CVE-2013-5330 (Flash) in an unknown Exploit Kit fed by high rank websites

From Botnets.fr
Revision as of 19:00, 7 February 2015 by Eric.freyssinet (talk | contribs) (Text replacement - " malware.dontneedcoffee.com" to "")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

(Publication) Google search: [1]

CVE-2013-5330 (Flash) in an unknown Exploit Kit fed by high rank websites
Botnet Lurk
Malware
Botnet/malware group
Exploit kits
Services
Feature
Distribution vector
Target
Origin
Campaign
Operation/Working group
Vulnerability
CCProtocol
Date 2014 / 2014-02-02
Editor/Conference Kafeine
Link http://malware.dontneedcoffee.com/2014/02/cve-2013-5330-flash-in-unknown-exploit.html (Archive copy)
Author Kafeine
Type Blogpost

Abstract

Trying to figure out which CVE it could be based on those version number I end up with  :

CVE-2012-0779 & CVE-2012-1535 as candidates...or something newer with server side block to avoid making too much noise.

I asked for help and Timo Hirvonen from F-Secure figure out it was CVE-2013-5330. That one was patched the 2013-11-12 with the CVE-2013-5329 which appeared recently in Angler EK

Bibtex

 @misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2014BFR1393,
   editor = {Kafeine},
   author = {Kafeine},
   title = {CVE-2013-5330 (Flash) in an unknown Exploit Kit fed by high rank websites},
   date = {02},
   month = Feb,
   year = {2014},
   howpublished = {\url{http://malware.dontneedcoffee.com/2014/02/cve-2013-5330-flash-in-unknown-exploit.html}},
 }

Retrieved from "https://www.botnets.fr/index.php?title=CVE-2013-5330_(Flash)_in_an_unknown_Exploit_Kit_fed_by_high_rank_websites&oldid=3081"