1. Home
  2. Mapping Frameworks
  3. Known Exploited Vulnerabilities Home
  4. Adobe Flash Player Use-After-Free Vulnerability

Known Exploited Vulnerabilities CVE-2018-4878 Mappings

A use-after-free vulnerability was discovered in Adobe Flash Player before 28.0.0.161. This vulnerability occurs due to a dangling pointer in the Primetime SDK related to media player handling of listener objects. A successful attack can lead to arbitrary code execution. This was exploited in the wild in January and February 2018.

Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name Notes
CVE-2018-4878 Adobe Flash Player Use-After-Free Vulnerability secondary_impact T1041 Exfiltration Over C2 Channel
Comments
The exploitation technique for this vulnerability is based on a vulnerability in Client software. In the wild, this was seen to be exploited by a malicious excel file. The observed goals of this exploit from Group 123 are remote access and data exfiltration.
References
  1. https://cloud.google.com/blog/topics/threat-intelligence/attacks-leveraging-adobe-zero-day-cve-2018-4878-threat-attribution-attack-scenario-and-recommendations/
  2. https://blog.talosintelligence.com/group-123-goes-wild/
CVE-2018-4878 Adobe Flash Player Use-After-Free Vulnerability primary_impact T1219 Remote Access Software
Comments
The exploitation technique for this vulnerability is based on a vulnerability in Client software. In the wild, this was seen to be exploited by a malicious excel file. The observed goals of this exploit from Group 123 are remote access and data exfiltration. Installation of the remote access software could allow for a number of different secondary impacts. See the MITRE ATT&CK reference on the DOGCALL software for more information.
References
  1. https://cloud.google.com/blog/topics/threat-intelligence/attacks-leveraging-adobe-zero-day-cve-2018-4878-threat-attribution-attack-scenario-and-recommendations/
  2. https://blog.talosintelligence.com/group-123-goes-wild/
CVE-2018-4878 Adobe Flash Player Use-After-Free Vulnerability exploitation_technique T1204.002 Malicious File
Comments
The exploitation technique for this vulnerability is based on a vulnerability in Client software. In the wild, this was seen to be exploited by a malicious excel file. The observed goals of this exploit from Group 123 are remote access and data exfiltration.
References
  1. https://cloud.google.com/blog/topics/threat-intelligence/attacks-leveraging-adobe-zero-day-cve-2018-4878-threat-attribution-attack-scenario-and-recommendations/
  2. https://blog.talosintelligence.com/group-123-goes-wild/