (22.docx) itself contain the final payload to take control over your system.

The final payload is actually hidden inside an image file (scan42.jpg), which is itself an archive file, that has been packed along with the Microsoft Office file inside a parent WinRAR archive which is then distributed through spear-phishing emails, as shown in the video below:

Upon opening the document, the Flash exploit executes a command on the system to unarchive the image file and run the final payload (i.e., backup.exe) which has been protected with VMProtect and programmed to install a backdoor that is capable of:

  • Monitoring user activities (Keyboard or moves the mouse)
  • Collecting system information and sending it to a remote command-and-control (C&C) server,
  • Executing shellcode,
  • loading PE in memory,
  • downloading files,
  • execute code, and
  • performing self-destruction.

Gigamon researchers Applied Threat Research whilst Chinese cyber-security firm Qihoo 360 Core Security, who spotted and named the malware campaign as “Operation Poison Needles,” have not attributed the attack to any state-sponsored hacking group.

 

 

Am I affected?

The vulnerability impacts Adobe Flash Player versions 31.0.0.153 and earlier for products including Flash Player Desktop Runtime, Flash Player for Google Chrome, Microsoft Edge and Internet Explorer 11. Adobe Flash Player Installer versions 31.0.0108 and earlier is also affected.

Researchers reported the Flash zero-day exploit to Adobe on November 29, after which the company acknowledged the issue and released an updated Adobe Flash Player version 32.0.0.101 for Windows, macOS, Linux, and Chrome OS; and Adobe Flash Player Installer version 31.0.0.122.

This is not the first time this year Adobe has had issues, we reported 11 vulnerabilities (4 critical) that were being patched by the company just in October. If you require assistance with any patching, especially this one, please contact us right away.

If you like to keep up to date with all new alerts, subscribe below.

 

 

Other Articles You May Enjoy: 

 

Share your thoughts in the Comments section:

Subscribe For The Latest In Technology

Other Posts You May Like

TECH NEWS & UPDATES

Please enter your name.
Please enter a valid email address.
Something went wrong. Please check your entries and try again.

RECENT POSTS

Microsoft Azure

Introduction to Azure – A Core Cloud Service

Microsoft Responds to COVID-19

Microsoft Responds To COVID-19 By Offering E1 Licenses Free For The Next 6-Months

teams_video_calls_intelligent_workplace

Microsoft Teams vs Zoom. What is right for your business?

Microsoft Azure

Azure Firewall Manager now supports virtual networks.

White Paper

Enjoy this free eBook

Tech Patrol - Microsoft Office 365

White Paper (Why businesses Are Migrating to Cloud)

  • This field is for validation purposes and should be left unchanged.
adobe-flash-zero-day-exploit-found-hidden-inside-ms-office-docs-tech-success
Scroll to Top