CVE-2012-1535 Adobe Flash Player Integer Overflow Vulnerability Analysis by Brian Mariani & Frédéric Bourla

Brian Mariani and Frédéric Bourla from High-Tech Bridge SA – www.htbridge.com sent their excellent deep analysis of  CVE-2012-1535 vulnerability in Adobe Flash Player. The Word documents with Flash that exploited that vulnerability appeared in August but did not become as popular as RTF CVE-2012-0158, which remains to be the most widely used exploit for targeted email attachments. 

The reason for it is that integer overflows are difficult to exploit in general and CVE-2012-1535 is less reliable than other exploits prevalent today. This does not mean it is not in use and I will post several recent samples with this exploit in the next article.
The full analysis is posted below, plus you can download it in PDF format.

Blackhole 2 exploit kit (partial pack) and ZeroAccess (user-mode memory resident version)

 This post is an addtion to the DeepEnd Research post Blackhole & Cridex: Season 2 Episode 1: Intuit Spam & SSL traffic analysis by Andre DiMino about the Blackhole 2 exploit pack and Cridex trojan alliance.

Here is for download a partial Blackhole 2 exploit pack. This pack has been shared with me a few times over the past couple of weeks as researchers discovered an blackhole server with open directories. While it is missing a few crucial files, it is still provides insight into the pack components, exploits, and structure.

The list of files in the pack are listed below. 16 files are zero in size (not on purpose, that's all I have) and are there just for your information. The zero size files are listed in the separate list below (in addition to being in the main list). The files and data directories contain the exploits ( cve-2012-1723, cve-2012-0507, cve-2010-1885, cve-2012-4681, cve-2010-0188) and the payload (ZeroAccess  among other malware, which is memory resident rootkit (thus no 'dropped', created files for ZeroAccess in the package, only the original dropper and all kinds of files genereated by the clickfraud component. Use Volatility or Redline/Memorize for analysis)
This captcha component of this pack was reviewed by
Behind the Captcha or Inside Blackhole Exploit Kit 2.0 - Exploit Kit Administration Panel (Malware Don't Need Coffee).

 Malware Must Die analysts have been tracking Blackhole 2 as well