![]() ![]() Threat actors used a decoy Microsoft Excel document to lure their intended target (some South Korea users) in order to infect them with a remote administration tool named ROKRAT. While not obvious at first, an ActiveX object has been embedded into the document and contains the Flash exploit. These attacks leverage Office documents with embedded malicious Flash content distributed via email. On February 1, Adobe published a security advisory acknowledging this zero-day:Īdobe is aware of a report that an exploit for CVE-2018-4878 exists in the wild, and is being used in limited, targeted attacks against Windows users. The flaw, which exists in Flash Player 28.0.0.137 and earlier versions, allows an attacker to remotely execute malicious code. The animation below shows Malwarebytes blocking the exploit, and when the anti-exploit protection module is disabled, we can see the calculator launching.Ī new Flash Player zero-day has been found in recent targeted attacks, as reported by KrCERT. ![]() ![]() Rather than launching it from within Office, we turned it into a drive-by download attack. We tested this zero-day with a proof-of concept that was made available. Update (): Adobe has released a patch for this vulnerability. ![]()
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. Archives
December 2022
Categories |