CVE-2018-4878
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2018-4878
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
A use-after-free vulnerability was discovered in Adobe Flash Player before 28.0.0.161. This vulnerability occurs due to a dangling pointer in the Primetime SDK related to media player handling of listener objects. A successful attack can lead to arbitrary code execution. This was exploited in the wild in January and February 2018.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Adobe Flash Player 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Adobe Flash Player是美国奥多比(Adobe)公司的一款跨平台、基于浏览器的多媒体播放器产品。该产品支持跨屏幕和浏览器查看应用程序、内容和视频。 Adobe Flash Player中存在释放后重用漏洞。远程攻击者可利用该漏洞执行代码,控制系统。以下版本受到影响:基于Windows和Macintosh平台的Adobe Flash Player Desktop Runtime 28.0.0.137及之前的版本,基于Windows、Macintosh、Linux和Chrome OS平台的Ado
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Shenlong Deep Dive — AI Deep Analysis
10-question deep dive: root cause, exploitation, mitigation, urgency. Read summary free, full version requires login.
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| - | Adobe Flash Player before 28.0.0.161 | Adobe Flash Player before 28.0.0.161 | - |
II. Public POCs for CVE-2018-4878
| # | POC Description | Source Link | Shenlong Link |
|---|---|---|---|
| 1 | 备忘:flash挂马工具备份 CVE-2018-4878 | https://github.com/ydl555/CVE-2018-4878- | POC Details |
| 2 | None | https://github.com/mdsecactivebreach/CVE-2018-4878 | POC Details |
| 3 | Aggressor Script to just launch IE driveby for CVE-2018-4878 | https://github.com/hybridious/CVE-2018-4878 | POC Details |
| 4 | Aggressor Script to launch IE driveby for CVE-2018-4878 | https://github.com/vysecurity/CVE-2018-4878 | POC Details |
| 5 | CVE-2018-4878 样本 | https://github.com/KathodeN/CVE-2018-4878 | POC Details |
| 6 | Flash Exploit Poc | https://github.com/SyFi/CVE-2018-4878 | POC Details |
| 7 | CVE-2018-4878 flash 0day | https://github.com/ydl555/CVE-2018-4878 | POC Details |
| 8 | Metasploit module for CVE-2018-4878 | https://github.com/B0fH/CVE-2018-4878 | POC Details |
| 9 | None | https://github.com/Yable/CVE-2018-4878 | POC Details |
| 10 | 软件系统安全结课作业:[漏洞复现] CVE-2018-4878 Flash 0day | https://github.com/HuanWoWeiLan/SoftwareSystemSecurity-2019 | POC Details |
| 11 | None | https://github.com/lvyoshino/CVE-2018-4878 | POC Details |
| 12 | Aggressor Script to just launch IE driveby for CVE-2018-4878 | https://github.com/demonsec666/CVE-2018-4878 | POC Details |
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2018-4878
请登录查看更多情报信息。
- https://github.com/vysec/CVE-2018-4878x_refsource_MISC
- https://nvd.nist.gov/vuln/detail/CVE-2018-4878
Same Patch Batch · n/a · 2018-02-06 · 52 CVEs total
| CVE-2015-3618 | Nagios Business Process Intelligence 跨站脚本漏洞 | |
| CVE-2018-6569 | West Wind Web Server 安全漏洞 | |
| CVE-2018-6654 | Grammarly extension for Chrome 安全漏洞 | |
| CVE-2018-6466 | WordPress flickrRSS插件跨站脚本漏洞 | |
| CVE-2018-6469 | WordPress flickrRSS插件跨站脚本漏洞 | |
| CVE-2018-6468 | WordPress flickrRSS插件跨站脚本漏洞 | |
| CVE-2018-6467 | WordPress flickrRSS插件跨站请求伪造漏洞 | |
| CVE-2018-6656 | Z-BlogPHP 跨站请求伪造漏洞 | |
| CVE-2015-4400 | Ring video doorbells 安全漏洞 | |
| CVE-2015-3619 | Joomla! VirtueMart组件跨站脚本漏洞 | |
| CVE-2016-7394 | Tiki Wiki CMS Groupware 跨站脚本漏洞 | |
| CVE-2014-5282 | Docker 安全漏洞 | |
| CVE-2014-5280 | boot2docker 安全漏洞 | |
| CVE-2014-5279 | boot2docker 安全漏洞 | |
| CVE-2018-6389 | WordPress 安全漏洞 | |
| CVE-2017-17663 | thttpd和mini_httpd 缓冲区错误漏洞 | |
| CVE-2018-6758 | Unbit uWSGI 缓冲区错误漏洞 | |
| CVE-2016-3957 | web2py 安全漏洞 | |
| CVE-2016-3954 | web2py 安全漏洞 | |
| CVE-2016-3953 | web2py sample Web应用程序 |
Showing top 20 of 52 CVEs. View all on vendor page → →
IV. Related Vulnerabilities
Same vendor: n/a
- CVE-2026-8276
bettercap MySQL Server mysql_server.go integer coercion - CVE-2026-8275
bettercap zerogod IPP Service zerogod_ipp_primitives.go ippR - CVE-2026-8270
Open5GS SMF ogs_nas_parse_qos_rules denial of service - CVE-2026-8269
Open5GS SMF smf_nsmf_handle_create_sm_context denial of serv - CVE-2026-8268
Open5GS SMF OpenAPI_list_create denial of service
V. Comments for CVE-2018-4878
No comments yet