The recent zero-day vulnerability CVE-2018-15982 in Adobe Flash Player enables attackers to perform a Remote Code Execution on targeted machines. Adobe has released a security advisory APSB18-42 on December 5, 2018 to address this issue. According to Adobe, the in-wild exploit is being used in targeted attacks.
Vulnerable Versions
- Adobe Flash Player 31.0.0.153 and earlier versions for Desktop Runtime, Google Chrome, Microsoft Edge and Internet Explorer 11.
- Adobe Flash Player 31.0.0.108 and earlier for Installer.
About the vulnerability
This is a Use after free vulnerability in Adobe Reader which allows attackers to perform a Remote Code Execution on targeted machines. The vulnerability allows for a maliciously crafted Flash object to execute code on a victim’s computer, which enables an attacker to gain command line access to the system. After successful exploitation, attackers can take control of the vulnerable system and executes extracted malware.
Reportedly, the vulnerability is currently being exploited in the wild through a malicious Office document. This Office document is an initial attack vector which executes malicious Flash file. According to the advisory, the malicious office document was spread via spear-phishing attack.
Seqrite EPS Detection
Seqrite has released the following detection for the vulnerability CVE-2018-15982:
- Exp.SWF.CVE-2018-15982.A
- Exp.SWF.CVE-2018-15982.B
- Exp.SWF.CVE-2018-15982.SL
Security Labs is actively looking for new in-the-wild exploits for this vulnerability and ensuring coverage for them.
References
https://helpx.adobe.com/security/products/flash-player/apsb18-42.html
Subject Matter Experts
Prashant Tilekar | Security Labs
