cve-2018-4878
Vulnerability from cvelistv5
Published
2018-02-06 20:00
Modified
2024-08-05 05:18
Severity ?
EPSS score ?
Summary
A use-after-free vulnerability was discovered in Adobe Flash Player before 28.0.0.161. This vulnerability occurs due to a dangling pointer in the Primetime SDK related to media player handling of listener objects. A successful attack can lead to arbitrary code execution. This was exploited in the wild in January and February 2018.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | n/a | Adobe Flash Player before 28.0.0.161 |
Version: Adobe Flash Player before 28.0.0.161 |
|
|
|||
CISA Known exploited vulnerability
Data from the Known Exploited Vulnerabilities Catalog
Date added: 2021-11-03
Due date: 2022-05-03
Required action: The impacted product is end-of-life and should be disconnected if still in use.
Used in ransomware: Known
Notes: https://nvd.nist.gov/vuln/detail/CVE-2018-4878
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T05:18:26.723Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://blog.talosintelligence.com/2018/02/group-123-goes-wild.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://threatpost.com/adobe-flash-player-zero-day-spotted-in-the-wild/129742/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://helpx.adobe.com/security/products/flash-player/apsb18-03.html"
},
{
"name": "RHSA-2018:0285",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0285"
},
{
"name": "1040318",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1040318"
},
{
"name": "102893",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/102893"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.fireeye.com/blog/threat-research/2018/02/attacks-leveraging-adobe-zero-day.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blog.morphisec.com/flash-exploit-cve-2018-4878-spotted-in-the-wild-massive-malspam-campaign"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.darkreading.com/threat-intelligence/adobe-flash-vulnerability-reappears-in-malicious-word-files/d/d-id/1331139"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/InQuest/malware-samples/tree/master/CVE-2018-4878-Adobe-Flash-DRM-UAF-0day"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.trendmicro.com/vinfo/us/security/news/vulnerabilities-and-exploits/north-korean-hackers-allegedly-exploit-adobe-flash-player-vulnerability-cve-2018-4878-against-south-korean-targets"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/vysec/CVE-2018-4878"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://securingtomorrow.mcafee.com/mcafee-labs/hackers-bypassed-adobe-flash-protection-mechanism/"
},
{
"name": "44412",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/44412/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Adobe Flash Player before 28.0.0.161",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Adobe Flash Player before 28.0.0.161"
}
]
}
],
"datePublic": "2018-02-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A use-after-free vulnerability was discovered in Adobe Flash Player before 28.0.0.161. This vulnerability occurs due to a dangling pointer in the Primetime SDK related to media player handling of listener objects. A successful attack can lead to arbitrary code execution. This was exploited in the wild in January and February 2018."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "use-after-free",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-05-03T09:57:01",
"orgId": "078d4453-3bcd-4900-85e6-15281da43538",
"shortName": "adobe"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://blog.talosintelligence.com/2018/02/group-123-goes-wild.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://threatpost.com/adobe-flash-player-zero-day-spotted-in-the-wild/129742/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://helpx.adobe.com/security/products/flash-player/apsb18-03.html"
},
{
"name": "RHSA-2018:0285",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:0285"
},
{
"name": "1040318",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1040318"
},
{
"name": "102893",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/102893"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.fireeye.com/blog/threat-research/2018/02/attacks-leveraging-adobe-zero-day.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blog.morphisec.com/flash-exploit-cve-2018-4878-spotted-in-the-wild-massive-malspam-campaign"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.darkreading.com/threat-intelligence/adobe-flash-vulnerability-reappears-in-malicious-word-files/d/d-id/1331139"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/InQuest/malware-samples/tree/master/CVE-2018-4878-Adobe-Flash-DRM-UAF-0day"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.trendmicro.com/vinfo/us/security/news/vulnerabilities-and-exploits/north-korean-hackers-allegedly-exploit-adobe-flash-player-vulnerability-cve-2018-4878-against-south-korean-targets"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/vysec/CVE-2018-4878"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://securingtomorrow.mcafee.com/mcafee-labs/hackers-bypassed-adobe-flash-protection-mechanism/"
},
{
"name": "44412",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/44412/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2018-4878",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Adobe Flash Player before 28.0.0.161",
"version": {
"version_data": [
{
"version_value": "Adobe Flash Player before 28.0.0.161"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A use-after-free vulnerability was discovered in Adobe Flash Player before 28.0.0.161. This vulnerability occurs due to a dangling pointer in the Primetime SDK related to media player handling of listener objects. A successful attack can lead to arbitrary code execution. This was exploited in the wild in January and February 2018."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "use-after-free"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://blog.talosintelligence.com/2018/02/group-123-goes-wild.html",
"refsource": "MISC",
"url": "http://blog.talosintelligence.com/2018/02/group-123-goes-wild.html"
},
{
"name": "https://threatpost.com/adobe-flash-player-zero-day-spotted-in-the-wild/129742/",
"refsource": "MISC",
"url": "https://threatpost.com/adobe-flash-player-zero-day-spotted-in-the-wild/129742/"
},
{
"name": "https://helpx.adobe.com/security/products/flash-player/apsb18-03.html",
"refsource": "MISC",
"url": "https://helpx.adobe.com/security/products/flash-player/apsb18-03.html"
},
{
"name": "RHSA-2018:0285",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0285"
},
{
"name": "1040318",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040318"
},
{
"name": "102893",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102893"
},
{
"name": "https://www.fireeye.com/blog/threat-research/2018/02/attacks-leveraging-adobe-zero-day.html",
"refsource": "MISC",
"url": "https://www.fireeye.com/blog/threat-research/2018/02/attacks-leveraging-adobe-zero-day.html"
},
{
"name": "https://blog.morphisec.com/flash-exploit-cve-2018-4878-spotted-in-the-wild-massive-malspam-campaign",
"refsource": "MISC",
"url": "https://blog.morphisec.com/flash-exploit-cve-2018-4878-spotted-in-the-wild-massive-malspam-campaign"
},
{
"name": "https://www.darkreading.com/threat-intelligence/adobe-flash-vulnerability-reappears-in-malicious-word-files/d/d-id/1331139",
"refsource": "MISC",
"url": "https://www.darkreading.com/threat-intelligence/adobe-flash-vulnerability-reappears-in-malicious-word-files/d/d-id/1331139"
},
{
"name": "https://github.com/InQuest/malware-samples/tree/master/CVE-2018-4878-Adobe-Flash-DRM-UAF-0day",
"refsource": "MISC",
"url": "https://github.com/InQuest/malware-samples/tree/master/CVE-2018-4878-Adobe-Flash-DRM-UAF-0day"
},
{
"name": "https://www.trendmicro.com/vinfo/us/security/news/vulnerabilities-and-exploits/north-korean-hackers-allegedly-exploit-adobe-flash-player-vulnerability-cve-2018-4878-against-south-korean-targets",
"refsource": "MISC",
"url": "https://www.trendmicro.com/vinfo/us/security/news/vulnerabilities-and-exploits/north-korean-hackers-allegedly-exploit-adobe-flash-player-vulnerability-cve-2018-4878-against-south-korean-targets"
},
{
"name": "https://github.com/vysec/CVE-2018-4878",
"refsource": "MISC",
"url": "https://github.com/vysec/CVE-2018-4878"
},
{
"name": "https://securingtomorrow.mcafee.com/mcafee-labs/hackers-bypassed-adobe-flash-protection-mechanism/",
"refsource": "MISC",
"url": "https://securingtomorrow.mcafee.com/mcafee-labs/hackers-bypassed-adobe-flash-protection-mechanism/"
},
{
"name": "44412",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/44412/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
"assignerShortName": "adobe",
"cveId": "CVE-2018-4878",
"datePublished": "2018-02-06T20:00:00",
"dateReserved": "2018-01-03T00:00:00",
"dateUpdated": "2024-08-05T05:18:26.723Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"cisa_known_exploited": {
"cveID": "CVE-2018-4878",
"cwes": "[\"CWE-416\"]",
"dateAdded": "2021-11-03",
"dueDate": "2022-05-03",
"knownRansomwareCampaignUse": "Known",
"notes": "https://nvd.nist.gov/vuln/detail/CVE-2018-4878",
"product": "Flash Player",
"requiredAction": "The impacted product is end-of-life and should be disconnected if still in use.",
"shortDescription": "Adobe Flash Player contains a use-after-free vulnerability that could allow for code execution.",
"vendorProject": "Adobe",
"vulnerabilityName": "Adobe Flash Player Use-After-Free Vulnerability"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2018-4878\",\"sourceIdentifier\":\"psirt@adobe.com\",\"published\":\"2018-02-06T21:29:00.347\",\"lastModified\":\"2024-11-21T04:07:37.703\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A use-after-free vulnerability was discovered in Adobe Flash Player before 28.0.0.161. This vulnerability occurs due to a dangling pointer in the Primetime SDK related to media player handling of listener objects. A successful attack can lead to arbitrary code execution. This was exploited in the wild in January and February 2018.\"},{\"lang\":\"es\",\"value\":\"Se ha descubierto una vulnerabilidad de uso de memoria previamente liberada en Adobe Flash Player, en versiones anteriores a la 28.0.0.161. Esta vulnerabilidad ocurre debido a un puntero pendiente en el SDK Primetime relacionado con la gesti\u00f3n de objetos listener del media player. Un ataque con \u00e9xito podr\u00eda permitir la ejecuci\u00f3n arbitraria de c\u00f3digo. Esto fue explotado \\\"in the wild\\\" en enero y febrero de 2018.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":true,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"cisaExploitAdd\":\"2021-11-03\",\"cisaActionDue\":\"2022-05-03\",\"cisaRequiredAction\":\"The impacted product is end-of-life and should be disconnected if still in use.\",\"cisaVulnerabilityName\":\"Adobe Flash Player Use-After-Free Vulnerability\",\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-416\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"28.0.0.161\",\"matchCriteriaId\":\"BB5FEF26-84B9-4C1D-99AC-9E2E52A92390\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"387021A0-AF36-463C-A605-32EA7DAC172E\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"703AF700-7A70-47E2-BC3A-7FD03B3CA9C1\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A2572D17-1DE6-457B-99CC-64AFD54487EA\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9BBCD86A-E6C7-4444-9D74-F861084090F0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E5ED5807-55B7-47C5-97A6-03233F4FBC3A\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:*:*:*:*:*:edge:*:*\",\"versionEndExcluding\":\"28.0.0.161\",\"matchCriteriaId\":\"EAAD5B21-204E-4215-8892-CF0A78015FF9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:*:*:*:*:*:internet_explorer_11:*:*\",\"versionEndExcluding\":\"28.0.0.161\",\"matchCriteriaId\":\"C28AD3D1-3392-419D-8C5C-182EC92A5DCA\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_10:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FBC814B4-7DEC-4EFC-ABFF-08FFD9FD16AA\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_8.1:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A7F51B5F-AA19-4D31-89FA-6DFAC4BA8F0F\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:*:*:*:*:*:chrome:*:*\",\"versionEndExcluding\":\"28.0.0.161\",\"matchCriteriaId\":\"B5D4890F-79A6-4187-9556-7127678E0E19\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"387021A0-AF36-463C-A605-32EA7DAC172E\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:google:chrome_os:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D32ACF6F-5FF7-4815-8EAD-4719F5FC9B79\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"703AF700-7A70-47E2-BC3A-7FD03B3CA9C1\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A2572D17-1DE6-457B-99CC-64AFD54487EA\"}]}]}],\"references\":[{\"url\":\"http://blog.talosintelligence.com/2018/02/group-123-goes-wild.html\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Technical Description\",\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/102893\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://www.securitytracker.com/id/1040318\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Broken Link\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:0285\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://blog.morphisec.com/flash-exploit-cve-2018-4878-spotted-in-the-wild-massive-malspam-campaign\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://github.com/InQuest/malware-samples/tree/master/CVE-2018-4878-Adobe-Flash-DRM-UAF-0day\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://github.com/vysec/CVE-2018-4878\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://helpx.adobe.com/security/products/flash-player/apsb18-03.html\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://securingtomorrow.mcafee.com/mcafee-labs/hackers-bypassed-adobe-flash-protection-mechanism/\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://threatpost.com/adobe-flash-player-zero-day-spotted-in-the-wild/129742/\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.darkreading.com/threat-intelligence/adobe-flash-vulnerability-reappears-in-malicious-word-files/d/d-id/1331139\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Press/Media Coverage\",\"Third Party Advisory\"]},{\"url\":\"https://www.exploit-db.com/exploits/44412/\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://www.fireeye.com/blog/threat-research/2018/02/attacks-leveraging-adobe-zero-day.html\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.trendmicro.com/vinfo/us/security/news/vulnerabilities-and-exploits/north-korean-hackers-allegedly-exploit-adobe-flash-player-vulnerability-cve-2018-4878-against-south-korean-targets\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Technical Description\",\"Third Party Advisory\"]},{\"url\":\"http://blog.talosintelligence.com/2018/02/group-123-goes-wild.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Technical Description\",\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/102893\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://www.securitytracker.com/id/1040318\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:0285\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://blog.morphisec.com/flash-exploit-cve-2018-4878-spotted-in-the-wild-massive-malspam-campaign\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://github.com/InQuest/malware-samples/tree/master/CVE-2018-4878-Adobe-Flash-DRM-UAF-0day\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://github.com/vysec/CVE-2018-4878\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://helpx.adobe.com/security/products/flash-player/apsb18-03.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://securingtomorrow.mcafee.com/mcafee-labs/hackers-bypassed-adobe-flash-protection-mechanism/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://threatpost.com/adobe-flash-player-zero-day-spotted-in-the-wild/129742/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.darkreading.com/threat-intelligence/adobe-flash-vulnerability-reappears-in-malicious-word-files/d/d-id/1331139\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Press/Media Coverage\",\"Third Party Advisory\"]},{\"url\":\"https://www.exploit-db.com/exploits/44412/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://www.fireeye.com/blog/threat-research/2018/02/attacks-leveraging-adobe-zero-day.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.trendmicro.com/vinfo/us/security/news/vulnerabilities-and-exploits/north-korean-hackers-allegedly-exploit-adobe-flash-player-vulnerability-cve-2018-4878-against-south-korean-targets\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Technical Description\",\"Third Party Advisory\"]}]}}"
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.