Difference between revisions of "CVE-2013-5330 (Flash) in an unknown Exploit Kit fed by high rank websites"
Jump to navigation
Jump to search
m (1 revision imported) |
m (Text replacement - " malware.dontneedcoffee.com" to "") |
||
Line 1: | Line 1: | ||
{{Publication | {{Publication | ||
|Type=Blogpost | |Type=Blogpost | ||
|Link=http://malware.dontneedcoffee.com/2014/02/cve-2013-5330-flash-in-unknown-exploit.html | |Link=http://malware.dontneedcoffee.com/2014/02/cve-2013-5330-flash-in-unknown-exploit.html | ||
|Author=Kafeine | |Author=Kafeine | ||
|NomRevue=Malware don't need Coffee | |NomRevue=Malware don't need Coffee |
Latest revision as of 19:00, 7 February 2015
(Publication) Google search: [1]
CVE-2013-5330 (Flash) in an unknown Exploit Kit fed by high rank websites | |
---|---|
Botnet | Lurk |
Malware | |
Botnet/malware group | |
Exploit kits | |
Services | |
Feature | |
Distribution vector | |
Target | |
Origin | |
Campaign | |
Operation/Working group | |
Vulnerability | |
CCProtocol | |
Date | 2014 / 2014-02-02 |
Editor/Conference | Kafeine |
Link | http://malware.dontneedcoffee.com/2014/02/cve-2013-5330-flash-in-unknown-exploit.html (Archive copy) |
Author | Kafeine |
Type | Blogpost |
Abstract
“ Trying to figure out which CVE it could be based on those version number I end up with :
CVE-2012-0779 & CVE-2012-1535 as candidates...or something newer with server side block to avoid making too much noise.
I asked for help and Timo Hirvonen from F-Secure figure out it was CVE-2013-5330. That one was patched the 2013-11-12 with the CVE-2013-5329 which appeared recently in Angler EK
Bibtex
@misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2014BFR1393, editor = {Kafeine}, author = {Kafeine}, title = {CVE-2013-5330 (Flash) in an unknown Exploit Kit fed by high rank websites}, date = {02}, month = Feb, year = {2014}, howpublished = {\url{http://malware.dontneedcoffee.com/2014/02/cve-2013-5330-flash-in-unknown-exploit.html}}, }