HomeWinBuzzer NewsZero-Day Flash Player Flaw Used to Target Excel Users on Windows

Zero-Day Flash Player Flaw Used to Target Excel Users on Windows

A Zero-day Flash Player exploit is being executed via hidden code in Excel documents, allowing attackers to install a backdoor and control the victim's PC. It's thought to be an APT directed at Qatar.


Another day, another Adobe Flash Player flaw. The once-popular web-browser plugin has been used countless times to attack users, but this time the exploit is a little different.

Discovered by Qihoo 360 Core Security, it makes use of Excel documents to deliver trojans and backdoors. This method reduces the chance of detection by anti-viruses and doesn't require flash enabled in the browser.

To do so, the Excel file calls the flash exploit from a remote server, allowing them to serve it to victims depending on IP address, cloud provider, or security product. A SWF file is then downloaded by a domain created by the attacker, which requests encrypted data and decryption keys used to conceal the exploit.

From there, it can trigger the exploit and download malicious shell code. According to Iceberg, this usually consists of a backdoor and other tools to control the user's machine. It's a sophisticated attack that's very difficult to detect, and users should update their flash player immediately to avoid it.

Fix Already Live

Patch CVE-2018-5002 gives users a prompt about potential security risk before loading remote content, mitigating much of the risk. It addresses three additional flaws, so it's well-worth getting up to date.

As for the origins of the attacks, neither Qihoo or Iceberg attribute it to a particular country. However,  Qihoo notes that “All clues show this is a typical APT attack,” and Qatar is the suspected target.

For the unfamiliar, APT stands for advanced persistent threat. They are highly stealthy and sophisticated and often run for a long period of time. As a result, they often require a huge amount of resources that are persistent with a nation-state.

You can read more about the exploit on the Iceberg and Qihoo blogs.

SourceQihoo 360
Ryan Maskell
Ryan Maskellhttps://ryanmaskell.co.uk
Ryan has had a passion for gaming and technology since early childhood. Fusing the skills from his Creative Writing and Publishing degree with profound technical knowledge, he enjoys covering news about Microsoft. As an avid writer, he is also working on his debut novel.

Recent News