2015-12-15 - Exploit Integration

CVE-2015-8446 (Flash up to 19.0.0.245) And Exploit Kits




One week after patch Flash 19.0.0.245 is being exploited by Angler EK via CVE-2015-8446

Angler EK :
2015-12-14
CVE identification by Anton Ivanov ( Kaspersky ) and FireEye  (Thanks !)
Angler EK exploiting Flash 19.0.0.245 via CVE-2015-8446
2015-12-14


Sample in that pass : b5920eef8a3e193e0fc492c603a30aaf
Sample from other Angler EK instance : 0615fb9e037b7bf717cc9b04708e51da 720089b93a0f2bb2a72f1166430de522



Fiddler sent to VT.
(Not replayable. You know how to contact me to land on live instances. I might not reply to mail coming from gmail,live,yahoo etc...  mailboxes)

Out of topic : in that pass Bedep BuildID 5004 is loaded in Memory and is then grabbing those 2 dll in a stream
f5c1a676166fe3472e6c993faee42b34
d65f155381d26f8ddfa304c83b1ad95a (Credential Stealer)
and after that performing Adfraud


Last safe version of Flash against commercial exploit kit  was 19.0.0.226 fixing CVE-2015-7645


Post publication readings :
(Google Translate) Angler EK latest CVE-2015-8446 Flash Exploit analysis - 2015-12-19 - Qihoo360