Analysis Adobe Flash 0day

Adobe Flash CVE-2015-3113 0-day

Adobe released in April 2015 an update to patch CVE-2015-3043 that was being exploited actively in the wild by (but not only) threat actor APT28 during the operation RussianDoll. The vulnerability was a heap overflow in the FLV audio parsing engine, in particular the culprit was a hardcoded heap buffer length of 0x2000 bytes, the attackers simply had to provide a source capable of bypassing the length check and overwrite a buffer with more than 0x2000 bytes.

Continue reading “Adobe Flash CVE-2015-3113 0-day”