| Capability ID | Capability Description | Mapping Type | ATT&CK ID | ATT&CK Name | Notes |
|---|---|---|---|---|---|
| CVE-2015-3043 | Adobe Flash Player Memory Corruption Vulnerability | primary_impact | T1499.004 | Application or System Exploitation |
Comments
This vulnerability is exploited by a maliciously-crafted .swf file which can be run on a user system.
References
|
| CVE-2015-3043 | Adobe Flash Player Memory Corruption Vulnerability | exploitation_technique | T1204.002 | Malicious File |
Comments
This vulnerability is exploited by a maliciously-crafted .swf file which can be run on a user system.
References
|
| CVE-2017-11882 | Microsoft Office Memory Corruption Vulnerability | primary_impact | T1059 | Command and Scripting Interpreter |
Comments
CVE-2020-0688 exists in Microsoft Office, which is prone to a memory corruption vulnerability allowing an attacker to run arbitrary code if unpatched, in the context of the current user, by failing to properly handle objects in memory. Cyber actors continued to exploit this vulnerability in Microsoft Office. The vulnerability is ideal for phasing campaigns, and it enables RCE on vulnerable systems.
References
|
| CVE-2017-11882 | Microsoft Office Memory Corruption Vulnerability | exploitation_technique | T1566.001 | Spearphishing Attachment |
Comments
CVE-2020-0688 exists in Microsoft Office, which is prone to a memory corruption vulnerability allowing an attacker to run arbitrary code if unpatched, in the context of the current user, by failing to properly handle objects in memory. Cyber actors continued to exploit this vulnerability in Microsoft Office. The vulnerability is ideal for phishing campaigns, and it enables RCE on vulnerable systems.
References
|
| CVE-2013-0640 | Adobe Reader and Acrobat Memory Corruption Vulnerability | exploitation_technique | T1566.001 | Spearphishing Attachment |
Comments
This vulnerability is exploited via a maliciously-crafted pdf delivered as an email attachment.
References
|
| CVE-2013-3346 | Adobe Reader and Acrobat Memory Corruption Vulnerability | exploitation_technique | T1059.007 | JavaScript |
Comments
This vulnerability is exploited via maliciously-crafted javascript.
References
|
| CVE-2010-1297 | Adobe Flash Player Memory Corruption Vulnerability | primary_impact | T1105 | Ingress Tool Transfer |
Comments
This vulnerability is exploited by crafted swf content via drive-by compromise when a user visits a malicious website.
This vulnerability is also exploited via user execution of a maliciously crafted pdf file.
In the wild, threat actors have used this to download malicious software onto the target system.
References
|
| CVE-2010-1297 | Adobe Flash Player Memory Corruption Vulnerability | exploitation_technique | T1204.002 | Malicious File |
Comments
This vulnerability is exploited by crafted swf content via drive-by compromise when a user visits a malicious website.
This vulnerability is also exploited via user execution of a maliciously crafted pdf file.
In the wild, threat actors have used this to download malicious software onto the target system.
References
|
| CVE-2010-1297 | Adobe Flash Player Memory Corruption Vulnerability | exploitation_technique | T1189 | Drive-by Compromise |
Comments
This vulnerability is exploited by crafted swf content via drive-by compromise when a user visits a malicious website.
This vulnerability is also exploited via user execution of a maliciously crafted pdf file.
In the wild, threat actors have used this to download malicious software onto the target system.
References
|
| CVE-2012-2034 | Adobe Flash Player Memory Corruption Vulnerability | exploitation_technique | T1189 | Drive-by Compromise |
Comments
This vulnerability is exploited by a maliciously-crafted .swf via drive-by compromise.
References
|
| CVE-2015-3043 | Adobe Flash Player Memory Corruption Vulnerability | exploitation_technique | T1189 | Drive-by Compromise |
Comments
This vulnerability is exploited by a maliciously-crafted .swf file which can be run on a user system via drive-by compromise.
References
|
| CVE-2012-0754 | Adobe Flash Player Memory Corruption Vulnerability | exploitation_technique | T1204.002 | Malicious File |
Comments
This vulnerability is exploited via a maliciously-crafted MP4 file. As a result of the exploit, malicious software is installed on the target machine.
References
|
| CVE-2012-0754 | Adobe Flash Player Memory Corruption Vulnerability | primary_impact | T1105 | Ingress Tool Transfer |
Comments
This vulnerability is exploited via a maliciously-crafted MP4 file. As a result of the exploit, malicious software is installed on the target machine.
References
|