Flash Player爆出UAF远程代码执行漏洞0Day漏洞CVE-2018-4878

2018-06-11    来源:

容器云强势上线!快速搭建集群,上万Linux镜像随意使用

近日,Adobe Flash Player爆出UAF 远程代码执行漏洞 0Day漏洞 ,CVE编号CVE-2018-4878,攻击者可以利用此问题,在运行受影响应用程序的用户的上下文中执行任意代码,失败的攻击尝试还可能导致 DoS攻击 ,Adobe Flash Player 28.0.0.137及之前版本均受影响。SecurityFocus及绿盟科技发布预警通告,相关信息如下

CVE-2018-4878漏洞概要

针对CVE-2018-4878漏洞情况,安全加整理了相关内容如下,这些内容可能来自于CVE-2018-4878涉及厂商、CVE-2018-4878漏洞信息发布组织、CVE、SecurityFocus及其它第三方组织。

CVE-2018-4878漏洞标识

  • CVE ID:CVE-2018-4878
  • BUGTRAQ ID:102893
  • 漏洞涉及厂商漏洞库ID:【漏洞涉及厂商漏洞库ID】
  • CNNVD ID:【CNNVD漏洞编号】
  • 绿盟科技漏洞库ID:38890

CVE-2018-4878漏洞相关链接

【增补中】

  • 百度链接:https://www.baidu.com/s?wd=CVE-2018-4878
  • 绿盟科技漏洞库链接:http://www.nsfocus.net/vulndb/{绿盟科技漏洞库ID}
  • SecurityFocus链接:https://www.securityfocus.com/bid/102893
  • CVE链接:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4878

CVE-2018-4878漏洞描述

【增补中】

CVE评价该漏洞

CVE目前处于保留状态

** RESERVED ** This candidate has been reserved by an organization or inpidual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. 

SecurityFocus评价该漏洞

Adobe Flash Player CVE-2018-4878 UAF远程代码执行漏洞 

Adobe Flash播放器容易出现未指定的远程代码执行漏洞。攻击者可以利用此问题在运行受影响应用程序的用户的上下文中执行任意代码。失败的攻击尝试可能会导致拒绝服务条件。

Adobe Flash Player 28.0.0.137及之前版本均受影响

Bugtraq ID: 102893
Class: Unknown
CVE: CVE-2018-4878
Remote: Yes
Local: No
Published: Feb 01 2018 12:00AM
Updated: Feb 01 2018 12:00AM
Credit: KrCERT/CC
Vulnerable: Adobe Flash Player 16.0 235 
Adobe Flash Player 14.0 179 
Adobe Flash Player 14.0 177 
Adobe Flash Player 14.0 176 
Adobe Flash Player 13.0 259 
Adobe Flash Player 13.0 252 
Adobe Flash Player 13.0 214 
Adobe Flash Player 13.0 182 
Adobe Flash Player 12.0 70 
Adobe Flash Player 11.7.700 275 
Adobe Flash Player 11.7.700 232 
Adobe Flash Player 11.7.700 169 
Adobe Flash Player 11.6.602 105 
Adobe Flash Player 11.5.502 131 
Adobe Flash Player 11.5.502 124 
Adobe Flash Player 11.5.502 118 
Adobe Flash Player 11.5.500 80 
Adobe Flash Player 11.4.400 231 
Adobe Flash Player 11.3.300 271 
Adobe Flash Player 11.3.300 270 
Adobe Flash Player 11.3.300 268 
Adobe Flash Player 11.3.300 265 
Adobe Flash Player 11.3.300 262 
Adobe Flash Player 11.3.300 257 
Adobe Flash Player 11.3.300 250 
Adobe Flash Player 11.3.300 231 
Adobe Flash Player 11.3.300 214 
Adobe Flash Player 11.2.202 95 
Adobe Flash Player 11.2.202 425 
Adobe Flash Player 11.2.202 418 
Adobe Flash Player 11.2.202 400 
Adobe Flash Player 11.2.202 359 
Adobe Flash Player 11.2.202 350 
Adobe Flash Player 11.2.202 346 
Adobe Flash Player 11.2.202 341 
Adobe Flash Player 11.2.202 297 
Adobe Flash Player 11.2.202 280 
Adobe Flash Player 11.2.202 238 
Adobe Flash Player 11.2.202 236 
Adobe Flash Player 11.2.202 221 
Adobe Flash Player 11.2.202 197 
Adobe Flash Player 11.2.202 160 
Adobe Flash Player 11.1.115 69 
Adobe Flash Player 11.1.115 54 
Adobe Flash Player 11.1.111 64 
Adobe Flash Player 11.1.111 50 
Adobe Flash Player 11.0.1 98 
Adobe Flash Player 11.0.1 60 
Adobe Flash Player 11.0.1 129 
Adobe Flash Player 10.1.53 .64 
Adobe Flash Player 10.1.51 .66 
Adobe Flash Player 10.0.45 2 
Adobe Flash Player 10.0.32 18 
Adobe Flash Player 10.0.22 .87 
Adobe Flash Player 10.0.15 .3 
Adobe Flash Player 10.0.12 .36 
Adobe Flash Player 10.0.12 .35 
Adobe Flash Player 9.0.262 
Adobe Flash Player 9.0.246 0 
Adobe Flash Player 9.0.152 .0 
Adobe Flash Player 9.0.151 .0 
Adobe Flash Player 9.0.124 .0 
Adobe Flash Player 9.0.9.0 
Adobe Flash Player 9.0.8.0 
Adobe Flash Player 9.0.48.0 
Adobe Flash Player 9.0.47.0 
Adobe Flash Player 9.0.45.0 
Adobe Flash Player 9.0.31.0 
Adobe Flash Player 9.0.289.0 
Adobe Flash Player 9.0.283.0 
Adobe Flash Player 9.0.280 
Adobe Flash Player 9.0.28.0 
Adobe Flash Player 9.0.277.0 
Adobe Flash Player 9.0.262.0 
Adobe Flash Player 9.0.260.0 
Adobe Flash Player 9.0.246.0 
Adobe Flash Player 9.0.159.0 
Adobe Flash Player 9.0.155.0 
Adobe Flash Player 9.0.115.0 
Adobe Flash Player 9 
Adobe Flash Player 8.0.35.0 
Adobe Flash Player 8.0.34.0 
Adobe Flash Player 8 
Adobe Flash Player 7.61 
Adobe Flash Player 7.0.73.0 
Adobe Flash Player 7.0.70.0 
Adobe Flash Player 7.0.69.0 
Adobe Flash Player 7.0.68.0 
Adobe Flash Player 7.0.67.0 
Adobe Flash Player 7.0.66.0 
Adobe Flash Player 7.0.61.0 
Adobe Flash Player 7.0.60.0 
Adobe Flash Player 7.0.53.0 
Adobe Flash Player 7.0.24.0 
Adobe Flash Player 7.0.19.0 
Adobe Flash Player 7.0.14.0 
Adobe Flash Player 7 
Adobe Flash Player 6.0.79 
Adobe Flash Player 6.0.21.0 
Adobe Flash Player 4 
Adobe Flash Player 3 
Adobe Flash Player 28.0.0.137 
Adobe Flash Player 28.0.0.126 
Adobe Flash Player 27.0.0.187 
Adobe Flash Player 27.0.0.170 
Adobe Flash Player 27.0.0.159 
Adobe Flash Player 27.0.0.130 
Adobe Flash Player 26.0.0.151 
Adobe Flash Player 26.0.0.137 
Adobe Flash Player 26.0.0.131 
Adobe Flash Player 26.0.0.126 
Adobe Flash Player 26.0.0.120 
Adobe Flash Player 25.0.0.171 
Adobe Flash Player 25.0.0.163 
Adobe Flash Player 25.0.0.148 
Adobe Flash Player 25.0.0.127 
Adobe Flash Player 24.0.0.221 
Adobe Flash Player 24.0.0.194 
Adobe Flash Player 24.0.0.186 
Adobe Flash Player 23.0.0.207 
Adobe Flash Player 23.0.0.205 
Adobe Flash Player 23.0.0.185 
Adobe Flash Player 23.0.0.162 
Adobe Flash Player 22.0.0.192 
Adobe Flash Player 21.0.0.242 
Adobe Flash Player 21.0.0.241 
Adobe Flash Player 21.0.0.226 
Adobe Flash Player 21.0.0.216 
Adobe Flash Player 21.0.0.213 
Adobe Flash Player 21.0.0.197 
Adobe Flash Player 21.0.0.182 
Adobe Flash Player 21.0 
Adobe Flash Player 20.0.0.306 
Adobe Flash Player 20.0.0.286 
Adobe Flash Player 20.0.0.272 
Adobe Flash Player 20.0.0.267 
Adobe Flash Player 20.0.0.235 
Adobe Flash Player 20.0.0.228 
Adobe Flash Player 2 
Adobe Flash Player 19.0.0.245 
Adobe Flash Player 19.0.0.226 
Adobe Flash Player 19.0.0.207 
Adobe Flash Player 19.0.0.185 
Adobe Flash Player 18.0.0.375 
Adobe Flash Player 18.0.0.366 
Adobe Flash Player 18.0.0.360 
Adobe Flash Player 18.0.0.352 
Adobe Flash Player 18.0.0.343 
Adobe Flash Player 18.0.0.333 
Adobe Flash Player 18.0.0.329 
Adobe Flash Player 18.0.0.326 
Adobe Flash Player 18.0.0.324 
Adobe Flash Player 18.0.0.268 
Adobe Flash Player 18.0.0.261 
Adobe Flash Player 18.0.0.255 
Adobe Flash Player 18.0.0.252 
Adobe Flash Player 18.0.0.241 
Adobe Flash Player 18.0.0.233 
Adobe Flash Player 18.0.0.232 
Adobe Flash Player 18.0.0.209 
Adobe Flash Player 18.0.0.204 
Adobe Flash Player 18.0.0.203 
Adobe Flash Player 18.0.0.194 
Adobe Flash Player 18.0.0.161 
Adobe Flash Player 18.0.0.160 
Adobe Flash Player 18.0.0.143 
Adobe Flash Player 17.0.0.188 
Adobe Flash Player 17.0.0.169 
Adobe Flash Player 17.0.0.134 
Adobe Flash Player 16.0.0.305 
Adobe Flash Player 16.0.0.296 
Adobe Flash Player 16.0.0.291 
Adobe Flash Player 16.0.0.287 
Adobe Flash Player 16.0.0.257 
Adobe Flash Player 16.0.0.234 
Adobe Flash Player 15.0.0.246 
Adobe Flash Player 15.0.0.242 
Adobe Flash Player 15.0.0.239 
Adobe Flash Player 15.0.0.223 
Adobe Flash Player 15.0.0.189 
Adobe Flash Player 15.0.0.152 
Adobe Flash Player 14.0.0.145 
Adobe Flash Player 14.0.0.125 
Adobe Flash Player 13.0.0.309 
Adobe Flash Player 13.0.0.302 
Adobe Flash Player 13.0.0.296 
Adobe Flash Player 13.0.0.292 
Adobe Flash Player 13.0.0.289 
Adobe Flash Player 13.0.0.281 
Adobe Flash Player 13.0.0.277 
Adobe Flash Player 13.0.0.269 
Adobe Flash Player 13.0.0.264 
Adobe Flash Player 13.0.0.262 
Adobe Flash Player 13.0.0.260 
Adobe Flash Player 13.0.0.258 
Adobe Flash Player 13.0.0.250 
Adobe Flash Player 13.0.0.244 
Adobe Flash Player 13.0.0.241 
Adobe Flash Player 13.0.0.231 
Adobe Flash Player 13.0.0.223 
Adobe Flash Player 13.0.0.206 
Adobe Flash Player 13.0.0.201 
Adobe Flash Player 12.0.0.77 
Adobe Flash Player 12.0.0.44 
Adobe Flash Player 12.0.0.43 
Adobe Flash Player 12.0.0.41 
Adobe Flash Player 12.0.0.38 
Adobe Flash Player 12 
Adobe Flash Player 11.9.900.170 
Adobe Flash Player 11.9.900.152 
Adobe Flash Player 11.9.900.117 
Adobe Flash Player 11.8.800.97 
Adobe Flash Player 11.8.800.94 
Adobe Flash Player 11.8.800.170 
Adobe Flash Player 11.8.800.168 
Adobe Flash Player 11.7.700.279 
Adobe Flash Player 11.7.700.272 
Adobe Flash Player 11.7.700.269 
Adobe Flash Player 11.7.700.261 
Adobe Flash Player 11.7.700.260 
Adobe Flash Player 11.7.700.257 
Adobe Flash Player 11.7.700.252 
Adobe Flash Player 11.7.700.242 
Adobe Flash Player 11.7.700.225 
Adobe Flash Player 11.7.700.224 
Adobe Flash Player 11.7.700.203 
Adobe Flash Player 11.7.700.202 
Adobe Flash Player 11.6.602.180 
Adobe Flash Player 11.6.602.171 
Adobe Flash Player 11.6.602.168 
Adobe Flash Player 11.6.602.167 
Adobe Flash Player 11.5.502.149 
Adobe Flash Player 11.5.502.146 
Adobe Flash Player 11.5.502.136 
Adobe Flash Player 11.5.502.135 
Adobe Flash Player 11.5.502.110 
Adobe Flash Player 11.4.402.287 
Adobe Flash Player 11.4.402.278 
Adobe Flash Player 11.4.402.265 
Adobe Flash Player 11.3.378.5 
Adobe Flash Player 11.3.31.230 
Adobe Flash Player 11.3.300.273 
Adobe Flash Player 11.2.202.644 
Adobe Flash Player 11.2.202.635 
Adobe Flash Player 11.2.202.632 
Adobe Flash Player 11.2.202.626 
Adobe Flash Player 11.2.202.621 
Adobe Flash Player 11.2.202.616 
Adobe Flash Player 11.2.202.577 
Adobe Flash Player 11.2.202.569 
Adobe Flash Player 11.2.202.559 
Adobe Flash Player 11.2.202.554 
Adobe Flash Player 11.2.202.548 
Adobe Flash Player 11.2.202.540 
Adobe Flash Player 11.2.202.535 
Adobe Flash Player 11.2.202.521 
Adobe Flash Player 11.2.202.508 
Adobe Flash Player 11.2.202.491 
Adobe Flash Player 11.2.202.481 
Adobe Flash Player 11.2.202.468 
Adobe Flash Player 11.2.202.466 
Adobe Flash Player 11.2.202.460 
Adobe Flash Player 11.2.202.457 
Adobe Flash Player 11.2.202.451 
Adobe Flash Player 11.2.202.442 
Adobe Flash Player 11.2.202.440 
Adobe Flash Player 11.2.202.438 
Adobe Flash Player 11.2.202.429 
Adobe Flash Player 11.2.202.424 
Adobe Flash Player 11.2.202.411 
Adobe Flash Player 11.2.202.406 
Adobe Flash Player 11.2.202.394 
Adobe Flash Player 11.2.202.378 
Adobe Flash Player 11.2.202.356 
Adobe Flash Player 11.2.202.336 
Adobe Flash Player 11.2.202.335 
Adobe Flash Player 11.2.202.332 
Adobe Flash Player 11.2.202.327 
Adobe Flash Player 11.2.202.310 
Adobe Flash Player 11.2.202.291 
Adobe Flash Player 11.2.202.285 
Adobe Flash Player 11.2.202.275 
Adobe Flash Player 11.2.202.273 
Adobe Flash Player 11.2.202.270 
Adobe Flash Player 11.2.202.262 
Adobe Flash Player 11.2.202.261 
Adobe Flash Player 11.2.202.258 
Adobe Flash Player 11.2.202.251 
Adobe Flash Player 11.2.202.243 
Adobe Flash Player 11.2.202.238 
Adobe Flash Player 11.2.202.235 
Adobe Flash Player 11.2.202.233 
Adobe Flash Player 11.2.202.229 
Adobe Flash Player 11.2.202.228 
Adobe Flash Player 11.2.202.223 
Adobe Flash Player 11.1.115.81 
Adobe Flash Player 11.1.115.8 
Adobe Flash Player 11.1.115.7 
Adobe Flash Player 11.1.115.63 
Adobe Flash Player 11.1.115.6 
Adobe Flash Player 11.1.115.59 
Adobe Flash Player 11.1.115.58 
Adobe Flash Player 11.1.115.48 
Adobe Flash Player 11.1.115.34 
Adobe Flash Player 11.1.115.11 
Adobe Flash Player 11.1.112.61 
Adobe Flash Player 11.1.111.9 
Adobe Flash Player 11.1.111.8 
Adobe Flash Player 11.1.111.73 
Adobe Flash Player 11.1.111.7 
Adobe Flash Player 11.1.111.6 
Adobe Flash Player 11.1.111.54 
Adobe Flash Player 11.1.111.5 
Adobe Flash Player 11.1.111.44 
Adobe Flash Player 11.1.111.10 
Adobe Flash Player 11.1.102.63 
Adobe Flash Player 11.1.102.62 
Adobe Flash Player 11.1.102.59 
Adobe Flash Player 11.1.102.55 
Adobe Flash Player 11.1.102.228 
Adobe Flash Player 11.1 
Adobe Flash Player 11.0.1.153 
Adobe Flash Player 11.0.1.152 
Adobe Flash Player 11.0 
Adobe Flash Player 11 
Adobe Flash Player 10.3.186.7 
Adobe Flash Player 10.3.186.6 
Adobe Flash Player 10.3.186.3 
Adobe Flash Player 10.3.186.2 
Adobe Flash Player 10.3.185.25 
Adobe Flash Player 10.3.185.24 
Adobe Flash Player 10.3.185.23 
Adobe Flash Player 10.3.185.22 
Adobe Flash Player 10.3.185.21 
Adobe Flash Player 10.3.183.86 
Adobe Flash Player 10.3.183.75 
Adobe Flash Player 10.3.183.7 
Adobe Flash Player 10.3.183.68 
Adobe Flash Player 10.3.183.67 
Adobe Flash Player 10.3.183.63 
Adobe Flash Player 10.3.183.61 
Adobe Flash Player 10.3.183.51 
Adobe Flash Player 10.3.183.50 
Adobe Flash Player 10.3.183.5 
Adobe Flash Player 10.3.183.48 
Adobe Flash Player 10.3.183.43 
Adobe Flash Player 10.3.183.4 
Adobe Flash Player 10.3.183.29 
Adobe Flash Player 10.3.183.25 
Adobe Flash Player 10.3.183.23 
Adobe Flash Player 10.3.183.20 
Adobe Flash Player 10.3.183.19 
Adobe Flash Player 10.3.183.18 
Adobe Flash Player 10.3.183.16 
Adobe Flash Player 10.3.183.15 
Adobe Flash Player 10.3.183.11 
Adobe Flash Player 10.3.183.10 
Adobe Flash Player 10.3.181.34 
Adobe Flash Player 10.3.181.26 
Adobe Flash Player 10.3.181.23 
Adobe Flash Player 10.3.181.22 
Adobe Flash Player 10.3.181.16 
Adobe Flash Player 10.3.181.14 
Adobe Flash Player 10.2.159.1 
Adobe Flash Player 10.2.157.51 
Adobe Flash Player 10.2.156.12 
Adobe Flash Player 10.2.154.28 
Adobe Flash Player 10.2.154.27 
Adobe Flash Player 10.2.154.25 
Adobe Flash Player 10.2.154.24 
Adobe Flash Player 10.2.154.18 
Adobe Flash Player 10.2.154.13 
Adobe Flash Player 10.2.153.1 
Adobe Flash Player 10.2.152.33 
Adobe Flash Player 10.2.152.32 
Adobe Flash Player 10.2.152.26 
Adobe Flash Player 10.2.152.21 
Adobe Flash Player 10.2.152 
Adobe Flash Player 10.1.95.2 
Adobe Flash Player 10.1.95.1 
Adobe Flash Player 10.1.92.8 
Adobe Flash Player 10.1.92.10 
Adobe Flash Player 10.1.85.3 
Adobe Flash Player 10.1.82.76 
Adobe Flash Player 10.1.52.15 
Adobe Flash Player 10.1.52.14.1 
Adobe Flash Player 10.1.52.14 
Adobe Flash Player 10.1.106.17 
Adobe Flash Player 10.1.106.16 
Adobe Flash Player 10.1.105.6 
Adobe Flash Player 10.1.102.65 
Adobe Flash Player 10.1.102.64 
Adobe Flash Player 10.1 
Adobe Flash Player 10.0.42.34 
Adobe Flash Player 10.0.32.18 
Adobe Flash Player 10.0.2.54 
Adobe Flash Player 10
 
Not Vulnerable:

绿盟科技评价该漏洞

当地时间2月1日,北京时间2月2日,Adobe Flash Player被发现存在一个0-day漏洞(CVE-2018-4878),并且已被攻击者利用,该漏洞影响目前所有版本。攻击者可以诱使用户打开包含恶意Flash代码的Microsoft Office文档,网页,垃圾电子邮件等。恶意代码被认为是嵌入在MS Word文档中的Flash SWF文件中。

Adobe也发布通告表示CVE-2018-4878的漏洞利用已经存在,将在2月5日的补丁中修复该漏洞。

相关链接:

https://www.bleepingcomputer.com/news/security/new-adobe-flash-zero-day-spotted-in-the-wild/

https://helpx.adobe.com/security/products/flash-player/apsa18-01.html

 

受影响的版本

Adobe Flash Player <= 28.0.0.137

不受影响的版本

目前版本均受影响,Adobe将于2月5日更新补丁。


CVE-2018-4878漏洞影响范围

CVE-2018-4878漏洞涉及厂商

macromedia

CVE-2018-4878漏洞涉及产品

Adobe Flash Player

CVE-2018-4878漏洞影响版本

Adobe Flash Player <= 28.0.0.137

CVE-2018-4878漏洞解决方案

【增补中】

{CVE-2018-4878漏洞涉及厂商}声明

【增补中】

绿盟科技声明

Adobe官方2月1日发布通告表示该漏洞将于2月5日的补丁中修复。在此之前用户可以考虑禁用或卸载Flash Player,或者使用受保护的视图打开Microsoft Office文档。

在补丁发布后,用户应该及时下载更新进行防护。

  1. 检查当前版本:

访问网站 http://www.adobe.com/software/flash/about/ ,则会提示当前系统中的Adobe Flash Player版本。

  1. 更新安装新版本:

在官方发布新版本之后,访问 https://get.adobe.com/flashplayer ,取消可选程序安装(下图红框所示),点击右下角的立即安装即可进行更新。

参考链接:

https://helpx.adobe.com/security/products/flash-player/apsa18-01.html

CVE-2018-4878漏洞安全加声明

本页信息用以描述CVE-2018-4878漏洞的信息,这些信息便于您对CVE-2018-4878漏洞进行快速阅读并了解相关信息。如下信息如有空缺,则CVE-2018-4878漏洞相关内容正在增补中,如果您知悉相关内容或者如下内容有异议,可以联系站长:安全加QQ:468215215;Weixin:gnaw0725

CVE-2018-4878漏洞相关内容

CVE-2018-4878漏洞相关漏洞

漏洞列表

CVE-2018-4878漏洞相关文章

转自:安全加

链接: http://toutiao.secjia.com/cve-2018-1142

标签: https 安全 代码 电子邮件 漏洞 网站 问题 用户

版权申明:本站文章部分自网络,如有侵权,请联系:west999com@outlook.com
特别注意:本站所有转载文章言论不代表本站观点!
本站所提供的图片等素材,版权归原作者所有,如需使用,请与原作者联系。

上一篇:360企业安全发布新一代云安全防护解决方案

下一篇:挖矿病毒泛滥:黑客利用Youtube劫持电脑挖掘门罗币