Security News

Angler EK is exploiting Adobe Flash Vulnerability (CVE-2015-5560)

By

There is an integer overflow vulnerability in Adobe Flash Player 18.0.0.209 and earlier versions. The vulnerability is triggered when Flash Player loads and parses an contrieved MP3 file with compressed ID3 data greater than 0x2aaaaaaa bytes. This causes an interger overflow in the buffer that allocates this data. This results in copying a large amount of data in to a small buffer.

Not long after the disclosure of the vulnerability, Angler exploit kit has been cited to be using exploits for this vulnerability.

The issues only affects 64bit platforms. The vulnerability is referred by CVE as CVE-2015-5560.

Security News
The SonicWall Capture Labs Threat Research Team gathers, analyzes and vets cross-vector threat information from the SonicWall Capture Threat network, consisting of global devices and resources, including more than 1 million security sensors in nearly 200 countries and territories. The research team identifies, analyzes, and mitigates critical vulnerabilities and malware daily through in-depth research, which drives protection for all SonicWall customers. In addition to safeguarding networks globally, the research team supports the larger threat intelligence community by releasing weekly deep technical analyses of the most critical threats to small businesses, providing critical knowledge that defenders need to protect their networks.
Recommended Cyber Security Stories
Attackers actively exploiting Apache Struts Vulnerability
OpenSSL Heartbleed Vulnerability Follow-up (April 18, 2014)
SQL Injection Attacks Up-to-date Summary (Sept 19, 2014)
CVE-2018-1111 Network Manager command injection vulnerability
Is Red/Blue Teaming Right for Your Network?
Cyber Security News & Trends – 04-19-19
Kaseya VSA server exploitation and another supply chain ransomware attack
Infection Cycle of WGET Trojan Dropper, November 2018.