Another technique leverages Object Linking and Embedding (OLE) capabilities in Microsoft Office documents to automatically download Flash content from a remote server.Īn attacker who is able to execute arbitrary code through the Flash vulnerability could exploit the Adobe Type Manager vulnerability to gain elevated system privileges. A second attack vector for Flash vulnerabilities is through a file (such as an email attachment) that embeds Flash content. The primary impact of exploiting this vulnerability is local privilege escalation.īy convincing a user to visit a website or open a file containing specially crafted Flash content, an attacker could combine any one of the three Adobe Flash vulnerabilities with the Microsoft Windows vulnerability to take full control of an affected system.Ī common attack vector for exploiting a Flash vulnerability is to entice a user to load Flash content in a web browser, and most web browsers have Flash installed and enabled. The Adobe Type Manager is a Microsoft Windows component present in every version since NT 4.0. Microsoft Windows Adobe Type Manager privilege escalation vulnerability ( CVE-2015-2387)The Adobe Type Manager module contains a memory corruption vulnerability, which can allow an attacker to obtain system privileges on an affected Windows system.Exploitation of these vulnerabilities could allow a remote attacker to execute arbitrary code on a vulnerable system. Adobe Flash use-after-free and memory corruption vulnerabilities ( CVE-2015-5119, CVE-2015-5122, CVE-2015-5123) Adobe Flash Player contains critical vulnerabilities within the ActionScript 3 ByteArray, opaqueBackground and BitmapData classes.The following vulnerabilities illustrate the need for ongoing mitigation techniques and prioritization of updates for highly targeted software: Since attackers continue to target and find new vulnerabilities in popular, Internet-facing software, updating is not sufficient, and it is important to use exploit mitigation and other defensive techniques. Used in conjunction, recently disclosed vulnerabilities in Adobe Flash and Microsoft Windows may allow a remote attacker to execute arbitrary code with system privileges.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |