28 matches found
Exploit for Use After Free in Adobe Flash_Player
CobaltStrike-Toolset Aggressor Script, Kit, Malleable C2 Profiles, External C2 and so on - Kits - ResourceKit - ExploitKit - Aggressor Script - chromedumpmimikatz.cna - nopowershell - SMBexecpsh Further Resources nopowershell smbexecpsh.cna CVE-2018-15982...
Mageia: Security Advisory (MGASA-2018-0478)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Threat profile: Egregor ransomware is making a name for itself
What is Egregor? Egregor ransomware is a relatively new ransomware first spotted in September 2020 that seems intent on making its way to the top right now. Egregor is considered a variant of Ransom.Sekhmet based on similarities in obfuscation, API-calls, and the ransom note. As weve reported in...
Say hello to Lord Exploit Kit
Just as we had wrapped up our summer review of exploit kits, a new player entered the scene. Lord EK, as it is calling itself, was caught by Virus Bulletin's Adrian Luca while replaying malvertising chains. In this blog post, we do a quick review of this exploit kit based on what we have collecte...
Exploit kits: spring 2019 review
Exploit kit activity remains fairly unchanged since our last winter review in terms of active distribution campaigns. But this spring edition will feature a new exploit kit and another atypical EK, in that it specifically goes after routers. The main driver behind these drive-by download attacks...
Exploit kits: winter 2019 review
Active malvertising campaigns in December and the new year have kept exploit kit activity from hibernating in winter 2019. We mostly observed Fallout and RIG with the occasional, limited GrandSoft appearance for wider geo-targeting. In addition, narrowly-focused exploit kits such as Magnitude,...
Fallout EK Retools for a Fresh New 2019 Look
A new version of the Fallout exploit kit EK has emerged, featuring new exploits and fresh payloads, including the GandCrab ransomware. The development shows that EKs have a lot of life yet left in them, researchers say. The Fallout EK generally finds its victims by way of malvertising campaigns,...
CVE-2018-15982
Flash Player versions 31.0.0.153 and earlier, and 31.0.0.108 and earlier have a use after free vulnerability. Successful exploitation could lead to arbitrary code execution...
Immunity Canvas: ADOBE_FLASH_METADATA_UAF
Name| adobeflashmetadatauaf ---|--- CVE| CVE-2018-15982 Exploit Pack| CANVAS Description| adobeflashmetadatauaf Notes| CVE Name: CVE-2018-15982 VENDOR: Adobe NOTES: In the package com.adobe.tvsdk.mediacore.metadata the setObject method does not set a reference to the key String Object so if we...
CVE-2018-15982
CVE-2018-15982 is a use-after-free vulnerability in Adobe Flash Player (versions 31.0.0.153 and earlier, and 31.0.0.108 and earlier) that allows remote code execution when a memory reference is released but remains in a vector due to a faulty reference in the com.adobe.tvsdk.mediacore.metadata pa...
CVE-2018-15982
Flash Player versions 31.0.0.153 and earlier, and 31.0.0.108 and earlier have a use after free vulnerability. Successful exploitation could lead to arbitrary code execution...
CVE-2018-15982
Flash Player versions 31.0.0.153 and earlier, and 31.0.0.108 and earlier have a use after free vulnerability. Successful exploitation could lead to arbitrary code execution. Recent assessments: gwillcox-r7 at November 22, 2020 3:02am UTC reported: Reported as exploited in the wild as part of...
Improved Fallout EK comes back after short hiatus
Edit 2019-01-24 Fallout EK introduces a new dropper to facilitate the final payload retrieval. This update replaces the plain MZ we saw for a little while. -- After a short hiatus in early January, the Fallout exploit kit is back in business again with some new features for the new year. During i...
Updated flash-player-plugin packages fix security vulnerability
Use after free flaw enabling arbitrary code execution. CVE-2018-15982 Insecure Library Loading DLL hijacking flaw enabling privilege escalation. CVE-2018-15983...
RHEL 6 : flash-plugin (RHSA-2018:3795)
The remote Redhat Enterprise Linux 6 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2018:3795 advisory. The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update upgrades Flash Player to version...
Critical: Red Hat Security Advisory: flash-plugin security update
An update for flash-plugin is now available for Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
New Adobe Flash Zero-Day Exploit Found Hidden Inside MS Office Docs
Cybersecurity researchers have discovered a new zero-day vulnerability in Adobe Flash Player that hackers are actively exploiting in the wild as part of a targeted campaign appears to be attacking a Russian state health care institution. The vulnerability, tracked as CVE-2018-15982, is a...
New Adobe Flash Zero-Day Exploit Found Hidden Inside MS Office Docs
Cybersecurity researchers have discovered a new zero-day vulnerability in Adobe Flash Player that hackers are actively exploiting in the wild as part of a targeted campaign appears to be attacking a Russian state health care institution. The vulnerability, tracked as CVE-2018-15982 , is a...
Exploit for Use After Free in Adobe Flash_Player
CVE-2018-15982PoC CVE-2018...
CVE-2018-15982
creationtimestamp| type| source ---|---|--- 2018-12-06 04:00:00+00:00| seen| https://www.govcert.gov.hk/en/alertsdetail.php?id=345 2018-12-06 09:05:42+00:00| exploited| https://t.me/SecLabNews/3784 2018-12-06 11:35:13+00:00| exploited| https://t.me/xakepru/5343 2018-12-06 12:30:32+00:00| exploite...