← voltar
CVE-2018-4878

CVE-2018-4878

CVSS 7.8 HIGHEPSS 89.6%● KEVCWE-416
Em resumo

O Adobe Flash Player tinha um erro de memória que tentava usar dados já deletados, permitindo que atacantes executassem código malicioso no seu computador. Essa falha foi explorada ativamente por hackers no início de 2018.

Detalhe técnico

Uma vulnerabilidade de use-after-free no componente media player do Primetime SDK do Adobe Flash Player permite execução remota de código através de um ponteiro solto no tratamento de objetos listener. O vetor de ataque é tipicamente através de conteúdo de mídia malicioso, e a exploração bem-sucedida requer que a vítima interaja com conteúdo preparado em um contexto Flash vulnerável.

Resumo gerado e traduzido por IA a partir da descrição oficial.
A use-after-free vulnerability was discovered in Adobe Flash Player before 28.0.0.161. This vulnerability occurs due to a dangling pointer in the Primetime SDK related to media player handling of listener objects. A successful attack can lead to arbitrary code execution. This was exploited in the wild in January and February 2018.
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Produtos afetados
n/a · Adobe Flash Player before 28.0.0.161
PoCs públicas encontradas15
githubgithub.com/vysecurity/CVE-2018-487886githubgithub.com/mdsecactivebreach/CVE-2018-487823githubgithub.com/SyFi/CVE-2018-48787githubgithub.com/B0fH/CVE-2018-48782githubgithub.com/ydl555/CVE-2018-4878-1githubgithub.com/HuanWoWeiLan/SoftwareSystemSecurity-20191githubgithub.com/KathodeN/CVE-2018-48780githubgithub.com/demonsec666/CVE-2018-48780githubgithub.com/lvyoshino/CVE-2018-48780githubgithub.com/ydl555/CVE-2018-48780githubgithub.com/Yable/CVE-2018-48780exploitdbwww.exploit-db.com/exploits/44745não verificadoexploitdbwww.exploit-db.com/exploits/44412não verificadoexploitdbwww.exploit-db.com/exploits/44744não verificadocve_referencewww.exploit-db.com/exploits/44412/não verificado
⚠ Recursos públicos, para você avaliar a exposição de sistemas que controla ou está autorizado a testar. Teste apenas com autorização.

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
http://blog.talosintelligence.com/2018/02/group-123-goes-wild.htmlhttps://access.redhat.com/errata/RHSA-2018:0285https://blog.morphisec.com/flash-exploit-cve-2018-4878-spotted-in-the-wild-massive-malspam-campaignhttps://github.com/cisagov/vulnrichment/issues/196https://github.com/InQuest/malware-samples/tree/master/CVE-2018-4878-Adobe-Flash-DRM-UAF-0dayhttps://github.com/vysec/CVE-2018-4878https://helpx.adobe.com/security/products/flash-player/apsb18-03.htmlhttps://securingtomorrow.mcafee.com/mcafee-labs/hackers-bypassed-adobe-flash-protection-mechanism/https://threatpost.com/adobe-flash-player-zero-day-spotted-in-the-wild/129742/https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-4878https://www.darkreading.com/threat-intelligence/adobe-flash-vulnerability-reappears-in-malicious-word-files/d/d-id/1331139https://www.exploit-db.com/exploits/44412/