Exploits

Adobe Flash Exploits

The figure below shows the prevalence of different Adobe Flash exploits by quarter.

Adobe Flash exploits detected and blocked by Microsoft antimalware products, 3Q10–2Q11

Adobe Flash exploits detected and blocked by Microsoft antimalware products, 3Q10–2Q11

Click on the Image to Enlarge

  • Exploitation of Adobe Flash Player increased dramatically in 2Q11 with the disclosure of two new vulnerabilities, CVE-2011-0611 and CVE-2011-2110.
  • CVE-2011-0611 was discovered in April 2011 when it was observed being exploited in the wild, typically in the form of malicious .zip files attached to spam email messages purporting to contain information about the Fukushima Daiichi nuclear disaster in Japan. Adobe Systems released Security Bulletin APSB-07 on April 15, 2011 to address the issue. On the same day the security update was released, attacks targeting the vulnerability skyrocketed and remained high for several days, focusing on computers in Korea. About a month later, a second uptick in attacks was observed, affecting multiple locations.
  • CVE-2011-2110 was discovered in May 2011, and Adobe released Security Bulletin APSB11-18 on June 15 addressing the issue. As with CVE-2011-0611, attacks targeting the vulnerability spiked just after the security update was released, and predominantly targeted computers in Korea.
  • For more information about these two vulnerabilities, see the following posts on the MMPC blog (blogs.technet.com/mmpc):

Top of page Top of Page

SIR

Locations

United States Change All Microsoft Sites

Search

Feedback:

Was the information in this article helpful?