DV Hardware - bringing you the hottest news about processors, graphics cards, Intel, AMD, NVIDIA, hardware and technology!
   Home | News submit | News Archives | Reviews | Articles | Howto's | Advertise
DarkVision Hardware - Daily tech news
August 6, 2020 
Main Menu
News archives

Who's Online
There are currently 105 people online.


Latest Reviews
Ewin Racing Flash gaming chair
Arctic BioniX F120 and F140 fans
Jaybird Freedom 2 wireless sport headphones
Ewin Racing Champion gaming chair
Zowie P-TF Rough mousepad
Zowie FK mouse
BitFenix Ronin case
Ozone Rage ST headset

Follow us

Yet another critical Adobe Flash bug gets plugged

Posted on Thursday, December 06 2018 @ 10:16:46 CET by

NVDA logo
The Register reports Adobe released an out-of-band emergency update to patch a security bug in its Flash plug-in. The bug is actively exploited by cybercriminals and the way the attack works reads like a greatest hits album of terrible security, involving not just Flash but also ActiveX and Office:
In its current form, the attack bundles exploit code for the Flash zero-day (a use-after-free() bug) with an ActiveX call that is embedded within an Office document. The attacker delivers the document via a spear-phishing email. ATR noted that some of the samples appear to mimic documents from a Russian medical clinic, though others were not specifically targeted towards any one company or group.

When the target opens the poisoned Doc, the ActiveX plug-in calls up Flash Player to run the attack code. From there, CVE-2018-15982 is exploited and the malware looks to download its real payload; a remote control tool that collects system info, and relays it to a command and control system.



DV Hardware - Privacy statement
All logos and trademarks are property of their respective owner.
The comments are property of their posters, all the rest © 2002-2019 DM Media Group bvba