Angler EK is exploiting Adobe Flash Vulnerability (CVE-2015-5560)


There is an integer overflow vulnerability in Adobe Flash Player and earlier versions. The vulnerability is triggered when Flash Player loads and parses an contrieved MP3 file with compressed ID3 data greater than 0x2aaaaaaa bytes. This causes an interger overflow in the buffer that allocates this data. This results in copying a large amount of data in to a small buffer.

Not long after the disclosure of the vulnerability, Angler exploit kit has been cited to be using exploits for this vulnerability.

The issues only affects 64bit platforms. The vulnerability is referred by CVE as CVE-2015-5560.

Security News
The SonicWall Capture Labs Threat Research Team gathers, analyzes and vets cross-vector threat information from the SonicWall Capture Threat network, consisting of global devices and resources, including more than 1 million security sensors in nearly 200 countries and territories. The research team identifies, analyzes, and mitigates critical vulnerabilities and malware daily through in-depth research, which drives protection for all SonicWall customers. In addition to safeguarding networks globally, the research team supports the larger threat intelligence community by releasing weekly deep technical analyses of the most critical threats to small businesses, providing critical knowledge that defenders need to protect their networks.