SmgorelikEDB-ID:44745

HistoryFeb 13, 2016 - 12:00 a.m.

Flash ActiveX 28.0.0.137 - Code Execution (2)

2016-02-1300:00:00

smgorelik

www.exploit-db.com

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

8.8 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.973 High

EPSS

Percentile

99.9%

JSON

## CVE-2018-4878 

Pop up a calculator - Requires Flash ActiveX 28.0.0.137

Download: https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/44745.swf

threatpost 4

attackerkb 1

ubuntucve 1

fireeye 7

symantec 1

exploitpack 3

talosblog 1

zdt 3

krebs 1

malwarebytes 18

cve 1

prion 1

trendmicroblog 3

myhack58 3

seebug 1

checkpoint_advisories 1

packetstorm 1

thn 1

kaspersky 1

adobe 2

cisa_kev 1

exploitdb 2

nessus 6

openvas 8

redhatcve 2

mageia 1

freebsd 1

mscve 1

redhat 1

securelist 3

qualysblog 3

gentoo 1

ics 1

threatpost

Massive Spam Campaign Targets Unpatched Systems

2018-02-27 17:55:35

Adobe Patches Zero-Day Vulnerability in Flash Player

2018-12-05 15:18:09

Adobe Flash Player Zero-Day Spotted in the Wild

2018-02-01 15:40:55

attackerkb

CVE-2018-4878

2018-02-06 00:00:00

ubuntucve

CVE-2018-4878

2018-02-06 00:00:00

fireeye

Attacks Leveraging Adobe Zero-Day (CVE-2018-4878) – Threat Attribution, Attack Scenario and Recommendations

2018-02-02 21:15:00

Attacks Leveraging Adobe Zero-Day (CVE-2018-4878) – Threat Attribution, Attack Scenario and Recommendations

2018-02-03 02:15:00

APT37 (Reaper): The Overlooked North Korean Actor

2018-02-20 08:30:00

symantec

Adobe Flash Player CVE-2018-4878 Use After Free Remote Code Execution Vulnerability

2018-02-01 00:00:00

exploitpack

Adobe Flash 28.0.0.161 - Use-After-Free

2018-04-06 00:00:00

Flash ActiveX 28.0.0.137 - Code Execution (2)

2016-02-13 00:00:00

Flash ActiveX 28.0.0.137 - Code Execution (1)

2016-02-16 00:00:00

talosblog

Flash 0-Day In The Wild: Group 123 At The Controls

2018-02-02 08:27:00

zdt

Adobe Flash 28.0.0.137 Remote Code Execution Exploit

2018-04-04 00:00:00

Flash ActiveX 28.0.0.137 - Code Execution Exploit (2)

2018-05-24 00:00:00

Flash ActiveX 28.0.0.137 - Code Execution Exploit (1)

2018-05-24 00:00:00

krebs

Attackers Exploiting Unpatched Flaw in Flash

2018-02-02 14:21:06

malwarebytes

New Flash Player zero-day comes inside Office document

2018-02-05 20:55:16

Week in security (February 26 – March 4)

2018-03-05 17:00:00

Hermes ransomware distributed to South Koreans via recent Flash zero-day

2018-03-14 17:59:32

cve

CVE-2018-4878

2018-02-06 21:29:00

prion

Design/Logic Flaw

2018-02-06 21:29:00

trendmicroblog

This Week in Security News: Trends and Tea Parties

2018-03-02 14:35:07

This Week in Security News: Botnets and Breaches

2018-02-09 14:00:56

TippingPoint Threat Intelligence and Zero-Day Coverage – Week of February 5, 2018

2018-02-09 16:55:38

myhack58

CVE-2018-4878 case: for a Hong Kong Telecommunications Company website is intrusion investigations-vulnerability and early warning-the black bar safety net

2018-04-10 00:00:00

To see the Hidden Bee how to use a new vulnerability propagation-vulnerability warning-the black bar safety net

2018-08-07 00:00:00

The macro perspective of the office vulnerability, 2010-2018-a vulnerability warning-the black bar safety net

2019-06-13 00:00:00

seebug

Adobe Flash Player Use After Free Remote Code Execution Vulnerability(CVE-2018-4878)

2018-02-23 00:00:00

checkpoint_advisories

Adobe Flash Player Use After Free (APSB18-03: CVE-2018-4878)

2018-02-04 00:00:00

packetstorm

Adobe Flash 28.0.0.137 Remote Code Execution

2018-04-04 00:00:00

thn

(Unpatched) Adobe Flash Player Zero-Day Exploit Spotted in the Wild

2018-02-01 19:10:00

kaspersky

KLA11191 Multiple use-after-free vulnerabilities in Adobe Flash Player

2018-02-01 00:00:00

adobe

APSA18-01 Security Advisory for Adobe Flash Player

2018-02-01 00:00:00

APSB18-03 Security updates available for Adobe Flash Player

2018-02-06 00:00:00

cisa_kev

Adobe Flash Player Use-After-Free Vulnerability

2021-11-03 00:00:00

exploitdb

Flash ActiveX 28.0.0.137 - Code Execution (1)

2016-02-16 00:00:00

Adobe Flash < 28.0.0.161 - Use-After-Free

2018-04-06 00:00:00

nessus

Adobe Flash Player <= 28.0.0.137 Use-after-free Remote Code Execution (APSA18-01) (APSB18-03)

2018-02-05 00:00:00

RHEL 6 : flash-plugin (RHSA-2018:0285) (Underminer)

2018-02-08 00:00:00

KB4074595: Security update for Adobe Flash Player (February 2018)

2018-02-07 00:00:00

openvas

Adobe Flash Player Within Google Chrome Multiple RCE Vulnerabilities (APSA18-01) - Windows

2018-02-02 00:00:00

Adobe Flash Player Multiple Remote Code Execution Vulnerabilities - Windows

2018-02-02 00:00:00

Microsoft IE And Microsoft Edge Flash Player Multiple RCE Vulnerabilities

2018-02-02 00:00:00

redhatcve

CVE-2018-4878

2018-02-05 11:19:42

CVE-2018-4877

2018-02-06 20:19:59

mageia

Updated flash-player-plugin packages fix security vulnerability

2018-02-07 16:50:37

freebsd

Flash Player -- multiple vulnerabilities

2018-01-31 00:00:00

mscve

February 2018 Adobe Flash Security Update

2018-02-06 08:00:00

redhat

(RHSA-2018:0285) Critical: flash-plugin security update

2018-02-07 17:47:53

securelist

APT Trends Report Q2 2018

2018-07-10 10:00:22

APT Trends report Q1 2018

2018-04-12 10:00:17

IT threat evolution Q1 2018. Statistics

2018-05-14 10:00:30

qualysblog

Intel Makes Spectre Patch Progress, while Adobe Grapples with Latest Flash Bug

2018-02-09 15:20:40

Top 19+ Vulnerability CVEs in Santa’s Dashboard Tracking

2019-12-27 18:01:22

Managing CISA Known Exploited Vulnerabilities with Qualys VMDR

2022-02-23 05:39:00

gentoo

Adobe Flash Player: Multiple vulnerabilities

2018-03-19 00:00:00

ics

Top 10 Routinely Exploited Vulnerabilities

2020-05-12 12:00:00

Products

Security Intelligence
Non-intrusive assessment
Developers SDK
Windows scanner
Linux scanner
Perimeter control tool
MSSP

Database

Vulnerabilities
Exploits
IOC
Security News
BugBounty
Popular
Wild Exploited
Top Vulnerabilities

Tools

Linux Security Scanner
API integration
Subscriptions
Plugins
Manual Audit

Learn More

Stats
API
Docs
Api-keys
License
Pricing
Glossary
FAQ

Company

Blog
Contacts
About Us
OpenSource
EULA
Brand Guideline
Privacy Policy

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please contact us. Using Vulners services you are accepting Vulners services end-user license agreement

@2024 Vulners Inc

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

8.8 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.973 High

EPSS

Percentile

99.9%

JSON

Related for EDB-ID:44745