• News
  • Security
  • Products
  • About Seqrite
Seqrite Blog Blog
  • News
  • Security
  • Products
  • About Seqrite
Home  /  Adobe • Cybersecurity • Security  /  CVE-2018-15982- Adobe Flash Player use after free (Zero Day) vulnerability alert!
06 December 2018

CVE-2018-15982- Adobe Flash Player use after free (Zero Day) vulnerability alert!

Written by Prashant Tilekar
Prashant Tilekar
Adobe, Cybersecurity, Security
  • 27
    Shares
Estimated reading time: 1 minute

The recent zero-day vulnerability CVE-2018-15982 in Adobe Flash Player enables attackers to perform a Remote Code Execution on targeted machines. Adobe has released a security advisory APSB18-42 on December 5, 2018 to address this issue. According to Adobe, the in-wild exploit is being used in targeted attacks.

Vulnerable Versions

  • Adobe Flash Player 31.0.0.153 and earlier versions for Desktop Runtime, Google Chrome, Microsoft Edge and Internet Explorer 11.
  • Adobe Flash Player 31.0.0.108 and earlier for Installer.

About the vulnerability

This is a Use after free vulnerability in Adobe Reader which allows attackers to perform a Remote Code Execution on targeted machines. The vulnerability allows for a maliciously crafted Flash object to execute code on a victim’s computer, which enables an attacker to gain command line access to the system. After successful exploitation, attackers can take control of the vulnerable system and executes extracted malware.

Reportedly, the vulnerability is currently being exploited in the wild through a malicious Office document. This Office document is an initial attack vector which executes malicious Flash file. According to the advisory, the malicious office document was spread via spear-phishing attack.

Seqrite EPS Detection

Seqrite has released the following detection for the vulnerability CVE-2018-15982:

  • Exp.SWF.CVE-2018-15982.A
  • Exp.SWF.CVE-2018-15982.B
  • Exp.SWF.CVE-2018-15982.SL

Security Labs is actively looking for new in-the-wild exploits for this vulnerability and ensuring coverage for them.

References

https://helpx.adobe.com/security/products/flash-player/apsb18-42.html

Subject Matter Experts

Prashant Tilekar | Security Labs

 Previous PostHow to prevent Remote Desktop Protocol (RDP) attacks
Next Post  Sophisticated Ransomware : “Katyusha”
Prashant Tilekar
About Prashant Tilekar

Prashant Tilekar is part of the HIPS (Host-based Intrusion Prevention System) team in Quick Heal Security Labs. He has worked on various security vulnerabilities...

Articles by Prashant Tilekar »

Related Posts

  • How to avoid dual attack and vulnerable files with double extension?

    April 9, 2021
  • Zloader: Entailing Different Office Files

    March 23, 2021
  • Protect enterprise endpoints against their use for illicit activities

    Defend your business systems from being used for illegal purposes

    March 23, 2021

No Comments

Leave a Reply.Your email address will not be published.

Cancel reply

CAPTCHA Image
Refresh Image

Popular Posts

  • New Spear Phishing Campaign using Army Welfare Education Society’s Scholarship form New Spear Phishing Campaign using Army Welfare Education Society’s Scholarship form March 22, 2021
  • 5 Security measures you should take to protect your organization’s network 5 Security measures you should take to protect your organization’s network August 11, 2017
  • Nation-states shoot from somebody else’s shoulder Nation-states shoot from somebody else’s shoulder March 10, 2021

Featured Authors

  • Seqrite
    Seqrite

    Follow us for the latest updates and insights related to security for...

    Read more..
  • Viraj Talikotkar
    Viraj Talikotkar

    Viraj is a Lead Technical Writer at Quick Heal Technologies. He is always on...

    Read more..
  • Sanjay Katkar
    Sanjay Katkar

    Sanjay Katkar is the Joint Managing Director and Chief Technology Officer of...

    Read more..

Latest Posts

  • How to avoid dual attack and vulnerable files with double extension?

    How to avoid dual attack and vulnerable files with double extension?

    April 9, 2021
  • Cryptocurrency Malware: Bitcoin Mining threats you need to know about

    Cryptocurrency Malware: Bitcoin Mining threats you need to know about

    April 4, 2021
  • Zloader: Entailing Different Office Files

    Zloader: Entailing Different Office Files

    March 23, 2021

Stay Updated!

Topics

Antivirus For Linux (10) apt (10) Bitcoin (9) BYOD (9) COVID-19 (10) Cyber-attack (31) cyber-attacks (56) cyberattacks (12) Cybersecurity (284) cyber security (26) Cyber threat (29) cyber threats (44) Data (11) data breach (50) data breaches (27) data loss (28) data loss prevention (33) data protection (21) data security (13) DLP (49) Encryption (16) endpoint security (103) Enterprise security (14) EPS (9) Exploit (12) firewall (11) GDPR (10) IoT (10) malware (59) malware attack (23) malware attacks (12) MDM (25) Network security (18) Patch Management (12) phishing (17) Ransomware (56) ransomware attack (29) ransomware attacks (30) ransomware protection (12) Seqrite (24) Seqrite Encryption (27) Seqrite EPS (33) Seqrite Services (16) UTM (34) Vulnerability (10)

Products

  • Endpoint Security (EPS)
  • Seqrite Encryption Manager
  • Seqrite Endpoint Security Cloud
  • Cloud Security
  • Seqrite mSuite
  • Seqrite Workspace
  • Unified Threat Management
  • Antivirus for Server
  • Antivirus for Linux

Resources

  • White Papers
  • Datasheets
  • Threat Reports
  • Manuals
  • Case Studies

About Us

  • Company Overview
  • Leadership
  • Why choose SEQRITE?
  • Awards & Certifications
  • Newsroom

Archives

  • By Date
  • By Category

© 2020 Quick Heal Technologies Ltd. (Formerly Known as Quick Heal Technologies Pvt. Ltd.) Cookie Policies Privacy Policies

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website.
By browsing this website, you agree to our cookie policy.