Spam Campaign Targeting New Flash Vulnerability [CVE-2018-4878]

A malicious spam campaign is targeting an Adobe Flash vulnerability. CVE-2018-4878 is a use-after-free vulnerability in the Adobe Primetime software development kit (SDK) that, if exploited, may allow a remote, unauthenticated attacker to execute arbitrary code. For more information please see Adobe Security Bulletin APSB18-03.

Spam emails containing shortened URL’s generated by Google’s URL Shortener utility were sent to users. Clicking these URLs downloads a Microsoft Word document which in turn opens the command prompt, presumably using a malicious macro, and injects shellcode to download a DLL file.

This results in whitelisting solutions being bypassed which, coupled with the use of short URLs makes it very difficult to detect with signature-based scanning.

Affected Platform:

  • Adobe Flash Player – Windows, macOS, Linux and Chrome OS versions prior to 28.0.0.161

Resolution:

Adobe have patched this vulnerability in new versions of Flash Player. Users are encouraged to update at the earliest possible date.

As signature-based detection is not effective at this time, it is advised to employ heuristic-based detection solutions as well.




Duncan Newell

Duncan is a technology professional with over 20 years experience of working in various IT roles. He has a interest in cyber security, and has a wide range of other skills in radio, electronics and telecommunications.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this:

Notice: ob_end_flush(): failed to send buffer of zlib output compression (0) in /home/systemte/public_html/wp-includes/functions.php on line 4339