Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2018-4878
PUBLISHED
Known KEV
More InfoOfficial Page
Assigner-adobe
Assigner Org ID-078d4453-3bcd-4900-85e6-15281da43538
View Known Exploited Vulnerability (KEV) details
Published At-06 Feb, 2018 | 20:00
Updated At-30 Jul, 2025 | 01:46
Rejected At-
▼CVE Numbering Authority (CNA)

A use-after-free vulnerability was discovered in Adobe Flash Player before 28.0.0.161. This vulnerability occurs due to a dangling pointer in the Primetime SDK related to media player handling of listener objects. A successful attack can lead to arbitrary code execution. This was exploited in the wild in January and February 2018.

Affected Products
Vendor
n/a
Product
Adobe Flash Player before 28.0.0.161
Versions
Affected
  • Adobe Flash Player before 28.0.0.161
Problem Types
TypeCWE IDDescription
textN/Ause-after-free
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://blog.talosintelligence.com/2018/02/group-123-goes-wild.html
x_refsource_MISC
https://threatpost.com/adobe-flash-player-zero-day-spotted-in-the-wild/129742/
x_refsource_MISC
https://helpx.adobe.com/security/products/flash-player/apsb18-03.html
x_refsource_MISC
https://access.redhat.com/errata/RHSA-2018:0285
vendor-advisory
x_refsource_REDHAT
http://www.securitytracker.com/id/1040318
vdb-entry
x_refsource_SECTRACK
http://www.securityfocus.com/bid/102893
vdb-entry
x_refsource_BID
https://www.fireeye.com/blog/threat-research/2018/02/attacks-leveraging-adobe-zero-day.html
x_refsource_MISC
https://blog.morphisec.com/flash-exploit-cve-2018-4878-spotted-in-the-wild-massive-malspam-campaign
x_refsource_MISC
https://www.darkreading.com/threat-intelligence/adobe-flash-vulnerability-reappears-in-malicious-word-files/d/d-id/1331139
x_refsource_MISC
https://github.com/InQuest/malware-samples/tree/master/CVE-2018-4878-Adobe-Flash-DRM-UAF-0day
x_refsource_MISC
https://www.trendmicro.com/vinfo/us/security/news/vulnerabilities-and-exploits/north-korean-hackers-allegedly-exploit-adobe-flash-player-vulnerability-cve-2018-4878-against-south-korean-targets
x_refsource_MISC
https://github.com/vysec/CVE-2018-4878
x_refsource_MISC
https://securingtomorrow.mcafee.com/mcafee-labs/hackers-bypassed-adobe-flash-protection-mechanism/
x_refsource_MISC
https://www.exploit-db.com/exploits/44412/
exploit
x_refsource_EXPLOIT-DB
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://blog.talosintelligence.com/2018/02/group-123-goes-wild.html
x_refsource_MISC
x_transferred
https://threatpost.com/adobe-flash-player-zero-day-spotted-in-the-wild/129742/
x_refsource_MISC
x_transferred
https://helpx.adobe.com/security/products/flash-player/apsb18-03.html
x_refsource_MISC
x_transferred
https://access.redhat.com/errata/RHSA-2018:0285
vendor-advisory
x_refsource_REDHAT
x_transferred
http://www.securitytracker.com/id/1040318
vdb-entry
x_refsource_SECTRACK
x_transferred
http://www.securityfocus.com/bid/102893
vdb-entry
x_refsource_BID
x_transferred
https://www.fireeye.com/blog/threat-research/2018/02/attacks-leveraging-adobe-zero-day.html
x_refsource_MISC
x_transferred
https://blog.morphisec.com/flash-exploit-cve-2018-4878-spotted-in-the-wild-massive-malspam-campaign
x_refsource_MISC
x_transferred
https://www.darkreading.com/threat-intelligence/adobe-flash-vulnerability-reappears-in-malicious-word-files/d/d-id/1331139
x_refsource_MISC
x_transferred
https://github.com/InQuest/malware-samples/tree/master/CVE-2018-4878-Adobe-Flash-DRM-UAF-0day
x_refsource_MISC
x_transferred
https://www.trendmicro.com/vinfo/us/security/news/vulnerabilities-and-exploits/north-korean-hackers-allegedly-exploit-adobe-flash-player-vulnerability-cve-2018-4878-against-south-korean-targets
x_refsource_MISC
x_transferred
https://github.com/vysec/CVE-2018-4878
x_refsource_MISC
x_transferred
https://securingtomorrow.mcafee.com/mcafee-labs/hackers-bypassed-adobe-flash-protection-mechanism/
x_refsource_MISC
x_transferred
https://www.exploit-db.com/exploits/44412/
exploit
x_refsource_EXPLOIT-DB
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Problem Types
TypeCWE IDDescription
CWECWE-416CWE-416 Use After Free
Metrics
VersionBase scoreBase severityVector
3.19.8CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Metrics Other Info
kev
dateAdded:
2021-11-03
reference:
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-4878
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
CVE-2018-4878 added to CISA KEV2021-11-03 00:00:00
Replaced By
Rejected Reason
References
HyperlinkResource
Details not found