Adobe Flash Player Bug Spreading Via Word Documents in Emails

Attackers are targeting a patched bug in Adobe Flash Player spread via malicious Microsoft Word documents.

The attacks are focused on CVE-2012-1535, a remote code execution vulnerability that impacts Windows, Macs and Linux systems. Adobe Systems patched the flaw Aug. 14 in a regular security update.

However, attackers are still on the lookout for unpatched computers. If exploited, the bug can be used to enable an attacker to take control of the compromised machine. According to Symantec, attackers have been targeting the flaw for the past couple of weeks using malicious Word documents.

The Word files came in emails with a variety of subjects, including some about the iPhone 5, seemingly business-related titles such as “IT Notice” and an email about the effect of the Olympic games on London’s economy.

“The Word document contains a malicious SWF file with ActionScript that utilizes heapspraying techniques using the shellcode embedded within it,” explained Symantec’s Bhaskar Krishna. In an Aug. 21 blog. An “excerpt from the SWF ActionScript indicates involvement of a font file that is used to trigger the vulnerability.

A large number of the attacks were sent out Aug. 13, the researcher noted. As of Aug. 21 Symantec had blocked some 1,300 samples. According to Adobe, the exploit targets the ActiveX version of Flash Player for Internet Explorer on Windows.

“We would recommend that users keep their systems up-to-date with the latest security patch released by Adobe for this vulnerability,” Krishna blogged.

On Aug. 21, Adobe issued a second massive patch update for Flash Player, this time addressing six bugs affecting versions 11.3.300.271 and earlier for Windows, Macintosh and Linux as well as Flash Player 11.1.115.11 and earlier versions for Android 4.x. Adobe Flash Player 11.1.111.10. Earlier versions for Android 3.x and 2.x were also impacted.

Four of the vulnerabilities are memory corruption issues, while the remaining two are an integer overflow bug and a cross-domain information leak vulnerability. According to Adobe, the updates address issues that could cause a crash and potentially allow an attacker to take control of the affected system.