From 269e80e1d3a5a127607847b3b266bc2fb873545a Mon Sep 17 00:00:00 2001 From: Boik Date: Fri, 2 Mar 2018 15:15:09 +0800 Subject: [PATCH] update CVE-2018-4878 --- .vscode/settings.json | 2 +- CVE-2018-4878.md | 17 +++++++++++++++++ README.md | 2 +- 3 files changed, 19 insertions(+), 2 deletions(-) create mode 100644 CVE-2018-4878.md diff --git a/.vscode/settings.json b/.vscode/settings.json index 5e503c4..210ea4e 100644 --- a/.vscode/settings.json +++ b/.vscode/settings.json @@ -1,7 +1,7 @@ { "markdownlint.config": { "default": true, - "MD033": { "allowed_elements": ["b", "p", "img"] }, + "MD033": { "allowed_elements": ["b", "br", "p", "img"] }, "MD034": false, "MD037": false } diff --git a/CVE-2018-4878.md b/CVE-2018-4878.md new file mode 100644 index 0000000..cc259c5 --- /dev/null +++ b/CVE-2018-4878.md @@ -0,0 +1,17 @@ +# CVE-2018-4878 + +- Report: Feb 6 2018 +- Credit: KrCERT/CC + +## PoC + +- [InQuest/malware-samples](https://github.com/InQuest/malware-samples/tree/master/CVE-2018-4878-Adobe-Flash-DRM-UAF-0day) +- [FLASH 0day(CVE-2018-4878)从POC到利用](https://mp.weixin.qq.com/s/F2N04exaW8QO1IeHRZgmfg) +- [Adobe Flash Exploitation, Then and Now: From CVE-2015-5119 to CVE-2018-4878](https://www.mdsec.co.uk/2018/02/adobe-flash-exploitation-then-and-now-from-cve-2015-5119-to-cve-2018-4878/) + +## Reference + +- [North Korean Hackers Allegedly Exploit Adobe Flash Player Vulnerability (CVE-2018-4878) Against South Korean Targets](https://www.trendmicro.com/vinfo/us/security/news/vulnerabilities-and-exploits/north-korean-hackers-allegedly-exploit-adobe-flash-player-vulnerability-cve-2018-4878-against-south-korean-targets) +- [보안공지 | 자료실 - KISA 인터넷 보호나라&KrCERT](https://www.krcert.or.kr/data/secNoticeView.do?bulletin_writing_sequence=26998) +- [Adobe Security Advisory](https://helpx.adobe.com/security/products/flash-player/apsa18-01.html) +- [CVE-2017-12611](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4878) diff --git a/README.md b/README.md index e29803d..7440352 100644 --- a/README.md +++ b/README.md @@ -2082,7 +2082,7 @@ If you enjoy this awesome list and would like to support it, check out my [Patre - Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.1.32 and Prior to 5.2.6. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H). -### [CVE-2018-4878](https://www.mdsec.co.uk/2018/02/adobe-flash-exploitation-then-and-now-from-cve-2015-5119-to-cve-2018-4878/) +### [CVE-2018-4878](CVE-2018-4878.md) - A use-after-free vulnerability was discovered in Adobe Flash Player before 28.0.0.161. This vulnerability occurs due to a dangling pointer in the Primetime SDK related to the handling of listener objects. A successful attack can lead to arbitrary code execution. This was exploited in the wild in January and February 2018.