⚠ Actively exploited in ransomware campaigns
This vulnerability is on the CISA Known Exploited Vulnerabilities list and has been used in known ransomware attacks. CISA required action: The impacted product is end-of-life and should be disconnected if still in use.. Due date: 2022-05-03.

CVE-2018-4878Use After Free in Adobe Flash Player

CWE-416Use After Free69 documents23 sources
Severity
7.8HIGHNVD
EPSS
93.5%
top 0.17%
CISA KEV
KEVRansomware
Added 2021-11-03
Due 2022-05-03
Exploit
Exploited in wild
Active exploitation observed
Affected products
4
Adobe Flash PlayerRedhat Enterprise Linux DesktopRedhat Enterprise Linux Server+1 more
Timeline
PublishedFeb 6
KEV addedNov 3
KEV dueMay 3
Latest updateFeb 12
CISA Required Action: The impacted product is end-of-life and should be disconnected if still in use.

Description

A use-after-free vulnerability was discovered in Adobe Flash Player before 28.0.0.161. This vulnerability occurs due to a dangling pointer in the Primetime SDK related to media player handling of listener objects. A successful attack can lead to arbitrary code execution. This was exploited in the wild in January and February 2018.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages4 packages

NVDadobe/flash_player< 28.0.0.161

🔴Vulnerability Details

4
GHSA
GHSA-2rf4-mpg3-phjw: A use-after-free vulnerability was discovered in Adobe Flash Player before 282022-05-13
CVEList
CVE-2018-4878: A use-after-free vulnerability was discovered in Adobe Flash Player before 282018-02-06
OSV
CVE-2018-4878: A use-after-free vulnerability was discovered in Adobe Flash Player before 282018-02-06
VulnCheck
Adobe Flash Player Use-After-Free Vulnerability2018

💥Exploits & PoCs

3
Exploit-DB
Adobe Flash < 28.0.0.161 - Use-After-Free2018-04-06
Exploit-DB
Flash ActiveX 28.0.0.137 - Code Execution (1)2016-02-16
Exploit-DB
Flash ActiveX 28.0.0.137 - Code Execution (2)2016-02-13

🔍Detection Rules

2
Suricata
ET MALWARE [Flashpoint] Possible CVE-2018-4878 Check-in2018-02-02
YARA
crime_ole_loadswf_cve_2018_4878

📋Vendor Advisories

2
CISA
Adobe Flash Player Use-After-Free Vulnerability2021-11-03
Red Hat
flash-plugin: use-after-free causing remote code execution (APSB18-03)2018-02-01

🕵️Threat Intelligence

54
Qualys
Managing CISA Known Exploited Vulnerabilities with Qualys VMDR | Qualys2022-02-23
Sentinelone
Egregor RaaS Continues the Chaos with Cobalt Strike and Rclone2020-11-26
Sentinelone
Egregor RaaS Continues the Chaos with Cobalt Strike and Rclone - SentinelLabs2020-11-25
Unit42
The State of Exploit Development: 80% of Exploits Publish Faster than CVEs2020-08-26
Unit42
The State of Exploit Development: 80% of Exploits Publish Faster than CVEs2020-08-26

📄Research Papers

2
arXiv
Investigation of Advanced Persistent Threats Network-based Tactics, Techniques and Procedures2025-02-12
arXiv
Linking Threat Tactics, Techniques, and Patterns with Defensive Weaknesses, Vulnerabilities and Affected Platform Configurations for Cyber Hunting2021-02-10

💬Community

1
Bugzilla
CVE-2018-4877 CVE-2018-4878 flash-plugin: use-after-free causing remote code execution (APSB18-03)2018-02-05
CVE-2018-4878 — Use After Free in Adobe Flash Player | cvebase