CVE-2018-4878 PoC — Adobe Flash Player 安全漏洞

Source

https://github.com/KathodeN/CVE-2018-4878

Associated Vulnerability

Title:Adobe Flash Player 安全漏洞 (CVE-2018-4878)
Description:A use-after-free vulnerability was discovered in Adobe Flash Player before 28.0.0.161. This vulnerability occurs due to a dangling pointer in the Primetime SDK related to media player handling of listener objects. A successful attack can lead to arbitrary code execution. This was exploited in the wild in January and February 2018.

Description

CVE-2018-4878 样本

Readme

## CVE-2018-4878样本

样本来源：https://github.com/brianwrf/CVE-2017-4878-Samples

分析报告：http://blog.talosintelligence.com/2018/02/group-123-goes-wild.html

python脚本中exploit来源：https://github.com/vysec/CVE-2018-4878

**cve-2018-4878.py**为exploit生成脚本，shellcode用metasploit生成，默认的为**Windows弹计算器的payload**。

exploit.swf和index.html为cve-2018-4878.py生成的利用页面。

File Snapshot


 [4.0K]  /data/pocs/a4c87e5e2464f30dd7a10a98b70e9db49093055f
├── [119K]  cve-2018-4878.py
├── [6.8K]  CVE-2018-4878.swf
├── [123K]  CVE-2018-4878.xls
├── [218K]  exploit.swf
├── [ 446]  index.html
└── [ 437]  README.md

0 directories, 6 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!