Description: Adobe Flash and the Iranian Nuclear Program
-----------------------------------------------------
Over the last couple days, Metasploit's own Wei "sinn3r" Chen and community contributor Juan Vazquez put together an exploit for CVE-2012-0754, which targets a vulnerability in Adobe's Flash player: adobe_flash_mp4_cprt. This the same vulnerability exploited by the recent "Iran's Oil and Nuclear Situation.doc" e-mail attack campaign spotted by Contagio on March 5. After getting a hold of the reported malware from an anonymous contributor, sinn3r and Juan were able to determine what exactly triggers the Adobe Flash bug, and thus, were able to put together a more general-purpose exploit and incorporate it into Metasploit.
Today, we have a full Internet Explorer-based exploit, operational against IE 6, 7, and 8, covering pretty much all modern and not-so-modern Windows XP and Microsoft Vista clients. In other words, this exploit provides an excellent opportunity to test out your organization's protections against fresh threats targeting a slightly out-of-date client base.
This is all significant because this Flash vulnerability has been publicly disclosed for only about three weeks, and it's unusual to see something like this show up so quickly in a live, untargeted e-mail attack campaign.
In addition, while the original exploit was strictly a Microsoft Word document based exploit (which itself was merely a downloader for the "real" payload), the Metasploit version is a proper browser-based exploit, and its usage is about as simple as it gets (detailed below). The moral of the story is, thanks to a working version of a Metasploit exploit for this relatively fresh vulnerability, security reserachers, AV/IPS vendors, and IT administrators alike can take a look at the vulnerability and make the assessment if they and their constituency are adequately protected. Hooray for open source security research!
Tags: -Metasploit , adobe ,
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.