Blog

Pradeep Kulkarni
CVE-2018-4878 – Adobe Flash Player use after free (Zero Day) vulnerability Alert!
February 3, 2018

0
Estimated reading time: 1 minute

The recent zero-day vulnerability CVE-2018-4878 in Adobe Flash Player enables attackers to perform a Remote Code Execution on targeted machines. Adobe has released a security advisory APSA18-01 on February 2, 2018 to address this issue. According to Adobe, the in-wild attack is targeted and it impacts limited Windows users.

Vulnerable versions

  • Adobe Flash Player 28.0.0.137 and prior versions

About the vulnerability

This is a use-after-free vulnerability in Adobe Flash player which allows attackers to perform a Remote Code Execution on targeted machines. After successful exploitation, attackers can take control of the vulnerable systems and download and execute malware on them.

Reportedly, the vulnerability is currently being exploited in the wild through a malicious Office document. This office document is an initial attack vector with embedded malicious Flash file. According to the advisory, the malicious office document was distributed through email.

Quick Heal detection

Quick Heal has released the following detection for the vulnerability CVE-2018-4878:

  • Exp.SWF.CVE-2018-4878
  • Exp.OLE.CVE-2018-4878

Quick Heal Security Labs is actively looking for new in-wild exploits for this vulnerability and ensuring coverage for them.

 

Subject Matter Experts

Pradeep Kulkarni, Sameer Patil | Quick Heal Security Labs

Have something to add to this story? Share it in the comments.

Pradeep Kulkarni
About Pradeep Kulkarni
Pradeep Kulkarni is leading the IPS team in Quick Heal Technologies Limited. Having worked in the IT security industry for over 11 years, he has worked on various...
Articles by Pradeep Kulkarni »

No Comments, Be The First!

Your email address will not be published.

CAPTCHA Image