Security News > 2016 > May > Latest Flash 0day exploit delivered via booby-trapped Office file (Help Net Security)
2016-05-16 22:06
Four days have passed since Adobe patched the latest Flash Player 0day vulnerability exploited in attacks in the wild and, in the meantime, we have been given more details about the attacks and the exploit used. Genwei Jiang, the FireEye researcher who has been credited, along with several others, with the discovery of the flaw (CVE-2016-4117), says that the initial attacks were leveraged against targets running Windows and Microsoft Office. “Attackers had embedded the Flash … More →
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/KPxY2_E4U00/
Related news
- APT group exploits WPS Office for Windows RCE vulnerability (CVE-2024-7262) (source)
- APT-C-60 Group Exploit WPS Office Flaw to Deploy SpyGlace Backdoor (source)
- Week in review: SonicWall critical firewalls flaw fixed, APT exploits WPS Office for Windows RCE (source)
- Microsoft Is Disabling Default ActiveX Controls in Office 2024 to Improve Security (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-05-11 | CVE-2016-4117 | Adobe Flash Player 21.0.0.226 and earlier allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in May 2016. | 9.8 |