Share

tweet



Today, February 2, became aware of the appearance of third zero-day vulnerability (CVE-2015-0313) in Adobe Flash Player.

Today, February 2, Adobe has released a security notice, which informs about the latest zero-day vulnerability in Adobe Flash Player. This is the third zero-day vulnerability in 2015 in a popular player. The vulnerability received identifier CVE-2015-0313, and the exploit to the vulnerability included in Angler Exploit Kit.

About the new vulnerability in Adobe Flash Player reported experts from Trend Micro. According to the researchers, attackers placed the exploit on the site dailymotion.com. Users of this portal redirected to a file hxxp: //www.retilio.com/skillt.swf, which carried out the compromise. Trend Micro detects this exploit as SWF_EXPLOIT.MJST and blocks the URL.

At the moment, the vulnerability is present in the latest version of Adobe Flash 16.0.0.296. The manufacturer plans to release an emergency security patch for this week. While the correction is not available, we encourages our readers to temporarily disable the vulnerable plug-in.

Remote execution of arbitrary code in Adobe Flash Player

The vulnerability allows a remote user to execute arbitrary code on the target system.

Severity Rating: Critical (zero-day vulnerability)

The presence of fixes: No

The Amount of vulnerabilities: 1

CVSSv2 Rating: (AV: N / AC: L / Au: N / C: C / I: C / A: C / E: H / RL: U / RC: C) = Base: 10 / Temporal: 10

CVE ID: CVE-2015-0313

Vector of exploitation: Remote

Impact: System Compromise

Platform: All Platforms

Affected Products: Adobe Flash Player 11.x; Adobe Flash Player 13.x; Adobe Flash Player version 16.x

Affected versions: Adobe Flash Player 16.0.0.296 and earlier versions for Windows and Macintosh; Adobe Flash Player 13.0.0.264 and earlier 13.x; Adobe Flash Player 11.2.202.440 and earlier versions for Linux

Description:

CVE-2015-0313 vulnerability is caused due to an unspecified error. A remote user can execute arbitrary code and to take control of the affected system.

Note: The vulnerability is being actively exploited by hackers today.

Solution: The way to eliminate the vulnerability does not exist at present.

Manufacturer’s URL: http://www.adobe.com

References:

https://helpx.adobe.com/security/products/flash-player/apsa15-02.html