CVE-2016-1019:Magnitude攻击工具里的flash漏洞

怪狗 2016-7-31 Exploit 0 0

        CVE-2016-1019:Magnitude攻击工具里的flash漏洞

  虽然最新版本21.0.0.197也存在这个漏洞,不过因为Adobe 在Flash Player21.0.0.182版本中引入了新的漏洞缓解方式,因此这个漏洞在这个版本中起不到什么作用。这次是Adobe处理漏洞问题的一大举动。

  利用传输链做坏事

  Magnitude EK更新了它的传输链。它在链里增加了一道“门”,有点像Angler EK,先收集屏幕的尺寸和色彩深度。

  CVE-2016-1019:Magnitude攻击工具里的flash漏洞

  然后服务器为防止被用户的防毒软件发现用了另一个页面响应。

  CVE-2016-1019:Magnitude攻击工具里的flash漏洞

  Magnitude EK通过发送JSON来双重释放这个漏洞(cve-2015-2419)和一个Flash loader。

  CVE-2016-1019:Magnitude攻击工具里的flash漏洞

  Flash攻击

  这个漏洞(cve-2015-2419)的特点是在攻击者的控制下会导致Flash内存分配器自主分配缓冲区。然后攻击者就可以在里面创建一个长度为0xffffffff的字节数组任意读写存储器。而且,在我们查看过程中发现侵入代码及其一些功能和之前HackingTeam泄露的漏洞入侵代码很相似,都是从另一个服务器下载恶意程序。

  

CVE-2016-1019:Magnitude攻击工具里的flash漏洞

  附录

    res:///Program%20Files%20(x86)/Fiddler2/Fiddler.exe/#3/#32512
    res:///Program%20Files/Fiddler2/Fiddler.exe/#3/#32512
    res:///Program%20Files%20(x86)/VMware/VMware Tools/TPAutoConnSvc.exe/#2/#26567
    res:///Program%20Files/VMware/VMware Tools/TPAutoConnSvc.exe/#2/#26567
    res:///Program%20Files%20(x86)/VMware/VMware Tools/TPAutoConnSvc.exe/#2/#30996
    res:///Program%20Files/VMware/VMware Tools/TPAutoConnSvc.exe/#2/#30996
    res:///Program%20Files%20(x86)/Oracle/VirtualBox Guest Additions/uninst.exe/#2/#110
    res:///Program%20Files/Oracle/VirtualBox Guest Additions/uninst.exe/#2/#110
    res:///Program%20Files%20(x86)/Parallels/Parallels Tools/Applications/setup_nativelook.exe/#2/#204
    res:///Program%20Files/Parallels/Parallels Tools/Applications/setup_nativelook.exe/#2/#204
    res:///Program%20Files%20(x86)/Malwarebytes Anti-Malware/mbamext.dll/#2/202
    res:///Program%20Files/Malwarebytes Anti-Malware/mbamext.dll/#2/202
    res:///Program%20Files%20(x86)/Malwarebytes Anti-Malware/unins000.exe/#2/DISKIMAGE
    res:///Program%20Files/Malwarebytes Anti-Malware/unins000.exe/#2/DISKIMAGE
    res:///Program%20Files%20(x86)/Malwarebytes Anti-Exploit/mbae.exe/#2/200
    res:///Program%20Files/Malwarebytes Anti-Exploit/mbae.exe/#2/200
    res:///Program%20Files%20(x86)/Malwarebytes Anti-Exploit/mbae.exe/#2/201
    res:///Program%20Files/Malwarebytes Anti-Exploit/mbae.exe/#2/201
    res:///Program%20Files%20(x86)/Malwarebytes Anti-Exploit/unins000.exe/#2/DISKIMAGE
    res:///Program%20Files/Malwarebytes Anti-Exploit/unins000.exe/#2/DISKIMAGE
    res:///Program%20Files%20(x86)/Trend Micro/Titanium/TmConfig.dll/#2/#30994
    res:///Program%20Files/Trend Micro/Titanium/TmConfig.dll/#2/#30994
    res:///Program%20Files%20(x86)/Trend Micro/Titanium/TmSystemChecking.dll/#2/#30994
    res:///Program%20Files/Trend Micro/Titanium/TmSystemChecking.dll/#2/#30994
    res:///Program%20Files%20(x86)/Kaspersky Lab/Kaspersky Anti-Virus 6.0 for Windows Workstations/shellex.dll/#2/#102
    res:///Program%20Files/Kaspersky Lab/Kaspersky Anti-Virus 6.0 for Windows Workstations/shellex.dll/#2/#102
    res:///Program%20Files%20(x86)/Kaspersky Lab/Kaspersky Anti-Virus 6.0/shellex.dll/#2/#102
    res:///Program%20Files/Kaspersky Lab/Kaspersky Anti-Virus 6.0/shellex.dll/#2/#102
    res:///Program%20Files%20(x86)/Kaspersky Lab/Kaspersky Anti-Virus 7.0/shellex.dll/#2/#102
    res:///Program%20Files/Kaspersky Lab/Kaspersky Anti-Virus 7.0/shellex.dll/#2/#102
    res:///Program%20Files%20(x86)/Kaspersky Lab/Kaspersky Anti-Virus 2009/mfc42.dll/#2/#26567
    res:///Program%20Files/Kaspersky Lab/Kaspersky Anti-Virus 2009/mfc42.dll/#2/#26567
    res:///Program%20Files%20(x86)/Kaspersky Lab/Kaspersky Anti-Virus 2010/mfc42.dll/#2/#26567
    res:///Program%20Files/Kaspersky Lab/Kaspersky Anti-Virus 2010/mfc42.dll/#2/#26567
    res:///Program%20Files%20(x86)/Kaspersky Lab/Kaspersky Anti-Virus 2011/avzkrnl.dll/#2/BBALL
    res:///Program%20Files/Kaspersky Lab/Kaspersky Anti-Virus 2011/avzkrnl.dll/#2/BBALL
    res:///Program%20Files%20(x86)/Kaspersky Lab/Kaspersky Anti-Virus 2012/x86/mfc42.dll/#2/#26567
    res:///Program%20Files/Kaspersky Lab/Kaspersky Anti-Virus 2012/x86/mfc42.dll/#2/#26567
    res:///Program%20Files%20(x86)/Kaspersky Lab/Kaspersky Anti-Virus 2013/x86/mfc42.dll/#2/#26567
    res:///Program%20Files/Kaspersky Lab/Kaspersky Anti-Virus 2013/x86/mfc42.dll/#2/#26567
    res:///Program%20Files%20(x86)/Kaspersky Lab/Kaspersky Anti-Virus 14.0.0/x86/mfc42.dll/#2/#26567
    res:///Program%20Files/Kaspersky Lab/Kaspersky Anti-Virus 14.0.0/x86/mfc42.dll/#2/#26567
    res:///Program%20Files%20(x86)/Kaspersky Lab/Kaspersky Anti-Virus 15.0.0/x86/mfc42.dll/#2/#26567
    res:///Program%20Files/Kaspersky Lab/Kaspersky Anti-Virus 15.0.0/x86/mfc42.dll/#2/#26567
    res:///Program%20Files%20(x86)/Kaspersky Lab/Kaspersky Anti-Virus 15.0.1/x86/mfc42.dll/#2/#26567
    res:///Program%20Files/Kaspersky Lab/Kaspersky Anti-Virus 15.0.1/x86/mfc42.dll/#2/#26567
    res:///Program%20Files%20(x86)/Kaspersky Lab/Kaspersky Anti-Virus 15.0.2/x86/mfc42.dll/#2/#26567
    res:///Program%20Files/Kaspersky Lab/Kaspersky Anti-Virus 15.0.2/x86/mfc42.dll/#2/#26567
    res:///Program%20Files%20(x86)/Kaspersky Lab/Kaspersky Anti-Virus 16.0.0/x86/mfc42.dll/#2/#26567
    res:///Program%20Files/Kaspersky Lab/Kaspersky Anti-Virus 16.0.0/x86/mfc42.dll/#2/#26567
    res:///Program%20Files%20(x86)/Kaspersky Lab/Kaspersky Internet Security 6.0/shellex.dll/#2/#102
    res:///Program%20Files/Kaspersky Lab/Kaspersky Internet Security 6.0/shellex.dll/#2/#102
    res:///Program%20Files%20(x86)/Kaspersky Lab/Kaspersky Internet Security 7.0/shellex.dll/#2/#102
    res:///Program%20Files/Kaspersky Lab/Kaspersky Internet Security 7.0/shellex.dll/#2/#102
    res:///Program%20Files%20(x86)/Kaspersky Lab/Kaspersky Internet Security 2009/mfc42.dll/#2/#26567
    res:///Program%20Files/Kaspersky Lab/Kaspersky Internet Security 2009/mfc42.dll/#2/#26567
    res:///Program%20Files%20(x86)/Kaspersky Lab/Kaspersky Internet Security 2010/mfc42.dll/#2/#26567
    res:///Program%20Files/Kaspersky Lab/Kaspersky Internet Security 2010/mfc42.dll/#2/#26567
    res:///Program%20Files%20(x86)/Kaspersky Lab/Kaspersky Internet Security 2011/avzkrnl.dll/#2/BBALL
    res:///Program%20Files/Kaspersky Lab/Kaspersky Internet Security 2011/avzkrnl.dll/#2/BBALL
    res:///Program%20Files%20(x86)/Kaspersky Lab/Kaspersky Internet Security 2012/x86/mfc42.dll/#2/#26567
    res:///Program%20Files/Kaspersky Lab/Kaspersky Internet Security 2012/x86/mfc42.dll/#2/#26567
    res:///Program%20Files%20(x86)/Kaspersky Lab/Kaspersky Internet Security 2013/x86/mfc42.dll/#2/#26567
    res:///Program%20Files/Kaspersky Lab/Kaspersky Internet Security 2013/x86/mfc42.dll/#2/#26567
    res:///Program%20Files%20(x86)/Kaspersky Lab/Kaspersky Internet Security 14.0.0/x86/mfc42.dll/#2/#26567
    res:///Program%20Files/Kaspersky Lab/Kaspersky Internet Security 14.0.0/x86/mfc42.dll/#2/#26567
    res:///Program%20Files%20(x86)/Kaspersky Lab/Kaspersky Internet Security 15.0.0/x86/mfc42.dll/#2/#26567
    res:///Program%20Files/Kaspersky Lab/Kaspersky Internet Security 15.0.0/x86/mfc42.dll/#2/#26567
    res:///Program%20Files%20(x86)/Kaspersky Lab/Kaspersky Internet Security 15.0.1/x86/mfc42.dll/#2/#26567
    res:///Program%20Files/Kaspersky Lab/Kaspersky Internet Security 15.0.1/x86/mfc42.dll/#2/#26567
    res:///Program%20Files%20(x86)/Kaspersky Lab/Kaspersky Internet Security 16.0.0/x86/mfc42.dll/#2/#26567
    res:///Program%20Files/Kaspersky Lab/Kaspersky Internet Security 16.0.0/x86/mfc42.dll/#2/#26567
    res:///Program%20Files%20(x86)/Kaspersky Lab/Kaspersky Internet Security 15.0.2/x86/mfc42.dll/#2/#26567
    res:///Program%20Files/Kaspersky Lab/Kaspersky Internet Security 15.0.2/x86/mfc42.dll/#2/#26567
    res:///Program%20Files%20(x86)/Kaspersky Lab/Kaspersky Total Security 14.0.0/x86/mfc42.dll/#2/#26567
    res:///Program%20Files/Kaspersky Lab/Kaspersky Total Security 14.0.0/x86/mfc42.dll/#2/#26567
    res:///Program%20Files%20(x86)/Kaspersky Lab/Kaspersky Total Security 15.0.0/x86/mfc42.dll/#2/#26567
    res:///Program%20Files/Kaspersky Lab/Kaspersky Total Security 15.0.0/x86/mfc42.dll/#2/#26567
    res:///Program%20Files%20(x86)/Kaspersky Lab/Kaspersky Total Security 15.0.1/x86/mfc42.dll/#2/#26567
    res:///Program%20Files/Kaspersky Lab/Kaspersky Total Security 15.0.1/x86/mfc42.dll/#2/#26567
    res:///Program%20Files%20(x86)/Kaspersky Lab/Kaspersky Total Security 15.0.2/x86/mfc42.dll/#2/#26567
    res:///Program%20Files/Kaspersky Lab/Kaspersky Total Security 15.0.2/x86/mfc42.dll/#2/#26567
    res:///Program%20Files%20(x86)/Kaspersky Lab/Kaspersky Total Security 16.0.0/x86/mfc42.dll/#2/#26567
    res:///Program%20Files/Kaspersky Lab/Kaspersky Total Security 16.0.0/x86/mfc42.dll/#2/#26567
    res:///Program%20Files%20(x86)/Kaspersky Lab/Kaspersky PURE 2.0/x86/mfc42.dll/#2/#26567
    res:///Program%20Files/Kaspersky Lab/Kaspersky PURE 2.0/x86/mfc42.dll/#2/#26567
    res:///Program%20Files%20(x86)/Kaspersky Lab/Kaspersky PURE 3.0/x86/mfc42.dll/#2/#26567
    res:///Program%20Files/Kaspersky Lab/Kaspersky PURE 3.0/x86/mfc42.dll/#2/#26567
    res:///Program%20Files%20(x86)/Kaspersky Lab/Kaspersky CRYSTAL 3.0/x86/mfc42.dll/#2/#26567
    res:///Program%20Files/Kaspersky Lab/Kaspersky CRYSTAL 3.0/x86/mfc42.dll/#2/#26567
    res:///Program%20Files%20(x86)/Kaspersky Lab/Kaspersky PURE/mfc42.dll/#2/#26567
    res:///Program%20Files/Kaspersky Lab/Kaspersky PURE/mfc42.dll/#2/#26567

原文地址:http://www.77169.com/exploits/2016/20160503101613.shtm

转载请注明来自华盟网,本文标题:《CVE-2016-1019:Magnitude攻击工具里的flash漏洞》

喜欢 (0) 发布评论
发表评论