Vulnerability CVE-2018-4878


Published: 2018-02-06

Description:
A use-after-free vulnerability was discovered in Adobe Flash Player before 28.0.0.161. This vulnerability occurs due to a dangling pointer in the Primetime SDK related to media player handling of listener objects. A successful attack can lead to arbitrary code execution. This was exploited in the wild in January and February 2018.

See advisories in our WLB2 database:
Topic
Author
Date
High
Adobe Flash 28.0.0.137 Remote Code Execution
SyFi
05.04.2018

Type:

CWE-416

(Use After Free)

Vendor: Adobe
Product: Flash player 
Version:
9.125.0
9.0.9.0
9.0.8.0
9.0.48.0
9.0.47.0
9.0.45.0
9.0.31.0
9.0.31
9.0.283.0
9.0.280
9.0.28.0
9.0.28
9.0.277.0
9.0.262.0
9.0.260.0
9.0.246.0
9.0.20.0
9.0.20
9.0.18d60
9.0.16
9.0.159.0
9.0.155.0
9.0.152.0
9.0.151.0
9.0.125.0
9.0.124.0
9.0.115.0
9.0.114.0
9.0.112.0
9.0
8.0.42.0
8.0.39.0
8.0.35.0
8.0.34.0
8.0.33.0
8.0.24.0
8.0.22.0
8.0
7.2
7.1.1
7.1
7.0.73.0
7.0.70.0
7.0.69.0
7.0.68.0
7.0.67.0
7.0.66.0
7.0.63
7.0.61.0
7.0.60.0
7.0.53.0
7.0.25
7.0.24.0
7.0.19.0
7.0.14.0
7.0.1
7.0
6.0.79
6.0.21.0
6
5
4
3
26.0.0.137
24.0.0.221
24.0.0.194
24.0.0.186
23.0.0.207
23.0.0.185
22.0.0.211
22.0.0.192
21.0.0.97
21.0.0.242
21.0.0.226
21.0.0.213
20.0.0.306
20.0.0.286
20.0.0.235
20.0.0.228
2
19.0.0.245
19.0.0.226
19.0.0.207
19.0.0.185
18.0.0.366
18.0.0.360
18.0.0.352
18.0.0.343
18.0.0.333
18.0.0.326
18.0.0.324
18.0.0.268
18.0.0.261
18.0.0.209
See more versions on NVD
Vendor: Redhat
Product: Enterprise linux server 
Version: 6.0;
Product: Enterprise linux desktop 
Version: 6.0;
Product: Enterprise linux workstation 
Version: 6.0;

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.5/10
6.4/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial

 References:
http://blog.talosintelligence.com/2018/02/group-123-goes-wild.html
http://www.securityfocus.com/bid/102893
http://www.securitytracker.com/id/1040318
https://access.redhat.com/errata/RHSA-2018:0285
https://blog.morphisec.com/flash-exploit-cve-2018-4878-spotted-in-the-wild-massive-malspam-campaign
https://github.com/InQuest/malware-samples/tree/master/CVE-2018-4878-Adobe-Flash-DRM-UAF-0day
https://github.com/vysec/CVE-2018-4878
https://helpx.adobe.com/security/products/flash-player/apsb18-03.html
https://securingtomorrow.mcafee.com/mcafee-labs/hackers-bypassed-adobe-flash-protection-mechanism/
https://threatpost.com/adobe-flash-player-zero-day-spotted-in-the-wild/129742/
https://www.darkreading.com/threat-intelligence/adobe-flash-vulnerability-reappears-in-malicious-word-files/d/d-id/1331139
https://www.exploit-db.com/exploits/44412/
https://www.fireeye.com/blog/threat-research/2018/02/attacks-leveraging-adobe-zero-day.html
https://www.trendmicro.com/vinfo/us/security/news/vulnerabilities-and-exploits/north-korean-hackers-allegedly-exploit-adobe-flash-player-vulnerability-cve-2018-4878-against-south-korean-targets

Related CVE
CVE-2018-10884
Ansible Tower before versions 3.1.8 and 3.2.6 is vulnerable to cross-site request forgery (CSRF) in awx/api/authentication.py. An attacker could exploit this by tricking already authenticated users into visiting a malicious site and hijacking the aut...
CVE-2016-9598
libxml2, as used in Red Hat JBoss Core Services, allows context-dependent attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted XML document. NOTE: this vulnerability exists because of a missing fix for CVE-2...
CVE-2016-9596
libxml2, as used in Red Hat JBoss Core Services and when in recovery mode, allows context-dependent attackers to cause a denial of service (stack consumption) via a crafted XML document. NOTE: this vulnerability exists because of an incorrect fix fo...
CVE-2018-10864
An uncontrolled resource consumption flaw has been discovered in redhat-certification in the way documents are loaded. A remote attacker may provide an existing but invalid XML file which would be opened and never closed, possibly producing a Denial ...
CVE-2018-10842
It was found that an authenticated user could manipulate user session information to trigger an infinite loop in keycloak. A malicious user could use this flaw to conduct a denial of service attack against the server.
CVE-2017-15138
The OpenShift Enterprise cluster-read can access webhook tokens which would allow an attacker with sufficient privileges to view confidential webhook tokens.
CVE-2018-10931
It was found that cobbler 2.6.x exposed all functions from its CobblerXMLRPCInterface class over XMLRPC. A remote, unauthenticated attacker could use this flaw to gain high privileges within cobbler, upload files to arbitrary location in the context ...
CVE-2018-10915
A vulnerability was found in libpq, the default PostgreSQL client library where libpq failed to properly reset its internal state between connections. If an affected version of libpq was used with "host" or "hostaddr" connection parameters from untru...

Copyright 2018, cxsecurity.com

 

Back to Top