Adobe Flash Player 28.0.0.161 addresses critical use-after-free vulnerabilities that could lead to remote code execution (CVE-2018-4877, CVE-2018-4878). Successful exploitation could potentially allow an attacker to take control of the affected system. Adobe is aware of a report that an exploit for CVE-2018-4878 exists in the wild, and is being used in limited, targeted attacks against Windows users. These attacks leverage Office documents with embedded malicious Flash content distributed via email.

OSVersionArchitecturePackageVersionFilename
Mageia6noarchflash-player-plugin< 28.0.0.161-1flash-player-plugin-28.0.0.161-1.mga6.nonfree

OS	Version	Architecture	Package	Version	Filename
Mageia	6	noarch	flash-player-plugin	< 28.0.0.161-1	flash-player-plugin-28.0.0.161-1.mga6.nonfree

References

bugs.mageia.org/show_bug.cgi?id=22534

helpx.adobe.com/security/products/flash-player/apsb18-03.html

nessus 7

openvas 8

adobe 2

redhatcve 2

mscve 1

freebsd 1

redhat 1

trendmicroblog 3

attackerkb 1

threatpost 4

ubuntucve 2

gentoo 1

exploitpack 3

symantec 2

fireeye 7

talosblog 1

zdt 3

krebs 1

cve 2

malwarebytes 18

checkpoint_advisories 2

zdi 1

prion 2

seebug 1

myhack58 3

thn 1

packetstorm 1

kaspersky 1

cisa_kev 1

exploitdb 2

securelist 3

qualysblog 3

ics 1

nessus

Adobe Flash Player <= 28.0.0.137 Use-after-free Remote Code Execution (APSA18-01) (APSB18-03)

2018-02-05 00:00:00

RHEL 6 : flash-plugin (RHSA-2018:0285) (Underminer)

2018-02-08 00:00:00

KB4074595: Security update for Adobe Flash Player (February 2018)

2018-02-07 00:00:00

openvas

Adobe Flash Player Within Google Chrome Multiple RCE Vulnerabilities (APSA18-01) - Windows

2018-02-02 00:00:00

Adobe Flash Player Within Google Chrome Multiple RCE Vulnerabilities - Mac OS X

2018-02-02 00:00:00

Mageia: Security Advisory (MGASA-2018-0120)

2022-01-28 00:00:00

adobe

APSB18-03 Security updates available for Adobe Flash Player

2018-02-06 00:00:00

APSA18-01 Security Advisory for Adobe Flash Player

2018-02-01 00:00:00

redhatcve

CVE-2018-4877

2018-02-06 20:19:59

CVE-2018-4878

2018-02-05 11:19:42

mscve

February 2018 Adobe Flash Security Update

2018-02-06 08:00:00

freebsd

Flash Player -- multiple vulnerabilities

2018-01-31 00:00:00

redhat

(RHSA-2018:0285) Critical: flash-plugin security update

2018-02-07 17:47:53

trendmicroblog

TippingPoint Threat Intelligence and Zero-Day Coverage – Week of February 5, 2018

2018-02-09 16:55:38

This Week in Security News: Trends and Tea Parties

2018-03-02 14:35:07

This Week in Security News: Botnets and Breaches

2018-02-09 14:00:56

attackerkb

CVE-2018-4878

2018-02-06 00:00:00

threatpost

Massive Spam Campaign Targets Unpatched Systems

2018-02-27 17:55:35

Adobe Patches Zero-Day Vulnerability in Flash Player

2018-12-05 15:18:09

Adobe Flash Player Zero-Day Spotted in the Wild

2018-02-01 15:40:55

ubuntucve

CVE-2018-4878

2018-02-06 00:00:00

CVE-2018-4877

2018-02-06 00:00:00

gentoo

Adobe Flash Player: Multiple vulnerabilities

2018-03-19 00:00:00

exploitpack

Adobe Flash 28.0.0.161 - Use-After-Free

2018-04-06 00:00:00

Flash ActiveX 28.0.0.137 - Code Execution (2)

2016-02-13 00:00:00

Flash ActiveX 28.0.0.137 - Code Execution (1)

2016-02-16 00:00:00

symantec

Adobe Flash Player CVE-2018-4878 Use After Free Remote Code Execution Vulnerability

2018-02-01 00:00:00

Adobe Flash Player CVE-2018-4877 Use After Free Remote Code Execution Vulnerability

2018-02-06 00:00:00

fireeye

Attacks Leveraging Adobe Zero-Day (CVE-2018-4878) – Threat Attribution, Attack Scenario and Recommendations

2018-02-02 21:15:00

Attacks Leveraging Adobe Zero-Day (CVE-2018-4878) – Threat Attribution, Attack Scenario and Recommendations

2018-02-03 02:15:00

APT37 (Reaper): The Overlooked North Korean Actor

2018-02-20 08:30:00

talosblog

Flash 0-Day In The Wild: Group 123 At The Controls

2018-02-02 08:27:00

zdt

Adobe Flash 28.0.0.137 Remote Code Execution Exploit

2018-04-04 00:00:00

Flash ActiveX 28.0.0.137 - Code Execution Exploit (2)

2018-05-24 00:00:00

Flash ActiveX 28.0.0.137 - Code Execution Exploit (1)

2018-05-24 00:00:00

krebs

Attackers Exploiting Unpatched Flaw in Flash

2018-02-02 14:21:06

cve

CVE-2018-4878

2018-02-06 21:29:00

CVE-2018-4877

2018-02-06 21:29:00

malwarebytes

New Flash Player zero-day comes inside Office document

2018-02-05 20:55:16

Week in security (February 26 – March 4)

2018-03-05 17:00:00

Hermes ransomware distributed to South Koreans via recent Flash zero-day

2018-03-14 17:59:32

checkpoint_advisories

Adobe Flash Player Use After Free (APSB18-03: CVE-2018-4877)

2018-02-06 00:00:00

Adobe Flash Player Use After Free (APSB18-03: CVE-2018-4878)

2018-02-04 00:00:00

zdi

Adobe Flash Player QOSProvider attachMediaPlayerItemLoader Use-After-Free Remote Code Execution Vulnerability

2018-02-23 00:00:00

prion

Design/Logic Flaw

2018-02-06 21:29:00

Design/Logic Flaw

2018-02-06 21:29:00

seebug

Adobe Flash Player Use After Free Remote Code Execution Vulnerability(CVE-2018-4878)

2018-02-23 00:00:00

myhack58

CVE-2018-4878 case: for a Hong Kong Telecommunications Company website is intrusion investigations-vulnerability and early warning-the black bar safety net

2018-04-10 00:00:00

To see the Hidden Bee how to use a new vulnerability propagation-vulnerability warning-the black bar safety net

2018-08-07 00:00:00

The macro perspective of the office vulnerability, 2010-2018-a vulnerability warning-the black bar safety net

2019-06-13 00:00:00

thn

(Unpatched) Adobe Flash Player Zero-Day Exploit Spotted in the Wild

2018-02-01 19:10:00

packetstorm

Adobe Flash 28.0.0.137 Remote Code Execution

2018-04-04 00:00:00

kaspersky

KLA11191 Multiple use-after-free vulnerabilities in Adobe Flash Player

2018-02-01 00:00:00

cisa_kev

Adobe Flash Player Use-After-Free Vulnerability

2021-11-03 00:00:00

exploitdb

Flash ActiveX 28.0.0.137 - Code Execution (1)

2016-02-16 00:00:00

Flash ActiveX 28.0.0.137 - Code Execution (2)

2016-02-13 00:00:00

securelist

APT Trends Report Q2 2018

2018-07-10 10:00:22

APT Trends report Q1 2018

2018-04-12 10:00:17

IT threat evolution Q1 2018. Statistics

2018-05-14 10:00:30

qualysblog

Intel Makes Spectre Patch Progress, while Adobe Grapples with Latest Flash Bug

2018-02-09 15:20:40

Top 19+ Vulnerability CVEs in Santa’s Dashboard Tracking

2019-12-27 18:01:22

Managing CISA Known Exploited Vulnerabilities with Qualys VMDR

2022-02-23 05:39:00

ics

Top 10 Routinely Exploited Vulnerabilities

2020-05-12 12:00:00

Products

Security Intelligence
Non-intrusive assessment
Developers SDK
Windows scanner
Linux scanner
Perimeter control tool
MSSP

Database

Vulnerabilities
Exploits
IOC
Security News
BugBounty
Popular
Wild Exploited
Top Vulnerabilities

Tools

Linux Security Scanner
API integration
Subscriptions
Plugins
Manual Audit

Learn More

Stats
API
Docs
Api-keys
License
Pricing
Glossary
FAQ

Company

Blog
Contacts
About Us
OpenSource
EULA
Brand Guideline
Privacy Policy

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please contact us. Using Vulners services you are accepting Vulners services end-user license agreement

@2024 Vulners Inc

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.973 High

EPSS

Percentile

99.9%

JSON

Related for MGASA-2018-0120