Entreprise d'experts en Sécurité Informatique : Audits et conseils en cybersécurité
Entreprise française de cybersécurité depuis 2004
☎ 03 60 47 09 81 - info@securiteinfo.com


CVE-2018-4878

Description

A use-after-free vulnerability was discovered in Adobe Flash Player before 28.0.0.161. This vulnerability occurs due to a dangling pointer in the Primetime SDK related to media player handling of listener objects. A successful attack can lead to arbitrary code execution. This was exploited in the wild in January and February 2018.

POC

Reference

- https://blog.morphisec.com/flash-exploit-cve-2018-4878-spotted-in-the-wild-massive-malspam-campaign

- https://github.com/InQuest/malware-samples/tree/master/CVE-2018-4878-Adobe-Flash-DRM-UAF-0day

- https://github.com/vysec/CVE-2018-4878

- https://threatpost.com/adobe-flash-player-zero-day-spotted-in-the-wild/129742/

- https://www.darkreading.com/threat-intelligence/adobe-flash-vulnerability-reappears-in-malicious-word-files/d/d-id/1331139

- https://www.exploit-db.com/exploits/44412/

Github

- https://github.com/00xtrace/Red-Team-Ops-Toolbox

- https://github.com/0xT11/CVE-POC

- https://github.com/0xdeadgeek/Red-Teaming-Toolkit

- https://github.com/0xh4di/Red-Teaming-Toolkit

- https://github.com/0xp4nda/Red-Teaming-Toolkit

- https://github.com/1o24er/RedTeam

- https://github.com/2lambda123/m0chan-Red-Teaming-Toolkit

- https://github.com/3m1za4/100-Best-Free-Red-Team-Tools-

- https://github.com/6R1M-5H3PH3RD/Red_Teaming_Tool_Kit

- https://github.com/ARPSyndicate/cvemon

- https://github.com/Advisory-Emulations/APT-37

- https://github.com/Al1ex/APT-GUID

- https://github.com/Al1ex/Red-Team

- https://github.com/Apri1y/Red-Team-links

- https://github.com/AzyzChayeb/Redteam

- https://github.com/B0fH/CVE-2018-4878

- https://github.com/BOFs/365CS

- https://github.com/BOFs/CobaltStrike

- https://github.com/CYJoe-Cyclone/Awesome-CobaltStrike

- https://github.com/ChalkingCode/ExploitedDucks

- https://github.com/ChefGordon/List-O-Tools

- https://github.com/ChennaCSP/APT37-Emulation-plan

- https://github.com/CyberSecurityUP/Adversary-Emulation-Matrix

- https://github.com/Echocipher/Resource-list

- https://github.com/Fa1c0n35/Red-Teaming-Toolkit

- https://github.com/FlatL1neAPT/MS-Office

- https://github.com/FlatL1neAPT/Post-exploitation

- https://github.com/Getshell/CobaltStrike

- https://github.com/H3llozy/CVE-2018-4879

- https://github.com/HacTF/poc--exp

- https://github.com/HildeTeamTNT/Red-Teaming-Toolkit

- https://github.com/HuanWoWeiLan/SoftwareSystemSecurity

- https://github.com/HuanWoWeiLan/SoftwareSystemSecurity-2019

- https://github.com/InQuest/malware-samples

- https://github.com/InQuest/yara-rules

- https://github.com/JamesGrandoff/Tools

- https://github.com/KathodeN/CVE-2018-4878

- https://github.com/Mr-hunt-007/CyberSecurity-Tools

- https://github.com/Mrnmap/RedTeam

- https://github.com/Ondrik8/Links

- https://github.com/Ondrik8/RED-Team

- https://github.com/Ondrik8/soft

- https://github.com/Ostorlab/KEV

- https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors

- https://github.com/PWN-Kingdom/Test_Tasks

- https://github.com/RxXwx3x/Redteam

- https://github.com/Saidul-M-Khan/Red-Teaming-Toolkit

- https://github.com/SexyBeast233/SecBooks

- https://github.com/Soldie/Red-Team-Tool-Kit---Shr3dKit

- https://github.com/SyFi/CVE-2018-4878

- https://github.com/Th3k33n/RedTeam

- https://github.com/Yable/CVE-2018-4878

- https://github.com/allwinnoah/CyberSecurity-Tools

- https://github.com/arcangel2308/Shr3dit

- https://github.com/blackorbird/APT_REPORT

- https://github.com/blackorlittle/exps

- https://github.com/blockchainguard/blockchainhacked

- https://github.com/demonsec666/CVE-2018-4878

- https://github.com/developer3000S/PoC-in-GitHub

- https://github.com/diovil/aaa

- https://github.com/dk47os3r/hongduiziliao

- https://github.com/dudacgf/ovr_convert

- https://github.com/eeenvik1/scripts_for_YouTrack

- https://github.com/emtuls/Awesome-Cyber-Security-List

- https://github.com/fei9747/Awesome-CobaltStrike

- https://github.com/geeksniper/Red-team-toolkit

- https://github.com/getanehAl/Red-Team-OPS

- https://github.com/gold1029/Red-Teaming-Toolkit

- https://github.com/greekgothguy/cool_sites_and_tools

- https://github.com/gyaansastra/Red-Team-Toolkit

- https://github.com/hasee2018/Safety-net-information

- https://github.com/hectorgie/PoC-in-GitHub

- https://github.com/hongriSec/Growth-Diary

- https://github.com/hudunkey/Red-Team-links

- https://github.com/hwiwonl/dayone

- https://github.com/hybridious/CVE-2018-4878

- https://github.com/jan-call/Cobaltstrike-Plugins

- https://github.com/jnadvid/RedTeamTools

- https://github.com/john-80/-007

- https://github.com/kimreq/red-team

- https://github.com/landscape2024/RedTeam

- https://github.com/likekabin/APT_REPORT

- https://github.com/likekabin/Red-Teaming-Toolkit

- https://github.com/likekabin/Red-Teaming-Toolkit_all_pentests

- https://github.com/likescam/APT_REPORT

- https://github.com/likescam/Red-Teaming-Toolkit

- https://github.com/likescam/Red-Teaming-Toolkit_all_pentests

- https://github.com/lnick2023/nicenice

- https://github.com/lp008/Hack-readme

- https://github.com/lvyoshino/CVE-2018-4878

- https://github.com/mdsecactivebreach/CVE-2018-4878

- https://github.com/merlinepedra/CobaltStrike

- https://github.com/merlinepedra25/CobaltStrike

- https://github.com/mooneee/Red-Teaming-Toolkit

- https://github.com/mrinconroldan/red-teaming-toolkit

- https://github.com/mucahittopal/Pentesting-Pratic-Notes

- https://github.com/nao-sec/ektotal

- https://github.com/nitishbadole/pentesting_Notes

- https://github.com/nobiusmallyu/kehai

- https://github.com/orgTestCodacy11KRepos110MB/repo-5694-malware-samples

- https://github.com/phuonghoang89/apt-report

- https://github.com/qazbnm456/awesome-cve-poc

- https://github.com/r0r0x-xx/Red-Team-OPS-Modern-Adversary

- https://github.com/r3volved/CVEAggregate

- https://github.com/scriptsboy/Red-Teaming-Toolkit

- https://github.com/shadowdevnotreal/Awesome-CobaltStrike

- https://github.com/shr3ddersec/Shr3dKit

- https://github.com/sifatnotes/cobalt_strike_tutorials

- https://github.com/slimdaddy/RedTeam

- https://github.com/sung3r/CobaltStrike

- https://github.com/svbjdbk123/-

- https://github.com/t31m0/Red-Teaming-Toolkit

- https://github.com/thebound7/maldetect

- https://github.com/thezimtex/red-team

- https://github.com/tomoyamachi/gocarts

- https://github.com/twensoo/PersistentThreat

- https://github.com/u53r55/Security-Tools-List

- https://github.com/unusualwork/red-team-tools

- https://github.com/vysecurity/CVE-2018-4878

- https://github.com/wateroot/poc-exp

- https://github.com/winterwolf32/Red-teaming

- https://github.com/wirasecure/hongdui

- https://github.com/wwong99/hongdui

- https://github.com/x86trace/Red-Team-Ops-Toolbox

- https://github.com/xbl3/Red-Teaming-Toolkit_infosecn1nja

- https://github.com/xbl3/awesome-cve-poc_qazbnm456

- https://github.com/xiaoZ-hc/redtool

- https://github.com/ydl555/CVE-2018-4878-

- https://github.com/yut0u/RedTeam-BlackBox

- https://github.com/zer0yu/Awesome-CobaltStrike