Vulnerability Name:

CVE-2018-4878 (CCN-138568)

Assigned:2018-02-01
Published:2018-02-01
Updated:2022-04-18
Summary:A use-after-free vulnerability was discovered in Adobe Flash Player before 28.0.0.161. This vulnerability occurs due to a dangling pointer in the Primetime SDK related to media player handling of listener objects. A successful attack can lead to arbitrary code execution. This was exploited in the wild in January and February 2018.
CVSS v3 Severity:9.8 Critical (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
8.8 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
8.8 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
7.9 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): Required
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
9.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-416
Vulnerability Consequences:Gain Access
References:Source: MISC
Type: Technical Description, Third Party Advisory
http://blog.talosintelligence.com/2018/02/group-123-goes-wild.html

Source: MITRE
Type: CNA
CVE-2018-4878

Source: BID
Type: Broken Link
102893

Source: CCN
Type: BID-102893
Adobe Flash Player CVE-2018-4878 Use After Free Remote Code Execution Vulnerability

Source: SECTRACK
Type: Broken Link
1040318

Source: REDHAT
Type: Third Party Advisory
RHSA-2018:0285

Source: MISC
Type: Third Party Advisory
https://blog.morphisec.com/flash-exploit-cve-2018-4878-spotted-in-the-wild-massive-malspam-campaign

Source: XF
Type: UNKNOWN
adobe-flash-cve20184878-code-exec(138568)

Source: MISC
Type: Third Party Advisory
https://github.com/InQuest/malware-samples/tree/master/CVE-2018-4878-Adobe-Flash-DRM-UAF-0day

Source: MISC
Type: Third Party Advisory
https://github.com/vysec/CVE-2018-4878

Source: CCN
Type: Adobe Security Bulletin APSB18-01
Security updates available for Adobe Flash Player

Source: MISC
Type: Vendor Advisory
https://helpx.adobe.com/security/products/flash-player/apsb18-03.html

Source: CCN
Type: Packet Storm Security [04-04-2018]
Adobe Flash 28.0.0.137 Remote Code Execution

Source: MISC
Type: Exploit, Third Party Advisory
https://securingtomorrow.mcafee.com/mcafee-labs/hackers-bypassed-adobe-flash-protection-mechanism/

Source: MISC
Type: Third Party Advisory
https://threatpost.com/adobe-flash-player-zero-day-spotted-in-the-wild/129742/

Source: CCN
Type: CYBERSECURITY & INFRASTRUCTURE SECURITY AGENCY
KNOWN EXPLOITED VULNERABILITIES CATALOG

Source: MISC
Type: Press/Media Coverage, Third Party Advisory
https://www.darkreading.com/threat-intelligence/adobe-flash-vulnerability-reappears-in-malicious-word-files/d/d-id/1331139

Source: EXPLOIT-DB
Type: EXPLOIT
Offensive Security Exploit Database [04-06-2018]

Source: EXPLOIT-DB
Type: Exploit, Third Party Advisory, VDB Entry
44412

Source: MISC
Type: Third Party Advisory
https://www.fireeye.com/blog/threat-research/2018/02/attacks-leveraging-adobe-zero-day.html

Source: MISC
Type: Technical Description, Third Party Advisory
https://www.trendmicro.com/vinfo/us/security/news/vulnerabilities-and-exploits/north-korean-hackers-allegedly-exploit-adobe-flash-player-vulnerability-cve-2018-4878-against-south-korean-targets

Vulnerable Configuration:Configuration 1:
  • cpe:/a:adobe:flash_player:*:*:*:*:*:*:*:* (Version < 28.0.0.161)
  • AND
  • cpe:/o:apple:macos:-:*:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows:-:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:-:*:*:*:*:*:*:*

    • Configuration 2:
  • cpe:/o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*

    • Configuration 3:
  • cpe:/a:adobe:flash_player:*:*:*:*:*:edge:*:* (Version < 28.0.0.161)
  • OR cpe:/a:adobe:flash_player:*:*:*:*:*:internet_explorer_11:*:* (Version < 28.0.0.161)
  • AND
  • cpe:/o:microsoft:windows_10:*:*:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_8.1:*:*:*:*:*:*:*:*

    • Configuration 4:
  • cpe:/a:adobe:flash_player:*:*:*:*:*:chrome:*:* (Version < 28.0.0.161)
  • AND
  • cpe:/o:apple:macos:-:*:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows:-:*:*:*:*:*:*:*
  • OR cpe:/o:google:chrome_os:-:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:-:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:adobe:flash_player:28.0.0.137:*:*:*:*:chrome:*:*
  • OR cpe:/a:adobe:flash_player:28.0.0.137:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:flash_player:28.0.0.137:*:*:*:*:internet_explorer_11:*:*
  • OR cpe:/a:adobe:flash_player:28.0.0.137:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:flash_player:28.0.0.137:*:*:*:*:*:*:*
  • AND
  • cpe:/o:microsoft:windows_8:-:-:-:*:-:-:x32:*
  • OR cpe:/o:microsoft:windows_8:::~~~~x64~:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_server_2012:*:*:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_rt:-:*:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_8.1:-:-:-:*:-:-:x32:*
  • OR cpe:/o:microsoft:windows_8.1:::~~~~x64~:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:com.ubuntu.artful:def:20184878000
    V
    		CVE-2018-4878 on Ubuntu 17.10 (artful) - medium.
    2018-02-06
    oval:com.ubuntu.trusty:def:20184878000
    V
    		CVE-2018-4878 on Ubuntu 14.04 LTS (trusty) - medium.
    2018-02-06
    oval:com.ubuntu.xenial:def:20184878000
    V
    		CVE-2018-4878 on Ubuntu 16.04 LTS (xenial) - medium.
    2018-02-06
    oval:com.ubuntu.xenial:def:201848780000000
    V
    		CVE-2018-4878 on Ubuntu 16.04 LTS (xenial) - medium.
    2018-02-06
    BACK
    adobe flash player *
    apple macos -
    microsoft windows -
    linux linux kernel -
    redhat enterprise linux server 6.0
    redhat enterprise linux workstation 6.0
    redhat enterprise linux desktop 6.0
    adobe flash player *
    adobe flash player *
    microsoft windows 10 *
    microsoft windows 8.1 *
    adobe flash player *
    apple macos -
    microsoft windows -
    google chrome os -
    linux linux kernel -
    adobe flash player 28.0.0.137
    adobe flash player 28.0.0.137
    adobe flash player 28.0.0.137
    adobe flash player 28.0.0.137
    adobe flash player 28.0.0.137
    microsoft windows 8 - -
    microsoft windows 8
    microsoft windows server 2012
    microsoft windows rt -
    microsoft windows 8.1 - -
    microsoft windows 8.1
    microsoft windows server 2012 r2
    microsoft windows rt 8.1 -