关联漏洞
标题:Adobe Flash Player 安全漏洞 (CVE-2018-4878)Description:Adobe Flash Player是美国奥多比(Adobe)公司的一款跨平台、基于浏览器的多媒体播放器产品。该产品支持跨屏幕和浏览器查看应用程序、内容和视频。 Adobe Flash Player中存在释放后重用漏洞。远程攻击者可利用该漏洞执行代码,控制系统。以下版本受到影响:基于Windows和Macintosh平台的Adobe Flash Player Desktop Runtime 28.0.0.137及之前的版本,基于Windows、Macintosh、Linux和Chrome OS平台的Ado
介绍
## CVE-2018-4878 POC
CVE-2018-4878 was first demonstrated being exploited in the wild by TEMP.Reaper.
This repository contains the POC we created from the analysed malware, which is known to work against 32-bit versions of Flash 27 by exploiting a Use-After-Free vulnerability.
Successful exploitation provides the attacker with a ByteArray object capable of modifying process memory.
The full breakdown of the vulnerability can be found [here](https://www.mdsec.co.uk/2018/02/adobe-flash-exploitation-then-and-now-from-cve-2015-5119-to-cve-2018-4878/).
文件快照
[4.0K] /data/pocs/d3259a131a35189f860630b8080974340199ef74
├── [4.0K] CVE-2018-4878
│ ├── [4.0K] bin
│ │ ├── [ 773] expressInstall.swf
│ │ ├── [5.0K] FlashExploit.swf
│ │ ├── [ 919] index.html
│ │ └── [4.0K] js
│ │ └── [10.0K] swfobject.js
│ ├── [2.9K] FlashExploit.as3proj
│ └── [4.0K] src
│ ├── [5.0K] Main.as
│ ├── [3.1K] Mem_Arr.as
│ ├── [1.1K] Modify.as
│ └── [1.4K] MyListener.as
└── [ 559] README.md
4 directories, 10 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮件到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对 POC 代码进行快照,为了长期维护,请考虑为本地 POC 付费/捐赠,感谢您的支持。