Aggressor Script to launch IE driveby for CVE-2018-4878
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Failed to load latest commit information.
CVE-2018-4878.cna Added stageless variant Feb 10, 2018 first commit Feb 10, 2018

Author and Credits

Author: Vincent Yiu (@vysecurity)


  • @evi1cg: Helping me test and keep me motivated
  • @smgoreli: Original Calc.exe PoC
  • @kbandla: He knows, and I know. ;)


Developed to encourage more Aggressor script development. Use only in authorized penetration testing!


Aggressor Script to launch an Internet Explorer driveby attack using CVE-2018-4878 exploit for Shockwave Flash player versions before February 2018.


Video Demonstration:

  • Click Host > Host CVE-2018-4878 Payload > Host
  • Send link to victim or embed as part of other pages or a redirect
  • Victim hits link with IE and outdated flash, you get a shell back in IE sandbox.


  • Load CVE-2018-4878.cna