Candidate: CVE-2018-4878 PublicDate: 2018-02-06 21:29:00 UTC References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4878 https://helpx.adobe.com/security/products/flash-player/apsb18-03.html https://threatpost.com/adobe-flash-player-zero-day-spotted-in-the-wild/129742/ https://www.fireeye.com/blog/threat-research/2018/02/attacks-leveraging-adobe-zero-day.html https://www.trendmicro.com/vinfo/us/security/news/vulnerabilities-and-exploits/north-korean-hackers-allegedly-exploit-adobe-flash-player-vulnerability-cve-2018-4878-against-south-korean-targets Description: A use-after-free vulnerability was discovered in Adobe Flash Player before 28.0.0.161. This vulnerability occurs due to a dangling pointer in the Primetime SDK related to media player handling of listener objects. A successful attack can lead to arbitrary code execution. This was exploited in the wild in January and February 2018. Ubuntu-Description: Notes: Bugs: Priority: medium Discovered-by: Assigned-to: chriscoulson CVSS: nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H [9.8 CRITICAL] nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H [9.8 CRITICAL] Patches_flashplugin-nonfree: upstream_flashplugin-nonfree: released (28.0.0.161) precise/esm_flashplugin-nonfree: DNE trusty_flashplugin-nonfree: released (28.0.0.161ubuntu0.14.04.1) trusty/esm_flashplugin-nonfree: DNE (trusty was released [28.0.0.161ubuntu0.14.04.1]) xenial_flashplugin-nonfree: released (28.0.0.161ubuntu0.16.04.1) artful_flashplugin-nonfree: released (28.0.0.161ubuntu0.17.10.1) devel_flashplugin-nonfree: released (28.0.0.161ubuntu1) Patches_adobe-flashplugin: upstream_adobe-flashplugin: released (28.0.0.161) precise/esm_adobe-flashplugin: DNE trusty_adobe-flashplugin: released (1:20180206.1-0ubuntu0.14.04.1) trusty/esm_adobe-flashplugin: DNE (trusty was released [1:20180206.1-0ubuntu0.14.04.1]) xenial_adobe-flashplugin: released (1:20180206.1-0ubuntu0.16.04.1) artful_adobe-flashplugin: released (1:20180206.1-0ubuntu0.17.10.1) devel_adobe-flashplugin: not-affected (1:20180206.1-0ubuntu1)