Video Screencast Help
Search Video Help Close Back
to help
New in the Rewards Catalog: Vouchers for "Symantec Technical Specialist" and "Symantec Certified Specialist" exams.

Security Response

Showing posts tagged with Adobe Flash remove filter
ゼロデイの背後にあるつながり
Security Intel Analysis Team | 15 Jun 2010 | 0 comments

最近発見された「Adobe Flash Player, Adobe Reader, and Acrobat 'authplay.dll' Remote Code Execution Vulnerability (BID 40586)」(Adobe Flash Player、Adobe Reader、Adobe Acrobat の 'authplay.dll' にリモートでコードが実行される脆弱性)に関連するマルウェアとシェルコードを調べていたところ、2010 年 3 月以降に発生している「Microsoft Internet Explorer 'iepeers.dll' Remote Code Execution Vulnerability (BID 38615)」(Microsoft Internet Explorer の 'iepeers.dll' にリモートでコードが実行される脆弱性)に対する標的型攻撃で使われたマルウェアとシェルコードの中に、興味深い類似性を発見しました。

第 1 の類似点:シェルコード

次の画像は、2010 年 3 月に発見された「Microsoft Internet Explorer 'iepeers.dll' Remote Code Execution Vulnerability」に対する標的型攻撃で使われた、関数をフックするシェルコードです。

次に、6 月初旬以降に「Adobe Flash Player, Adobe Reader, and Acrobat 'authplay.dll' Remote Code Execution Vulnerability」...

Read more
A Zero-day Connection
Security Intel Analysis Team | 14 Jun 2010 | 0 comments

While investigating the malware and shellcode that were associated with the recent Adobe Flash Player, Adobe Reader, and Acrobat 'authplay.dll' Remote Code Execution Vulnerability (BID 40586), we came across some interesting similarities to the malware and shellcode that were used in the Microsoft Internet Explorer 'iepeers.dll' Remote Code Execution Vulnerability (BID 38615) targeted attacks from March 2010.

The first similarity is in the shellcode

The image below is the function-hooking shellcode that was used in the targeted attacks against the Microsoft Internet Explorer 'iepeers.dll' Remote Code Execution Vulnerability in March 2010:

Below is the function-hooking shellcode that was used in the targeted attacks against the Adobe Flash...

Read more

Technical Support

Symantec.com

Store

Community Stats

Total Content Items
Members
258,898