Trend Micro Products and Protection
Trend Micro’s Vulnerability Response and Service Engineering teams are investigating to see what, if any, products and services may be affected and/or vulnerable. At the conclusion of this investigation we will take appropriate steps to address any issues that are identified.
If any Trend Micro product and services are affected, this Knowledge Base article will be updated to contain the most up-to-date list of products that have been tested for this vulnerability. This list will continually be updated as the investigation on additional products are completed, as well as information for any patches or solutions required if necessary.
In addition, Trend Micro has some solutions that already provide protection against this threat:
- Trend Micro Deep Security and Vulnerability Protection (formerly the IDF plug-in for OfficeScan) customers with the latest rules also have an additional layer of protection against this vulnerability. Specifically, Trend Micro has released the following rule for proactive protection:
- Deep Packet Inspection (DPI) rule 10068241 – Adobe Flash ActionScript3 ByteArray Use After Free Vulnerability (CVE-2015-5119)
- Deep Packet Inspection (DPI) rule 1006858 – Adobe Flash ActionScript3 opaqueBackground Use After Free Vulnerability (CVE-2015-5122)
- Deep Packet Inspection (DPI) rule 1006859 – Adobe Flash Player BitmapData Remote Code Execution Vulnerability (CVE-2015-5123)
- The existing Sandbox with Script Analyzer engine, which is part of Trend Micro Deep Discovery, can be used to detect this threat by its behavior without any engine or pattern updates.
- The Browser Exploit Prevention (BEP) feature in our endpoint products such as Trend Micro Security and OfficeScan blocks the exploit once the user accesses the URL it is hosted in. Browser Exploit Prevention protects against exploits that target browsers or related plugins.
References
- Hacking Team Flash Zero-Day Integrated Into Exploit Kits (Trend Micro Security Intelligence Blog)
- A Look at the Open Type Font Manager Vulnerability from the Hacking Team Leak (Trend Micro Security Intelligence Blog)
- Unpatched Flash Player Flaw, More POCs Found in Hacking Team Leak (Trend Micro Security Intelligence Blog)
- Adobe Security Advisory for Flash Player