Home > Cyber News > Top 3 Vulnerabilities Used in 2016 Exploit Kit Attacks

Top 3 Vulnerabilities Used in 2016 Exploit Kit Attacks


A new research conducted by Digital Shadows reveals that 76 vulnerabilities are being exploited in exploit kit attacks. 27 of them are found in Flash. Despite the popularity of Flash flaws, an IE bug prevails in most attack scenarios and has proven to be attackers’ favorite means of exploit. Some of the flaws date back to 2013.

In the past, plenty of exploit kits were detected in the wild. In 2016, only a few of them are still seen as part of active malicious campaigns. The list of active EKs seen throughout 2016 includes Angler, Nuclear (both declared dead in April and June), Magnitude, RIG, Sundown, and Hunter. All the EKs are based on different flaws, in most cases public and patched. The choice of vulnerabilities to incorporate mostly depends on the skills of the malicious actor.

Related: Nuclear EK Is Dead, Long Live the Exploit Kit!

In addition to Flash and IE, Java is also quite famous in terms of exploitable vulnerabilities employed in EK-based attacks. Other exploited technologies are Mozilla Firefox, Adobe Reader, and Microsoft Silverlight.

So, Which Are the Most Popular Vulnerabilities Used in Exploit Kit Attack Scenarios?

First Place: CVE-2013-2551 – the IE Bug Mostly Favored by Attackers

CVE-2013-2551 Official Description

Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2013, aka “Internet Explorer Use After Free Vulnerability,” a different vulnerability than CVE-2013-1308 and CVE-2013-1309.

As you can see, the bug is affecting IE6 to IE10 and causes remote code execution. Such an attack was demonstrated back in 2013 during the Pwn2Own completion at CanSecWest.

Second Place: CVE-2014-0515 – the Most Popular Bug in Flash Deployed by EK Operators

CVE-2014-0515 Official Description

Buffer overflow in Adobe Flash Player before 11.7.700.279 and 11.8.x through 13.0.x before on Windows and OS X, and before on Linux, allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in April 2014.

Third Place: Split between CVE-2013-2465 in Java and CVE-2014-0569 in Flash

CVE-2013-2465 and CVE-2014-0569 Official Descriptions

CVE-2013-2465 is an unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7. The flaw allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D, as explained by MITRE researchers.

CVE-2014-0569, on the other hand, is an:

Integer overflow in Adobe Flash Player before and 14.x and 15.x before on Windows and OS X and before on Linux, Adobe AIR before, Adobe AIR SDK before, and Adobe AIR SDK & Compiler before allows attackers to execute arbitrary code via unspecified vectors.

Exploit Kit Developers Are Evolving Together with the Malware Market

Digital Shadow researchers have concluded that the exploit kit market is quickly changing and adapting itself to the needs of malware operators and to the changes in software. As a result, many EKs are dropping support for older exploits and embracing newer flaws, mostly disclosed after 2015.

Furthermore, “while CVE-2013-2551 [the IE bug described above] was the most shared of all the known vulnerabilities exploited, it is not known if this remains viable or present within exploit kits active at the time of writing,” the report concludes.

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim

More Posts

Follow Me:

Leave a Comment

Your email address will not be published. Required fields are marked *

This website uses cookies to improve user experience. By using our website you consent to all cookies in accordance with our Privacy Policy.
I Agree