Latest Flash Zero-Day Abuses Windows DDE Protocol

June 19, 2016

This week, Adobe patched a zero-day vulnerability (CVE-2016-4171) used in targeted cyber-espionage attacks, which, according to Russian security vendor Kaspersky Lab, abused the Windows DDE protocol to deliver malware.

News broke out about the presence of this new zero-day on Tuesday, and two days later, Adobe released Flash Player version to fix the zero-day and 35 other security bugs.

StarCruft APT currently conducting two cyber-espionage campaigns

Security firm Kaspersky Lab discovered the zero-day, and in its initial report, the company said the vulnerability was part of the arsenal of a cyber-espionage group they codenamed StarCruft.

The group had carried out multiple cyber-attacks, which the company was tracking as Operation Erebus and Operation Daybreak.

The zero-day was part of the more recent Operation Daybreak campaign, during which Kaspersky says the group also employed two other Adobe exploits (CVE-2016-4117 and CVE-2016-0147) and an Internet Explorer exploit. For Operation Erebus, Kaspersky claimed the association used only CVE-2016-4117, which was served through watering hole attacks.

Read full story…