header-logo
Suggest Exploit
vendor:
Flash Player
by:
Exploit Database
9,8
CVSS
CRITICAL
Flash Exploit
119
CWE
Product Name: Flash Player
Affected Version From: 28.0.0.137
Affected Version To: 28.0.0.137
Patch Exists: YES
Related CWE: CVE-2018-4878
CPE: o:adobe:flash_player:28.0.0.137
Metasploit: https://www.rapid7.com/db/vulnerabilities/msft-cve-2018-4878/https://www.rapid7.com/db/vulnerabilities/msft-cve-2018-4877/https://www.rapid7.com/db/vulnerabilities/centos_linux-cve-2018-4878/https://www.rapid7.com/db/vulnerabilities/flash_player-cve-2018-4878/https://www.rapid7.com/db/vulnerabilities/gentoo-linux-cve-2018-4878/https://www.rapid7.com/db/vulnerabilities/redhat_linux-cve-2018-4878/https://www.rapid7.com/db/vulnerabilities/freebsd-cve-2018-4878/
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows
2018

CVE-2018-4878 (flash exploit)

CVE-2018-4878 is a vulnerability in Adobe Flash Player that allows attackers to execute arbitrary code on the target system. The vulnerability is caused by a use-after-free error in the handling of the ActionScript 3 ByteArray class. An attacker can exploit this vulnerability by convincing a user to open a specially crafted Excel file. Once opened, the malicious code will be executed on the target system.

Mitigation:

Adobe has released a patch to address this vulnerability. Users should update their Adobe Flash Player to the latest version.
Source

Exploit-DB raw data:

## CVE-2018-4878 (flash exploit)

Pop up a calculator - tested with installation of flash activeX plugin 28.0.0.137

Download: https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/44744.xlsx

Navigation

Suggest Exploit

Services By CQR