Home / malware

PDF

Exploit:SWF/CVE-2015-0336

First posted on 13 July 2019.
Source: Microsoft

Aliases :

There are no other names known for Exploit:SWF/CVE-2015-0336.

Explanation :

This threat tries to exploit a vulnerability in ActionScript Virtual Machine. If you visit a compromised or hacked webpage and you have a vulnerable version of Flash, you might get malware on your PC.

Additional information

Adobe released an update to address this vulnerability on March 12, 2015.

The problem lies in NetConnection object handling. The vulnerability is a type-confusion issue where a piece of code responsible for handling NetConnection objects doesn't verify passed objects. The object is expressed in a memory layout at the native code level, and the wrong object means the hacker can run malicious code remotely.

You can read more about this vulnerability and download software updates from these links:

CVE-2015-0336 Adobe Security Bulletin APSB15-05

Analysis by Jeong Wook (Matt) Oh

Last update 13 July 2019

 

TOP