Spam Campaign Targeting New Flash Vulnerability

A new vulnerability in Adobe's Flash Player is being used by attackers in a spam campaign.

Threat ID:: CC-2098
Category:: Exploit
Threat Severity:: Low
Threat Vector:: Email spam
Published:: 2 March 2018 12:00 AM

Report a cyber attack: call 0300 303 5222 or email [email protected]

This content has been archived

This article no longer conforms to NHS Digital's standards for cyber alerts, and may contain outdated or inaccurate information. Use of this information contained in this page is at your own risk

Summary

A new vulnerability in Adobe's Flash Player is being used by attackers in a spam campaign.

Affected platforms

The following platforms are known to be affected:

Adobe Flash Player

Adobe Flash Player - Windows, macOS, Linux and Chrome OS versions prior to 28.0.0.161

Threat details

CVE-2018-4878 is a use-after-free vulnerability in the Adobe Primetime software development kit (SDK) that, if exploited, may allow a remote, unauthenticated attacker to execute arbitrary code. For more information please see Adobe Security Bulletin APSB18-03.

Spam emails containing shortened URL's generated by Google's URL Shortener utility were sent to users. Clicking these URLs downloads a Microsoft Word document which in turn opens the command prompt, presumably using a malicious macro, and injects shellcode to download a DLL file. This results in whitelisting solutions being bypassed which, coupled with the use of short URLs, makes it very difficult to detect with signature-based scanning.

Remediation steps

Type	Step
	Adobe have patched this vulnerability in new versions of Flash Player. Users are encouraged to update at the earliest possible date. As signature-based detection is not effective at this time, it is advised to employ heuristic-based detection solutions as well.

CVE Vulnerabilities

Status

CVE-2018-4878

Last edited: 17 February 2020 12:55 pm