Thursday 25 September 11:00 - 11:30, Red room.
Chun Feng Microsoft
Elia Florio Microsoft
According to Adobe, 'Adobe Flash Player is one of the most popular browser-based applications on the Internet', and it 'reaches over 1.3 billion people across browsers and OS versions with no install'. Hence, Adobe Flash Player vulnerabilities have become a major target for attackers who want to deliver attacks from web pages.
Since early 2014, we have seen some new exploits which target two vulnerabilities (CVE-2013-5330 and CVE-2014-0497) in a new feature of Adobe applications - domain memory opcode (also known as Alchemy opcode).
This paper analyses the technical details of exploits using CVE-2013-5330 and CVE-2014-0497. It unveils some interesting tricks used by these exploits to make the attacks more reliable and stealthy, such as improved leaked gadgets using a JIT spray technique. The malware components distributed by these exploits, namely Win32/Lurk and Win32/Siromost, will also be discussed.
Fortunately, these - and other - exploits can successfully be mitigated with Microsoft's Enhanced Mitigation Experience Toolkit (EMET), even before the vendor has released a patch. How EMET can be used to successfully mitigate these exploits will also be covered in this presentation.
Chun Feng was born in China in 1977. He graduated from Southeast University, China with a Master's degree in computer engineering. He joined Microsoft Australia as a virus analyst in early 2008, having previously worked for Computer Associates for about 2 years in the same capacity. His research interest focuses on malware originating from China. In his spare time, he plays around with magic tricks and enjoys photography.
Elia Florio is a senior security engineer at Microsoft Security Response Center (MSRC), where he works on protecting customers from exploits and contributing to secure millions of computers every Tuesday. Prior to joining Microsoft, he worked as officer for a national data protection regulator in Europe and as supervisor of Symantec Security Response, leading a team responsible for malware analysis and threat research.