Remote Code Execution for Flash Player

Gepubliceerd : 02/02/2018

Reference:
Advisory #2018-02

Version:
1.0

Affected software:
Adobe Flash Player Desktop

CVE/CVSS:
CVE-2018-4878

Sources

https://helpx.adobe.com/security/products/flash-player/apsa18-01.html

Risks

A successful exploitation could allow a potential attacker to take control of the affected system.

Description

A critical vulnerability exists in Adobe Flash Player 28.0.0.137 and earlier versions. an exploit for CVE-2018-4878 exists in the wild, and is being used in limited, targeted attacks against Windows users. These attacks leverage Office documents with embedded malicious Flash content distributed via email.

Recommended Actions

Adobe will address this vulnerability in a release planned for the week of February 5.

The most secure course of action is to disable Flash Player or uninstall it entirely either until the patch arrives.

If you need it installed and running, there is a few things you can do :

Most modern browsers integrate a functionality to enable Click-to-play for plugins like flash player, prompting the user to click to use the plugin instead of executing everything by default.

More Information

For more details : https://www.howtogeek.com/188059/how-to-enable-click-to-play-plugins-in-every-web-browser/

Beginning with Flash Player 27, administrators have the ability to change Flash Player's behavior when running on Internet Explorer on Windows 7 and below by prompting the user before playing SWF content.

For more details : https://www.adobe.com/content/dam/acom/en/devnet/flashplayer/articles/flash_player_admin_guide/pdf/flash_player_27_0_admin_guide.pdf

Administrators may also consider implementing Protected View for Office. Protected View opens a file marked as potentially unsafe in Read-only mode.

For more details : https://support.office.com/en-us/article/what-is-protected-view-d6f09ac7-e6b9-4495-8e43-2bbcdbcb6653#bm5