Adobe Flash Player는 최근 제로데이 취약점(zero-day vulnerability) CVE-2018-4878을 발표했습니다. 취약점은 사이버 보안 및 위협 정보 제공 업체, 퀵힐시큐리티랩스(Quick Heal Security Labs)를 통해 감지 할 수 있습니다. 이 취약점은 악성 오피스 문서가 첨부된 이메일로 배포되며, 영향을 받는 버전은 Adobe Flash Player 188.8.131.52 이하로 알려져 있습니다.
Last Modified: 2018-02-10 | Topic: 전체
CVE-2018-4878 – Adobe Flash Player use after free (Zero Day) vulnerability Alert!
The recent zero-day vulnerability CVE-2018-4878 in Adobe Flash Player enables attackers to perform a Remote Code Execution on targeted machines. Adobe has released a security advisory APSA18-01 on February 2, 2018 to address this issue. According to Adobe, the in-wild attack is targeted and it impacts limited Windows users.
About the vulnerability
This is a use-after-free vulnerability in Adobe Flash player which allows attackers to perform a Remote Code Execution on targeted machines. After successful exploitation, attackers can take control of the vulnerable systems and download and execute malware on them.
Reportedly, the vulnerability is currently being exploited in the wild through a malicious Office document. This office document is an initial attack vector with embedded malicious Flash file. According to the advisory, the malicious office document was distributed through email.
Quick Heal detection
Quick Heal has released the following detection for the vulnerability CVE-2018-4878:
Quick Heal Security Labs is actively looking for new in-wild exploits for this vulnerability and ensuring coverage for them.