{"vulnerability": "cve-2018-4878", "sightings": [{"uuid": "e7fdbf92-959d-4bcd-8373-6ae6e3f5dff3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-4878", "type": "seen", "source": "MISP/5dc5795d-5c90-4be7-9f05-548b73e10023", "content": "", "creation_timestamp": "2019-11-08T14:20:28.000000Z"}, {"uuid": "e41a8783-9b8e-44f4-b9ea-dae40ab6dcd6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-4878", "type": "seen", "source": "MISP/5a75681b-7324-4aa1-b19c-5d78ac130003", "content": "", "creation_timestamp": "2018-02-05T10:35:24.000000Z"}, {"uuid": "ce10cb9d-6b0c-4dae-a6b2-e94f13634030", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-4878", "type": "seen", "source": "MISP/5aa1193f-9a38-4802-8751-16c40a950b0c", "content": "", "creation_timestamp": "2018-03-08T11:36:09.000000Z"}, {"uuid": "d014e404-a88c-490d-941c-a9ca8bb7dbfc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-4878", "type": "seen", "source": "MISP/5aa80811-a4a8-45b0-bed0-4118c0a8ab16", "content": "", "creation_timestamp": "2018-03-13T17:23:31.000000Z"}, {"uuid": "953ff9d3-2f99-44ff-8bcb-f7b94eed8224", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-4878", "type": "seen", "source": "MISP/5aa98d8a-3cac-42f0-b224-45d09f590eb0", "content": "", "creation_timestamp": "2018-03-14T21:04:26.000000Z"}, {"uuid": "a07298da-9e93-40c4-b9b2-40ec733d33f4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-4878", "type": "seen", "source": "MISP/5aba062a-8118-4885-afe0-469402de0b81", "content": "", "creation_timestamp": "2018-03-27T09:03:25.000000Z"}, {"uuid": "1662d46e-136f-4ff7-ad5c-a74db2c8b281", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-4878", "type": "seen", "source": "MISP/5b727ea2-9624-4120-8e30-666dac12042b", "content": "", "creation_timestamp": "2018-08-14T07:06:49.000000Z"}, {"uuid": "11c1cc02-ebe8-4661-92f4-d57d3ae12458", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-4878", "type": "seen", "source": "MISP/5b8cfdbc-e684-4d62-95b4-3c5002de0b81", "content": "", "creation_timestamp": "2018-09-03T09:26:25.000000Z"}, {"uuid": "462f6396-3d7a-4d71-9235-157ea94dd448", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-4878", "type": "seen", "source": "MISP/5b92428b-23b8-4a0e-8b3b-2849ac100a5a", "content": "", "creation_timestamp": "2018-09-07T09:30:12.000000Z"}, {"uuid": "51c306f9-3df2-43cd-85c4-82e0ca10c379", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-4878", "type": "seen", "source": "MISP/5dc53d64-eef8-4ee2-bb5c-4b240a3b4631", "content": "", "creation_timestamp": "2019-11-08T10:03:52.000000Z"}, {"uuid": "5034d9b2-aec1-4afd-9cfc-0869b67beeaf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-4878", "type": "seen", "source": "MISP/5da031ad-19e8-48b7-a73f-2ccc0a3b4631", "content": "", "creation_timestamp": "2019-10-11T07:41:10.000000Z"}, {"uuid": "bcfc8a23-9580-4ada-ac61-3c9415a41de8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-4878", "type": "seen", "source": "MISP/f5030aca-7d5a-43a4-ae03-8f4ac8e85422", "content": "", "creation_timestamp": "2021-11-08T08:58:16.000000Z"}, {"uuid": "4fe84cc4-b78c-453c-a36b-035424bb3697", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-4878", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2021-11-20T09:53:52.000000Z"}, {"uuid": "b35a7112-4f84-4f15-8128-8d13e656376b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-4878", "type": "seen", "source": "MISP/25c984dc-dd52-4acc-bc56-5f635160d4b2", "content": "", "creation_timestamp": "2020-10-09T14:41:57.000000Z"}, {"uuid": "ef11f650-8e41-48e7-b21b-74bd0539d57b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-4878", "type": "seen", "source": "MISP/dec58de8-6301-4e10-a4a6-e8a5f9ce5203", "content": "", "creation_timestamp": "2020-10-09T14:19:37.000000Z"}, {"uuid": "4aa0ee5f-3978-4bd8-bb02-100bb85f5120", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-4878", "type": "seen", "source": "MISP/e644af01-4844-46c7-9b67-09acd590b421", "content": "", "creation_timestamp": "2020-10-09T15:27:29.000000Z"}, {"uuid": "9433090b-9909-4596-9648-43f8a133cf73", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-4878", "type": "seen", "source": "MISP/373b418c-0ff6-4bc9-ac2b-c3bbfeb7f155", "content": "", "creation_timestamp": "2020-10-09T16:03:15.000000Z"}, {"uuid": "64f9a663-d990-4a6f-8312-0d22a9e131b2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-4878", "type": "seen", "source": "MISP/37eaa589-7c2e-4382-839f-c4e33c5645e7", "content": "", "creation_timestamp": "2020-10-09T16:17:11.000000Z"}, {"uuid": "ebf32473-d267-4403-906f-7d673b3ece8a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-4878", "type": "seen", "source": "MISP/fd01078e-98cd-414e-9287-0ae7b262dcc0", "content": "", "creation_timestamp": "2020-10-09T16:26:25.000000Z"}, {"uuid": "f9a8bc4d-e8a1-43b9-aece-1caec0f6d42b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-4878", "type": "seen", "source": "MISP/ca74ff54-cd4a-424f-acec-18306fb2f567", "content": "", "creation_timestamp": "2020-10-09T14:26:35.000000Z"}, {"uuid": "6dd4d744-1f44-45d6-9f4a-277b32c4cd3d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-4878", "type": "seen", "source": "MISP/712562c0-3dc7-48e4-b256-6b5bae994e0f", "content": "", "creation_timestamp": "2020-10-09T16:14:33.000000Z"}, {"uuid": "f7cc1fc3-2e9c-428b-9057-f256e99ad6e2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-4878", "type": "seen", "source": "MISP/0ae81f7f-ff99-4f98-8b94-2834b8f7c7e1", "content": "", "creation_timestamp": "2020-10-09T14:33:58.000000Z"}, {"uuid": "0a97b301-eb23-4743-8cee-d30abf7f834d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-4878", "type": "seen", "source": "MISP/875dbc76-9a9c-462d-a103-2f3a09499a11", "content": "", "creation_timestamp": "2020-10-09T16:18:45.000000Z"}, {"uuid": "c6a4ed9e-05af-42e0-91e8-7cb6ad250cdd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-4878", "type": "seen", "source": "MISP/b1e01117-3a22-4c97-b6a2-d7c57caab7ce", "content": "", "creation_timestamp": "2020-10-09T16:30:19.000000Z"}, {"uuid": "0d080104-5c94-4502-9c12-0050767c4af4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-4878", "type": "seen", "source": "MISP/ffb810ae-f457-4c06-b792-251102f2decb", "content": "", "creation_timestamp": "2020-10-09T16:28:31.000000Z"}, {"uuid": "3f47032c-c810-49e7-b97a-a0bf8d5bf9ab", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-4878", "type": "seen", "source": "MISP/e965095d-fcbc-403a-a6e8-8628ca355440", "content": "", "creation_timestamp": "2020-10-09T16:13:08.000000Z"}, {"uuid": "11154937-0e8e-49d7-bc9e-ec5fc510322d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-4878", "type": "seen", "source": "MISP/3c5c6bf8-4c3d-48de-8eb3-49f0d290a01a", "content": "", "creation_timestamp": "2020-10-09T16:26:28.000000Z"}, {"uuid": "41b134c9-59a0-47c0-8d3a-3e350738983d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-4878", "type": "seen", "source": "https://feedsin.space/feed/CISAKevBot/items/2971163", "content": "", "creation_timestamp": "2024-12-24T20:25:12.224089Z"}, {"uuid": "e672acc9-a923-4b5f-b3dc-eed5f9b0aa0d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-4878", "type": "seen", "source": "MISP/5da031ad-19e8-48b7-a73f-2ccc0a3b4631", "content": "", "creation_timestamp": "2025-04-12T02:38:52.000000Z"}, {"uuid": "370b8d76-cc0f-4e9c-9254-5fb3603b24f3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-4878", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2025-02-23T02:09:40.000000Z"}, {"uuid": "0458b8ff-5c66-425c-8ce7-fbfafff6b464", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-4878", "type": "seen", "source": "MISP/d17bd6ef-d68b-317b-ac33-cdbc44c5fc57", "content": "", "creation_timestamp": "2025-08-31T03:12:45.000000Z"}, {"uuid": "c9f274ac-7918-4ff6-a65c-99b469f36b57", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-4878", "type": "seen", "source": "MISP/ab0b745f-bbd5-338e-8b92-97dd0c757e9d", "content": "", "creation_timestamp": "2025-08-31T03:01:03.000000Z"}, {"uuid": "2d38af6f-6d05-49c5-97cf-2c8860b2fa47", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-4878", "type": "seen", "source": "https://t.me/is_n3ws/34", "content": "\u200c\u041a\u043e\u043c\u0430\u043d\u0434\u0430 Recorded Future \u043f\u0440\u043e\u0448\u0435\u0440\u0441\u0442\u0438\u043b\u0430 \u0440\u0435\u043f\u043e\u0437\u0438\u0442\u043e\u0440\u0438\u0438, \u0434\u0430\u0440\u043a\u0432\u0435\u0431 \u0438 \u0441\u043e\u0441\u0442\u0430\u0432\u0438\u043b\u0430 \u0441\u043f\u0438\u0441\u043e\u043a \u043d\u0430\u0438\u0431\u043e\u043b\u0435\u0435 \u0447\u0430\u0441\u0442\u043e \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u0443\u0435\u043c\u044b\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u043f\u043e \u0433\u043e\u0434\u0430\u043c.\u00a0\n\n\n\u200b\u200bCVE-2018-15982\nis a use-after-free in the Flash\u2019s file package com.adobe.tvsdk.mediacore.metadata that can be exploited to deliver and execute malicious code on a victim\u2019s computer. Exploit vector: rtf document with flash object.\n\nCVE-2018-8174\nWindows VBScript Engine Remote Code Execution Vulnerability. Exploit vector:\u00a0 An attacker could embed an ActiveX control marked \"safe for initialization\" in an application or Microsoft Office document.\n\nCVE-2017-11882\nVulnerability in an older version of the Office Equation Editor. Exploit vector: RTF file downloads and runs multiple scripts of different types (VBScript, PowerShell, PHP, others) to download the payload.\n\nCVE-2018-4878\nFlash Player vulnerability. Exploit vector: The Excel file carrying an embedded SWF file with the exploit.\n\nCVE-2019-0752\nA remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. Exploit vector: In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Internet Explorer and then convince a user to view the website. An attacker could also embed an ActiveX control marked \"safe for initialization\" in an application or Microsoft Office document that hosts the IE rendering engine.\n\nCVE-2017-0199\nMS Office zero-day vulnerability. Exploit vector: Microsoft Word RTF (Rich Text Format) document.\n\nCVE-2015-2419\nJScript 9 in Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"JScript9 Memory Corruption Vulnerability.\"\n\nCVE-2018-20250\nWinRAR vulnerability that allows attackers to extract a malicious executable to one of the Windows Startup folder to be executed every time the system is booted.\n\nCVE-2017-8750\nA remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory.\u00a0 Exploit vector: An attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft browsers.\n\nCVE-2012-0158\nA buffer overflow vulnerability in the\u00a0 ListView / TreeView ActiveX controls in the MSCOMCTL.OCX library. The malicious code can be triggered by a specially crafted DOC or RTF file for MS Office versions 2003, 2007 and 2010.\n\nhttps://www.helpnetsecurity.com/2020/02/06/most-exploited-vulnerabilities-2019/", "creation_timestamp": "2020-02-07T07:05:41.000000Z"}, {"uuid": "8f84199d-fcd3-4941-b7c9-606517643314", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2018-4878", "type": "seen", "source": "https://www.govcert.gov.hk/en/alerts_detail.php?id=266", "content": "", "creation_timestamp": "2018-02-07T04:00:00.000000Z"}, {"uuid": "2ca4d2aa-b9cb-4439-8fd5-3e19f8a55fdb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "af0120d0-3dac-4a6a-974b-a9f33d2a9846", "vulnerability": "CVE-2018-4878", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/6927f314-64d5-4b34-921a-a8411ce66416", "content": "", "creation_timestamp": "2026-02-02T12:28:34.265104Z"}, {"uuid": "c4de3e02-55b5-4174-b646-c5234393de23", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-4878", "type": "exploited", "source": "https://t.me/antichat/842", "content": "Adobe Flash \u0441\u043b\u0430\u0432\u0443 \u043f\u043e\u043b\u0443\u0447\u0438\u043b \u043a\u0430\u043a \u043f\u043b\u0430\u0433\u0438\u043d \u043d\u0435\u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u044b\u0439, \u0433\u0443\u0441\u0442\u043e \u0441\u043d\u0430\u0431\u0436\u0435\u043d\u043d\u044b\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044f\u043c\u0438 \u0438 \u043a \u043e\u0442\u043a\u043b\u044e\u0447\u0435\u043d\u0438\u044e \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u043c\u044b\u0439. \u0412\u043e\u0442 \u0438 \u043d\u043e\u0432\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 \u043d\u0435\u043c \u043d\u0430\u0439\u0434\u0435\u043d\u0430 - CVE-2018-4878, \u0438 \u0445\u0430\u043a\u0435\u0440\u0430\u043c\u0438 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u0443\u0435\u0442\u0441\u044f \u0432 wild. \u0415\u0436\u0435\u043b\u0438 \u043f\u043b\u0430\u0433\u0438\u043d\u043e\u043c \u0432\u044b \u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442\u0435\u0441\u044c, \u043c\u043e\u0436\u0435\u0442\u0435 \u043f\u0440\u043e\u0441\u0442\u043e \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 28.0.0.137 \u043f\u0440\u0435\u0432\u044b\u0448\u0430\u044e\u0449\u0435\u0439, \u0430 \u0432 \u0441\u043b\u0443\u0447\u0430\u0435 \u0438\u043d\u043e\u043c - \u043c\u043e\u0436\u043d\u043e \u0438 \u043f\u043e\u043b\u0443\u0447\u0448\u0435 \u0447\u0442\u043e-\u0442\u043e \u0441\u043e\u0442\u0432\u043e\u0440\u0438\u0442\u044c.\n\n\u0422\u0430\u043a \u043a\u0430\u043a HTML5 \u043f\u043e\u0442\u0438\u0445\u043e\u043d\u044c\u043a\u0443 (\u0438\u043b\u0438 \u0443\u0436\u0435 \u0438 \u043d\u0435 \u043f\u043e\u0442\u0438\u0445\u043e\u043d\u044c\u043a\u0443) \u0432\u044b\u0442\u0435\u0441\u043d\u044f\u0435\u0442 Flash, \u043d\u0430 \u043c\u043e\u0431\u0438\u043b\u044c\u043d\u044b\u0445 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u0430\u0445 Flash \u0443\u0436\u0435 \u0438 \u043d\u0435 \u043f\u043e\u0434\u0434\u0435\u0440\u0436\u0438\u0432\u0430\u0435\u0442\u0441\u044f, \u0438 \u0432\u043e\u043e\u0431\u0449\u0435, \u0432\u044b \u043c\u0430\u043b\u043e \u0433\u0434\u0435 \u043c\u043e\u0436\u0435\u0442\u0435 \u0432\u0441\u0442\u0440\u0435\u0442\u0438\u0442\u044c \u043f\u043e\u0442\u0440\u0435\u0431\u043d\u043e\u0441\u0442\u044c \u0432 \u043d\u0435\u043c, \u0441\u0430\u043c\u044b\u0439 \u0434\u0435\u0439\u0441\u0442\u0432\u0435\u043d\u043d\u044b\u0439 \u0441\u043f\u043e\u0441\u043e\u0431 - \u043e\u0442\u043a\u043b\u044e\u0447\u0438\u0442\u044c \u0438\u043b\u0438 \u0443\u0434\u0430\u043b\u0438\u0442\u044c \u0435\u0433\u043e. \u0415\u0441\u043b\u0438 \u043d\u0430 \u0442\u0430\u043a\u043e\u0435 \u0432\u044b \u043f\u043e\u043a\u0430 \u0440\u0435\u0448\u0438\u0442\u044c\u0441\u044f \u043d\u0435 \u0433\u043e\u0442\u043e\u0432\u044b, \u043e\u0431\u044f\u0437\u0430\u0442\u0435\u043b\u044c\u043d\u043e \u0441\u0442\u043e\u0438\u0442 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u044e \u043f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0438\u044f \u0437\u0430\u043f\u0443\u0441\u043a\u0430 \u0441\u043e\u0434\u0435\u0440\u0436\u0438\u043c\u043e\u0433\u043e \u0434\u043b\u044f \u0444\u043b\u0435\u0448\u0430.\n\nInternet Explorer\n\n\u0422\u0443\u0442 \u0443 \u043d\u0430\u0441 \u0444\u043b\u0435\u0448 \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043b\u0435\u043d \u043f\u043e \u0443\u043c\u043e\u043b\u0447\u0430\u043d\u0438\u044e.\n\n\u0427\u0442\u043e\u0431\u044b \u043e\u0442\u043a\u043b\u044e\u0447\u0438\u0442\u044c: \u043e\u0442\u043a\u0440\u044b\u0432\u0430\u0435\u043c \u043c\u0435\u043d\u044e -> \"Manage add-ons\" -> \"All add-ons\", \u043d\u0430\u0445\u043e\u0434\u0438\u043c \"Shockwave Flash Object\" \u0438 \u0436\u043c\u0435\u043c \"Disable\".\n\n\u041e\u0442\u043a\u043b\u044e\u0447\u0430\u0435\u043c \u043c\u0430\u0441\u0441\u043e\u0432\u043e: \u0447\u0435\u0440\u0435\u0437 \u0433\u0440\u0443\u043f\u043f\u043e\u0432\u044b\u0435 \u043f\u043e\u043b\u0438\u0442\u0438\u043a\u0438 \u0432 User Configuration\\Windows Components\\Internet Explorer\\Security Features\\Add-on Management:Turn off Adobe Flash in Internet Explorer and prevent applications from using Internet Explorer technology to instantiate Flash objects\n\n\u0412\u043a\u043b\u044e\u0447\u0430\u0435\u043c \u0437\u0430\u043f\u0440\u043e\u0441 \u043e \u0437\u0430\u043f\u0443\u0441\u043a\u0435: \u043e\u0442\u043a\u0440\u044b\u0432\u0430\u0435\u043c \u043c\u0435\u043d\u044e -> \"Manage add-ons\" -> \"All add-ons\", \u043d\u0430\u0445\u043e\u0434\u0438\u043c \"Shockwave Flash Object\", \u0436\u043c\u0430\u043a\u0430\u0435\u043c \u043f\u0440\u0430\u043a\u043e\u0439 \u043a\u043d\u043e\u043f\u043a\u043e\u0439 \u0438 \"More information\". \u0422\u0430\u043c \u0435\u0441\u0442\u044c \u043f\u043e\u043b\u0435 \u0441 \u043f\u0435\u0440\u0435\u0447\u043d\u0435\u043c \u0440\u0430\u0437\u0440\u0435\u0448\u0435\u043d\u043d\u044b\u0445 \u0441\u0430\u0439\u0442\u043e\u0432, \u0430 \u043f\u043e\u0434 \u043d\u0438\u043c \u043a\u043d\u043e\u043f\u043a\u0430 \"Remove all sites\", \u0436\u043c\u0435\u043c \u0435\u0435 \u0438 \u0433\u043e\u0442\u043e\u0432\u043e.\n\nMicrosoft Edge\n\n\u041e\u043f\u044f\u0442\u044c \u0436\u0435, \u0444\u043b\u0435\u0448 \u0434\u043e\u0431\u0430\u0432\u043b\u0435\u043d \u043f\u043e \u0443\u043c\u043e\u043b\u0447\u0430\u043d\u0438\u044e.\n\n\u041e\u0442\u043a\u043b\u044e\u0447\u0438\u0442\u044c: Settings -> \"View advanced settings\", \u043d\u0430\u0439\u0442\u0438 \"Use Adobe Flash Player\" \u0438 \u043e\u0442\u043a\u043b\u044e\u0447\u0438\u0442\u044c.\n\n\u041e\u0442\u043a\u043b\u044e\u0447\u0438\u0442\u044c \u043c\u0430\u0441\u0441\u043e\u0432\u043e: \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u0433\u0440\u0443\u043f\u043f\u043e\u0432\u043e\u0439 \u043f\u043e\u043b\u0438\u0442\u0438\u043a\u0438 Computer Configuration\\Policies\\Administrative Templates\\Windows Components\\Microsoft Edge\\Allow Adobe Flash\n\n\u0412\u043a\u043b\u044e\u0447\u0430\u0435\u043c \u0437\u0430\u043f\u0440\u043e\u0441 \u043e \u0437\u0430\u043f\u0443\u0441\u043a\u0435: \u043c\u0430\u0441\u0441\u043e\u0432\u043e \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u0433\u0440\u0443\u043f\u043f\u043e\u0432\u043e\u0439 \u043f\u043e\u043b\u0438\u0442\u0438\u043a\u0438 Computer Configuration\\Policies\\Administrative Templates\\Windows Components\\Microsoft Edge\\Configure the Adobe Flash Click-to-Run setting \u0438\u043b\u0438 \u0432 \u0440\u0435\u0435\u0441\u0442\u0440\u0435 HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\MicrosoftEdge\\Security\\:FlashClickToRunMode \u0432 \u0437\u043d\u0430\u0447\u0435\u043d\u0438\u0435 1.\n\nChrome\n\n\u041f\u043e \u0443\u043c\u043e\u043b\u0447\u0430\u043d\u0438\u044e \u0444\u043b\u0435\u0448 \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043b\u0435\u043d.\n\n\u041e\u0442\u043a\u043b\u044e\u0447\u0438\u0442\u044c: \u043e\u0442\u043a\u0440\u044b\u0432\u0430\u0435\u043c chrome://plugins/, \u043d\u0430\u0445\u043e\u0434\u0438\u043c Adobe Flash Player \u0438 \u043a\u043b\u0438\u043a\u0430\u0435\u043c \"\u041e\u0442\u043a\u043b\u044e\u0447\u0438\u0442\u044c\".\n\n\u0412\u043a\u043b\u044e\u0447\u0438\u0442\u044c \u0437\u0430\u043f\u0440\u043e\u0441 \u043e \u0437\u0430\u043f\u0443\u0441\u043a\u0435: \u043c\u0430\u0441\u0441\u043e\u0432\u043e \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u043f\u043e\u043b\u0438\u0442\u0438\u043a\u0438 Computer Configuration\\Administrative Templates\\Google\\Google Chrome\\Content Settings\\Default Plugins Setting. \u0418\u043b\u0438 \u0432 Settings -> Show Advanced Settings -> Content settings, \u043d\u0430\u0445\u043e\u0434\u0438\u043c \"Plugins\" \u0438 \u0432\u044b\u0431\u0438\u0440\u0430\u0435\u043c \"Let me choose when to run plugin content\", \u0430 \u0435\u0449\u0435 \u043f\u043e\u0434 \u043d\u0438\u043c \u043f\u0440\u043e\u0432\u0435\u0440\u044f\u0435\u043c \u0438\u0441\u043a\u043b\u044e\u0447\u0435\u043d\u0438\u044f.\n\nFirefox\n\n\u0424\u043b\u0435\u0448 \u043d\u0435 \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043b\u0435\u043d \u043f\u043e \u0443\u043c\u043e\u043b\u0447\u0430\u043d\u0438\u044e.\n\n\u0412\u044b\u0431\u0440\u0430\u0442\u044c \u043f\u043e\u0432\u0435\u0434\u0435\u043d\u0438\u0435: Tools -> Addons -> Plugins, \u043d\u0430\u0445\u043e\u0434\u0438\u043c Flash \u0438 \u0432\u044b\u0431\u0438\u0440\u0430\u0435\u043c \u043e\u043f\u0446\u0438\u044e \"Ask to activate\" \u0438\u043b\u0438 \"Never activate\".", "creation_timestamp": "2018-02-05T08:38:33.000000Z"}, {"uuid": "18c9a364-734f-4d41-bd49-e74cebf75e7e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-4878", "type": "seen", "source": "Telegram/KOy__DorLE_kmFAVzT6b5R2Jewb6fqrH0ghnS2ZeQ1yX8eY", "content": "", "creation_timestamp": "2023-04-10T01:13:31.000000Z"}, {"uuid": "634ccdff-511d-4869-ba9c-11898bb2622c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-4878", "type": "seen", "source": "https://t.me/HackerOne/1689", "content": "https://blog.morphisec.com/cve-2018-4878-an-analysis-of-the-flash-player-hack", "creation_timestamp": "2018-02-09T15:48:05.000000Z"}, {"uuid": "cea22eb2-4e26-43a4-acc0-6cd0be2a1671", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-4878", "type": "exploited", "source": "https://t.me/information_security_channel/24061", "content": "Fallout is an exploit kit (EK) first identified at the end of August 2018. It was first seen as a part of a malvertising campaign affecting users in Japan, Korea, the Middle East, Southern Europe, and others in the Asia Pacific. Fallout was observed exploiting vulnerabilities CVE-2018-4878 and CVE-2018-8174 and distributing the Gandcrab ransomware to [\u2026]\nThe post Improved Fallout Exploit Kit \u2013 Now supports HTTPS and Flash exploit (CVE-2018-15982) (https://gbhackers.com/improved-fallout-exploit-kit/) appeared first on GBHackers On Security (https://gbhackers.com/).", "creation_timestamp": "2019-01-26T15:49:49.000000Z"}, {"uuid": "ceab388d-cf3d-484e-80d5-09263a5e5b1a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-4878", "type": "exploited", "source": "https://t.me/information_security_channel/12932", "content": "An analysis of an MS office document exploiting a zero-day flash player vulnerability (CVE-2018-4878)\nhttp://blogs.quickheal.com/analysis-ms-office-document-exploiting-zero-day-flash-player-vulnerability-cve-2018-4878/\n\nImportant update! Adobe Systems released a critical security update on 6.02.2017 to fix the vulnerability discussed in this post. We recommend you to apply the update immediately. Summary of the vulnerability CVE-2018-4878 is a use-after-free vulnerability present in Adobe Flash Player 28.0.0.137 and its earlier versions are being exploited in\u2026", "creation_timestamp": "2018-02-07T15:17:38.000000Z"}, {"uuid": "0b8670c0-25cd-4817-8719-4ceb4b3a5b4f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-4878", "type": "exploited", "source": "https://t.me/information_security_channel/12807", "content": "So another 0-Day Flash Vulnerability is being exploited in the Wild, a previously unknown flaw which has been labelled CVE-2018-4878 and it affects 28.0.0.137 and earlier versions for both Windows and Mac (the desktop runtime) and for basically everything in the Chrome Flash Player (Windows, Mac, Linux and Chrome OS).\n\nThe full Adobe Security Advisory can be found here:\n\u2013 Security Advisory for Flash Player | APSA18-01\nAdobe warned on Thursday that attackers are exploiting a previously unknown security hole in its Flash Player software to break into Microsoft Windows computers.\nRead the rest of 0-Day Flash Vulnerability Exploited In The Wild now! Only available at Darknet. (https://www.darknet.org.uk/2018/02/0-day-flash-vulnerability-exploited-in-the-wild/)", "creation_timestamp": "2018-02-03T13:10:56.000000Z"}, {"uuid": "e756c6cd-b64b-4160-a871-0dcc09bb8390", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-4878", "type": "exploited", "source": "https://t.me/information_security_channel/12804", "content": "CVE-2018-4878 \u2013 Adobe Flash Player use after free (Zero Day) vulnerability Alert!\nhttp://blogs.quickheal.com/cve-2018-4878-adobe-flash-player-use-free-zero-day-vulnerability-alert/\n\nThe recent zero-day vulnerability CVE-2018-4878 in Adobe Flash Player enables attackers to perform a Remote Code Execution on targeted machines. Adobe has released a security advisory APSA18-01 on February 2, 2018 to address this issue. According to Adobe the in wild attack is targeted and it impacts limited windows users\u2026.", "creation_timestamp": "2018-02-03T11:51:46.000000Z"}, {"uuid": "f21c51a2-ddc3-4a1f-9888-4dd9cc08c386", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-4878", "type": "exploited", "source": "https://t.me/information_security_channel/15213", "content": "Watering Hole Attack Exploits North Korea's Flash Flaw\nhttp://feedproxy.google.com/~r/Securityweek/~3/7f4KoeGOFVM/watering-hole-attack-exploits-north-koreas-flash-flaw\n\nAn attack leveraging the compromised website of a Hong Kong telecommunications company is using a recently patched Flash vulnerability that has been exploited by North Korea since mid-November 2017, Morphisec warns.\nThe targeted vulnerability, CVE-2018-4878, first became public in early February, after South Korea\u2019s Internet & Security Agency (KISA) issued an alert on it being abused by a North Korean hacker group. Adobe patched the flaw within a week. \nBy the end of February, cybercriminals were already abusing the vulnerability. The newly observed incident, Morphisec notes, is a textbook case of a watering hole assault. As part of such attacks, which are mainly focused on cyber-espionage, actors plant malware on websites their victims are likely to visit. \nThe newly observed incident revealed advanced evasive characteristics, as it was purely fileless, without persistence or any trace on the disk. Furthermore, it used a custom protocol on a non-filtered port.\n\u201cGenerally, this advanced type of watering hole attack is highly targeted in nature and suggests that a very advanced group is behind it,\u201d the security researchers note. \nThe Flash exploit used in this assault was highly similar to the one detailed in the previous analysis of the CVE-2018-4878 vulnerability, albeit it employs a different shellcode executed post exploitation. \nThe shellcode executes rundll32.exe and overwrites its memory with malicious code. This malicious code was designed to download additional code directly into the memory of the rundll32 process.\nThe security researchers also discovered that the command and control (C&C) server uses a custom protocol over the 443 port to communicate with the victim. \u00a0\nThe additional code downloaded into the memory of rundll32 includes Metasploit Meterpreter and Mimikatz modules. Most of the modules were compiled on February 15, less than a week before the attack.\n\u201cAs our analysis shows, this watering hole attack is of advanced evasive nature. Being purely fileless, without persistence or any trace on the disk, and the use of custom protocol on a non-filtered port, makes it a perfect stepping stone for a highly targeted attack chain. This clearly suggests that very advanced threat actors are responsible for it,\u201d Morphisec says. \nDespite these advanced evasive features, the attack used basic Metasploit framework components that were compiled just before the attack and lacked any sophistication, obfuscation or evasion, which creates confusion and makes it difficult to pinpoint the attack to an actor. \nAccording to Morphisec, this attack, the exploit kits that were updated to target CVE-2018-4878, the campaign observed a few weeks ago, the vulnerability\u2019s abuse by nation-based groups, all creates a certain sense of d\u00e9j\u00e0 vu. \n\u201cIt is like the anarchy of 2-3 years ago when we had new exploits targeting a particular vulnerability discovered every week. Each one different enough to evade detection for those crucial first moments and security solutions always racing to catch up,\u201d the security firm concludes. \nRelated: North Korea's Flash Player Flaw Now Exploited by Cybercriminals\nRelated: Adobe Patches Flash Zero-Day Exploited by North Korean Hackers", "creation_timestamp": "2018-03-26T19:10:50.000000Z"}, {"uuid": "39797794-cf0a-4d40-8abc-18c0ac6d27c5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-4878", "type": "exploited", "source": "https://t.me/information_security_channel/15313", "content": "New \"ThreadKit\" Office Exploit Builder Emerges\nhttp://feedproxy.google.com/~r/Securityweek/~3/7de3m_eM7i8/new-threadkit-office-exploit-builder-emerges\n\nA newly discovered Microsoft Office document exploit builder kit has been used for the distribution of a variety of malicious payloads, including banking Trojans and backdoors, Proofpoint reports.\nThe exploit builder kit was initially discovered in October 2017, but Proofpoint's researchers have linked it to activity dating back to June 2017. The builder kit shows similarities to Microsoft Word Intruder (MWI), but is a new tool called ThreadKit.\nIn June 2017, the kit was being advertised in a forum post as being able to create documents with embedded executables and embedded decoy documents, and several campaigns featuring such documents were observed that month. The documents would perform an initial check-in to the command and control (C&C) server, a tactic also used by MWI. \nThe documents were targeting CVE-2017-0199 and were focused on downloading and executing a HTA file that would then download the decoy and a malicious VB script to extract and run the embedded executable. The payload was Smoke Loader, which in turn downloaded banking malware.\nIn October, ThreadKit started targeting CVE 2017-8759 as well, but continued to use the initial C&C check-in and the HTA file to execute the embedded executable, Proofpoint says (https://www.proofpoint.com/us/threat-insight/post/unraveling-ThreadKit-new-document-exploit-builder-distribute-The-Trick-Formbook-Loki-Bot-malware). However, changes were made to the manner in which the exploit documents operate and new exploits were integrated as well. \nIn November, ThreadKit was quick to incorporate exploits for new Microsoft Office vulnerabilities, and started being advertised as capable of targeting CVE 2017-11882 too. Soon after, campaigns that featured the previously observed check-in already started to emerge. \nIn February and March 2018, the kit was embedding new exploits, targeting vulnerabilities such as an Adobe Flash zero-day (CVE-2018-4878) and several new Microsoft office vulnerabilities, including CVE-2018-0802 and CVE-2017-8570. \nAt the same time, the researchers noticed a large spike in email campaigns featuring ThreadKit-generated Office attachments packing these exploits. The exploits appear copied from proofs of concept available on a researcher\u2019s GitHub repo. \nAs part of these attacks, the attachments would drop the contained packager objects into the temp folder, then the exploits would execute the dropped scriptlet file, thus leading to the execution of the dropped batch files, which in turn run the executable.\nProofpoint found that not all ThreadKit documents contain a valid URL for the statistics check-in (some contain placeholder URLs). Furthermore, not all documents followed the same execution chain, with some scripts modified to perform other actions, a customization that may be provided as a service by the kit author.\n\u201cIn 2017, several new vulnerabilities entered regular use by threat actors and the first months of 2018 have added to that repertoire. Document exploit builder kits like ThreadKit enable even low-skilled threat actors to take advantage of the latest vulnerabilities to distribute malware. Organizations and individuals can mitigate the risk from ThreadKit and other document exploit-based attacks by ensuring that clients are patched for the latest vulnerabilities in Microsoft office and other applications,\u201d Proofpoint concludes. \nRelated: Microsoft Patches Zero-Day Vulnerability in Office\nRelated: Microsoft Manually Patched Office Component: Researchers", "creation_timestamp": "2018-03-27T17:57:22.000000Z"}, {"uuid": "7b4b491e-68e8-46d6-a92a-683eeb2edc8b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-4878", "type": "exploited", "source": "https://t.me/information_security_channel/13576", "content": "Adobe Flash Vulnerability Reappears in Malicious Word Files\nhttps://www.darkreading.com/threat-intelligence/adobe-flash-vulnerability-reappears-in-malicious-word-files/d/d-id/1331139?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple\n\nCVE-2018-4878, a Flash zero-day patched earlier this month, has resurfaced in another campaign as attackers capitalize on the bug.", "creation_timestamp": "2018-02-26T22:53:48.000000Z"}, {"uuid": "b832fd01-21a6-4f05-804a-c28c47439e48", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-4878", "type": "exploited", "source": "https://t.me/canyoupwnme/3184", "content": "Attacks Leveraging Adobe Zero-Day (CVE-2018-4878) \u2013 Threat Attribution, Attack Scenario and Recommendations\nhttps://www.fireeye.com/blog/threat-research/2018/02/attacks-leveraging-adobe-zero-day.html", "creation_timestamp": "2018-02-03T13:57:13.000000Z"}, {"uuid": "5b9aa79e-30cc-4ce7-894a-8c85bd041810", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-4878", "type": "seen", "source": "https://t.me/canyoupwnme/3222", "content": "Adobe Flash Exploitation, Then and Now: From CVE-2015-5119 to CVE-2018-4878\nhttps://www.mdsec.co.uk/2018/02/adobe-flash-exploitation-then-and-now-from-cve-2015-5119-to-cve-2018-4878/", "creation_timestamp": "2018-02-09T18:11:35.000000Z"}, {"uuid": "b8fd58fb-7cb1-4cc2-a1e9-2a2fe3b0f31b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-4878", "type": "exploited", "source": "https://t.me/SecLabNews/1435", "content": "\u041a\u043e\u043c\u043f\u044c\u044e\u0442\u0435\u0440\u043d\u0430\u044f \u0433\u0440\u0443\u043f\u043f\u0430 \u0440\u0435\u0430\u0433\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u043d\u0430 \u0447\u0440\u0435\u0437\u0432\u044b\u0447\u0430\u0439\u043d\u044b\u0435 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u044b (CERT) \u042e\u0436\u043d\u043e\u0439 \u041a\u043e\u0440\u0435\u0438 \u0441\u043e\u043e\u0431\u0449\u0438\u043b\u0430 \u043e \u043d\u043e\u0432\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043d\u0443\u043b\u0435\u0432\u043e\u0433\u043e \u0434\u043d\u044f \u0432 Adobe Flash Player, \u0443\u0436\u0435 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u0443\u0435\u043c\u043e\u0439 \u0445\u0430\u043a\u0435\u0440\u0430\u043c\u0438 \u0432 \u0440\u0435\u0430\u043b\u044c\u043d\u044b\u0445 \u0430\u0442\u0430\u043a\u0430\u0445. \u041f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 (CVE-2018-4878) \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u0435\u0442 \u0442\u0435\u043a\u0443\u0449\u0443\u044e \u0432\u0435\u0440\u0441\u0438\u044e \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u0430 28.0.0.137 \u0438 \u0431\u043e\u043b\u0435\u0435 \u0440\u0430\u043d\u043d\u0438\u0435.\n\u0412 Flash Player \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043d\u0443\u043b\u0435\u0432\u043e\u0433\u043e \u0434\u043d\u044f", "creation_timestamp": "2018-02-02T07:54:56.000000Z"}, {"uuid": "bd83e3ff-2558-4a43-946e-4bd77d11783b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-4878", "type": "exploited", "source": "https://t.me/SecLabNews/1623", "content": "\u0412 \u043d\u0430\u0447\u0430\u043b\u0435 \u0444\u0435\u0432\u0440\u0430\u043b\u044f \u043d\u044b\u043d\u0435\u0448\u043d\u0435\u0433\u043e \u0433\u043e\u0434\u0430 SecurityLab \u0441\u043e\u043e\u0431\u0449\u0438\u043b \u043e \u043d\u043e\u0432\u043e\u0439 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043d\u0443\u043b\u0435\u0432\u043e\u0433\u043e \u0434\u043d\u044f \u0432 Adobe Flash Player (CVE-2018-4878), \u0430\u043a\u0442\u0438\u0432\u043d\u043e \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u0443\u0435\u043c\u043e\u0439 \u0445\u0430\u043a\u0435\u0440\u0441\u043a\u043e\u0439 \u0433\u0440\u0443\u043f\u043f\u0438\u0440\u043e\u0432\u043a\u043e\u0439 APT37 (\u0442\u0430\u043a\u0436\u0435 \u0438\u0437\u0432\u0435\u0441\u0442\u043d\u0430 \u043a\u0430\u043a Reaper, Group123 \u0438 ScarCruft) \u0432 \u0430\u0442\u0430\u043a\u0430\u0445 \u043f\u0440\u043e\u0442\u0438\u0432 \u042e\u0436\u043d\u043e\u0439 \u041a\u043e\u0440\u0435\u0438. \u0425\u043e\u0442\u044f Adobe \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 \u043a\u043e\u0440\u0440\u0435\u043a\u0442\u0438\u0440\u0443\u044e\u0449\u0435\u0435 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 Flash Player 28.0.0.161 \u0441\u043f\u0443\u0441\u0442\u044f \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u043e \u0434\u043d\u0435\u0439 \u043f\u043e\u0441\u043b\u0435 \u043e\u0431\u043d\u0430\u0440\u043e\u0434\u043e\u0432\u0430\u043d\u0438\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438 \u043e \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0435, \u043c\u043d\u043e\u0433\u0438\u0435 \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0438 \u043f\u043e-\u043f\u0440\u0435\u0436\u043d\u0435\u043c\u0443 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0442 \u0443\u044f\u0437\u0432\u0438\u043c\u0443\u044e \u0432\u0435\u0440\u0441\u0438\u044e \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u0430, \u0447\u0435\u043c \u0438 \u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0442\u0441\u044f \u043a\u0438\u0431\u0435\u0440\u043f\u0440\u0435\u0441\u0442\u0443\u043f\u043d\u0438\u043a\u0438.\n\u0425\u0430\u043a\u0435\u0440\u044b \u0430\u043a\u0442\u0438\u0432\u043d\u043e \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u0443\u044e\u0442 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 Adobe Flash Player", "creation_timestamp": "2018-02-27T11:17:11.000000Z"}, {"uuid": "e913e7e4-d8cd-4758-949e-dd253b265791", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2018-4878", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/92", "content": "#exploit\n1. CVE-2018-10933:\nlibssh authentication bypass, a vulnerable Docker container that listens on port 2222 for exploitation\nhttps://github.com/hackerhouse-opensource/cve-2018-10933\n]-> PoC: https://gist.github.com/mlosapio/2062ebf943485a7289d226e0d00498e7\n\n2. CVE-2018-4878:\nFLASH 0-day\nhttps://www.mdsec.co.uk/2018/02/adobe-flash-exploitation-then-and-now-from-cve-2015-5119-to-cve-2018-4878\n]-> PoC: https://mp.weixin.qq.com/s/F2N04exaW8QO1IeHRZgmfg", "creation_timestamp": "2023-02-15T22:29:55.000000Z"}]}