CVE-2018-4878

A use-after-free vulnerability was discovered in Adobe Flash Player before 28.0.0.161. This vulnerability occurs due to a dangling pointer in the...

Basic Information

CVE State: PUBLISHED
Reserved Date: January 03, 2018
Published Date: February 06, 2018
Last Updated: November 17, 2025
Vendor: Adobe
Product: Adobe Flash Player before 28.0.0.161
Description: A use-after-free vulnerability was discovered in Adobe Flash Player before 28.0.0.161. This vulnerability occurs due to a dangling pointer in the Primetime SDK related to media player handling of listener objects. A successful attack can lead to arbitrary code execution. This was exploited in the wild in January and February 2018.
Tags

CVSS Scores

CVSS v3.1

7.8 - HIGH

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS v2.0

7.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

SSVC Information

Exploitation: active
Technical Impact: total

Exploit Status

Exploited in the Wild: Yes (2021-11-03 00:00:00 UTC) Source
Used in Malware: Yes (added 2021-11-03 00:00:00 UTC) Source

References

http://blog.talosintelligence.com/2018/02/group-123-goes-wild.html https://threatpost.com/adobe-flash-player-zero-day-spotted-in-the-wild/129742/ https://helpx.adobe.com/security/products/flash-player/apsb18-03.html https://access.redhat.com/errata/RHSA-2018:0285 http://www.securitytracker.com/id/1040318 http://www.securityfocus.com/bid/102893 https://www.fireeye.com/blog/threat-research/2018/02/attacks-leveraging-adobe-zero-day.html https://blog.morphisec.com/flash-exploit-cve-2018-4878-spotted-in-the-wild-massive-malspam-campaign https://www.darkreading.com/threat-intelligence/adobe-flash-vulnerability-reappears-in-malicious-word-files/d/d-id/1331139 https://github.com/InQuest/malware-samples/tree/master/CVE-2018-4878-Adobe-Flash-DRM-UAF-0day https://www.trendmicro.com/vinfo/us/security/news/vulnerabilities-and-exploits/north-korean-hackers-allegedly-exploit-adobe-flash-player-vulnerability-cve-2018-4878-against-south-korean-targets https://github.com/vysec/CVE-2018-4878 https://securingtomorrow.mcafee.com/mcafee-labs/hackers-bypassed-adobe-flash-protection-mechanism/ https://www.exploit-db.com/exploits/44412/

Known Exploited Vulnerability Information

Source	Added Date
CISA	2021-11-03 00:00:00 UTC
CISA	2021-11-03 00:00:00 UTC

Potential Proof of Concepts

Warning: These PoCs have not been tested and could contain malware. Use at your own risk.

lvyoshino/CVE-2018-4878

Type: github • Created: 2021-04-30 20:45:39 UTC • Stars: 0

Yable/CVE-2018-4878

Type: github • Created: 2018-12-19 13:22:03 UTC • Stars: 0

B0fH/CVE-2018-4878

Type: github • Created: 2018-10-17 02:11:24 UTC • Stars: 2

Metasploit module for CVE-2018-4878

ydl555/CVE-2018-4878

Type: github • Created: 2018-06-12 02:57:59 UTC • Stars: 0

CVE-2018-4878 flash 0day

SyFi/CVE-2018-4878

Type: github • Created: 2018-04-04 04:33:44 UTC • Stars: 8

Flash Exploit Poc

KathodeN/CVE-2018-4878

Type: github • Created: 2018-02-23 19:24:40 UTC • Stars: 0

CVE-2018-4878 样本

vysecurity/CVE-2018-4878

Type: github • Created: 2018-02-10 09:30:18 UTC • Stars: 87

Aggressor Script to launch IE driveby for CVE-2018-4878

demonsec666/CVE-2018-4878

Type: github • Created: 2018-02-09 22:32:11 UTC • Stars: 0

Aggressor Script to just launch IE driveby for CVE-2018-4878

mdsecactivebreach/CVE-2018-4878

Type: github • Created: 2018-02-09 13:30:46 UTC • Stars: 23

ydl555/CVE-2018-4878-

Type: github • Created: 2018-01-20 12:32:26 UTC • Stars: 1

备忘：flash挂马工具备份 CVE-2018-4878

Timeline

CVE ID Reserved

January 03, 2018
CVE Published to Public

February 06, 2018
Exploit Used in Malware

November 03, 2021
Added to KEVIntel

November 03, 2021
Added to KEVIntel

November 03, 2021