Angler EK is exploiting Adobe Flash Vulnerability (CVE-2015-5560)

There is an integer overflow vulnerability in Adobe Flash Player 18.0.0.209 and earlier versions.
The vulnerability is triggered when Flash Player loads and parses an contrived MP3 file with compressed ID3 data greater than 0x2aaaaaaa bytes.
This causes an integer overflow in the buffer that allocates this data.
This results in copying a large amount of data in to a small buffer.
Not long after the disclosure of the vulnerability, Angler exploit kit has been cited to be using exploits for this vulnerability.
The issues only affects 64bit platforms.
The vulnerability is referred by CVE as CVE-2015-5560.
If you haven't patch your Security Devices, please patch them.

Have a good time.
(Be knowledgeable, pass it on then)

Post a Comment