Remote Code Execution for Flash

Advisory: CERT.be Advisory #2018-003
Version : 1.0
Reference: CVE-2018-4878
Impacted software : Adobe Flash Player
Type : Remote Code Execution/0-Day
Impacted Software:

To verify the version of Adobe Flash Player installed on your system, access the About Flash Player page, or right-click on content running in Flash Player and select "About Adobe (or Macromedia) Flash Player" from the menu. If you use multiple browsers, perform the check for each browser you have installed on your system.

Risks

A successful exploitation could allow a potential attacker to take control of the affected system.

Summary

A critical vulnerability exists in Adobe Flash Player 28.0.0.137 and earlier versions. An exploit for CVE-2018-4878 exists in the wild and is being used in limited, targeted attacks against Windows users. These attacks leverage Office documents with embedded malicious Flash content distributed via email.

Remediation

Adobe will address this vulnerability in a release planned for the week of February 5, 2018.

The most secure course of action is to disable Flash Player or uninstall it entirely either until the patch arrives.

If you need it installed and running, there is a few things you can do:

Most modern browsers integrate a functionality to enable Click-to-play for plugins like flash player, prompting the user to click to use the plugin instead of executing everything by default.

For more details : https://www.howtogeek.com/188059/how-to-enable-click-to-play-plugins-in-...

Beginning with Flash Player 27, administrators have the ability to change Flash Player's behaviour when running on Internet Explorer on Windows 7 and below by prompting the user before playing SWF content.

For more details : https://www.adobe.com/content/dam/acom/en/devnet/flashplayer/articles/fl...

Administrators may also consider implementing Protected View for Office. Protected View opens a file marked as potentially unsafe in Read-only mode.

For more details : https://support.office.com/en-us/article/what-is-protected-view-d6f09ac7...

Sources

https://helpx.adobe.com/security/products/flash-player/apsa18-01.html