Think you have a false positive on this rule?

Sid 1-45595

Message

FILE-FLASH Adobe PSDK DRM Manager memory corruption attempt

Summary

This event is generated when an attempt to Exploit CVE-2018-4878

Impact

Attempted User Privilege Gain

CVE-2018-4878:

CVSS base score 9.8

CVSS impact score 5.9

CVSS exploitability score 3.9

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Detailed information

CVE-2018-4878: A use-after-free vulnerability was discovered in Adobe Flash Player before 28.0.0.161. This vulnerability occurs due to a dangling pointer in the Primetime SDK related to media player handling of listener objects. A successful attack can lead to arbitrary code execution. This was exploited in the wild in January and February 2018.

Affected systems

  • adobe flash_player -
  • adobe flash_player 2
  • adobe flash_player 3
  • adobe flash_player 4
  • adobe flash_player 5
  • adobe flash_player 6
  • adobe flash_player 6.0.21.0
  • adobe flash_player 6.0.79
  • adobe flash_player 7
  • adobe flash_player 7.0
  • adobe flash_player 7.0.1
  • adobe flash_player 7.0.14.0
  • adobe flash_player 7.0.19.0
  • adobe flash_player 7.0.24.0
  • adobe flash_player 7.0.25
  • adobe flash_player 7.0.53.0
  • adobe flash_player 7.0.60.0
  • adobe flash_player 7.0.61.0
  • adobe flash_player 7.0.63
  • adobe flash_player 7.0.66.0
  • adobe flash_player 7.0.67.0
  • adobe flash_player 7.0.68.0
  • adobe flash_player 7.0.69.0
  • adobe flash_player 7.0.70.0
  • adobe flash_player 7.0.73.0
  • adobe flash_player 7.1
  • adobe flash_player 7.1.1
  • adobe flash_player 7.2
  • adobe flash_player 8
  • adobe flash_player 8.0
  • adobe flash_player 8.0.22.0
  • adobe flash_player 8.0.24.0
  • adobe flash_player 8.0.33.0
  • adobe flash_player 8.0.34.0
  • adobe flash_player 8.0.35.0
  • adobe flash_player 8.0.39.0
  • adobe flash_player 8.0.42.0
  • adobe flash_player 9
  • adobe flash_player 9.0
  • adobe flash_player 9.0.8.0
  • adobe flash_player 9.0.9.0
  • adobe flash_player 9.0.16
  • adobe flash_player 9.0.18d60
  • adobe flash_player 9.0.20
  • adobe flash_player 9.0.20.0
  • adobe flash_player 9.0.28
  • adobe flash_player 9.0.28.0
  • adobe flash_player 9.0.31
  • adobe flash_player 9.0.31.0
  • adobe flash_player 9.0.45.0
  • adobe flash_player 9.0.47.0
  • adobe flash_player 9.0.48.0
  • adobe flash_player 9.0.112.0
  • adobe flash_player 9.0.114.0
  • adobe flash_player 9.0.115.0
  • adobe flash_player 9.0.124.0
  • adobe flash_player 9.0.125.0
  • adobe flash_player 9.0.151.0
  • adobe flash_player 9.0.152.0
  • adobe flash_player 9.0.155.0
  • adobe flash_player 9.0.159.0
  • adobe flash_player 9.0.246.0
  • adobe flash_player 9.0.260.0
  • adobe flash_player 9.0.262.0
  • adobe flash_player 9.0.277.0
  • adobe flash_player 9.0.280
  • adobe flash_player 9.0.283.0
  • adobe flash_player 9.125.0
  • adobe flash_player 10
  • adobe flash_player 10.0.0.584
  • adobe flash_player 10.0.2.54
  • adobe flash_player 10.0.12.10
  • adobe flash_player 10.0.12.36
  • adobe flash_player 10.0.15.3
  • adobe flash_player 10.0.22.87
  • adobe flash_player 10.0.32.18
  • adobe flash_player 10.0.42.34
  • adobe flash_player 10.0.45.2
  • adobe flash_player 10.1
  • adobe flash_player 10.1.52.14
  • adobe flash_player 10.1.52.14.1
  • adobe flash_player 10.1.52.15
  • adobe flash_player 10.1.53.64
  • adobe flash_player 10.1.82.76
  • adobe flash_player 10.1.85.3
  • adobe flash_player 10.1.92.8
  • adobe flash_player 10.1.92.10
  • adobe flash_player 10.1.95.1
  • adobe flash_player 10.1.95.2
  • adobe flash_player 10.1.102.64
  • adobe flash_player 10.1.105.6
  • adobe flash_player 10.1.106.16
  • adobe flash_player 10.1.106.17
  • adobe flash_player 10.2.152
  • adobe flash_player 10.2.152.26
  • adobe flash_player 10.2.152.32
  • adobe flash_player 10.2.152.33
  • adobe flash_player 10.2.153.1
  • adobe flash_player 10.2.154.13
  • adobe flash_player 10.2.154.25
  • adobe flash_player 10.2.156.12
  • adobe flash_player 10.2.157.51
  • adobe flash_player 10.2.159.1
  • adobe flash_player 10.3.181.14
  • adobe flash_player 10.3.181.16
  • adobe flash_player 10.3.181.22
  • adobe flash_player 10.3.181.23
  • adobe flash_player 10.3.181.26
  • adobe flash_player 10.3.181.34
  • adobe flash_player 10.3.183.5
  • adobe flash_player 10.3.183.7
  • adobe flash_player 10.3.183.10
  • adobe flash_player 10.3.183.11
  • adobe flash_player 10.3.183.15
  • adobe flash_player 10.3.183.16
  • adobe flash_player 10.3.183.18
  • adobe flash_player 10.3.183.19
  • adobe flash_player 10.3.183.20
  • adobe flash_player 10.3.183.23
  • adobe flash_player 10.3.183.25
  • adobe flash_player 10.3.183.29
  • adobe flash_player 10.3.183.43
  • adobe flash_player 10.3.183.48
  • adobe flash_player 10.3.183.50
  • adobe flash_player 10.3.183.51
  • adobe flash_player 10.3.183.61
  • adobe flash_player 10.3.183.63
  • adobe flash_player 10.3.183.67
  • adobe flash_player 10.3.183.68
  • adobe flash_player 10.3.183.75
  • adobe flash_player 10.3.183.86
  • adobe flash_player 10.3.185.22
  • adobe flash_player 10.3.185.24
  • adobe flash_player 10.3.186.3
  • adobe flash_player 10.3.186.6
  • adobe flash_player 10.3.186.7
  • adobe flash_player 11.0
  • adobe flash_player 11.0.1.152
  • adobe flash_player 11.0.1.153
  • adobe flash_player 11.1
  • adobe flash_player 11.1.102.55
  • adobe flash_player 11.1.102.59
  • adobe flash_player 11.1.102.62
  • adobe flash_player 11.1.102.63
  • adobe flash_player 11.1.111.8
  • adobe flash_player 11.1.111.44
  • adobe flash_player 11.1.111.50
  • adobe flash_player 11.1.111.54
  • adobe flash_player 11.1.111.64
  • adobe flash_player 11.1.111.73
  • adobe flash_player 11.1.115.7
  • adobe flash_player 11.1.115.34
  • adobe flash_player 11.1.115.48
  • adobe flash_player 11.1.115.54
  • adobe flash_player 11.1.115.58
  • adobe flash_player 11.1.115.59
  • adobe flash_player 11.1.115.63
  • adobe flash_player 11.1.115.69
  • adobe flash_player 11.1.115.81
  • adobe flash_player 11.2.202.223
  • adobe flash_player 11.2.202.228
  • adobe flash_player 11.2.202.233
  • adobe flash_player 11.2.202.235
  • adobe flash_player 11.2.202.236
  • adobe flash_player 11.2.202.238
  • adobe flash_player 11.2.202.243
  • adobe flash_player 11.2.202.251
  • adobe flash_player 11.2.202.258
  • adobe flash_player 11.2.202.261
  • adobe flash_player 11.2.202.262
  • adobe flash_player 11.2.202.270
  • adobe flash_player 11.2.202.273
  • adobe flash_player 11.2.202.275
  • adobe flash_player 11.2.202.280
  • adobe flash_player 11.2.202.285
  • adobe flash_player 11.2.202.291
  • adobe flash_player 11.2.202.297
  • adobe flash_player 11.2.202.310
  • adobe flash_player 11.2.202.327
  • adobe flash_player 11.2.202.332
  • adobe flash_player 11.2.202.335
  • adobe flash_player 11.2.202.336
  • adobe flash_player 11.2.202.341
  • adobe flash_player 11.2.202.346
  • adobe flash_player 11.2.202.350
  • adobe flash_player 11.2.202.356
  • adobe flash_player 11.2.202.359
  • adobe flash_player 11.2.202.378
  • adobe flash_player 11.2.202.394
  • adobe flash_player 11.2.202.411
  • adobe flash_player 11.2.202.418
  • adobe flash_player 11.2.202.424
  • adobe flash_player 11.2.202.425
  • adobe flash_player 11.2.202.429
  • adobe flash_player 11.2.202.438
  • adobe flash_player 11.2.202.440
  • adobe flash_player 11.2.202.442
  • adobe flash_player 11.2.202.451
  • adobe flash_player 11.2.202.460
  • adobe flash_player 11.2.202.466
  • adobe flash_player 11.2.202.468
  • adobe flash_player 11.2.202.475
  • adobe flash_player 11.2.202.491
  • adobe flash_player 11.2.202.535
  • adobe flash_player 11.2.202.548
  • adobe flash_player 11.2.202.554
  • adobe flash_player 11.2.202.559
  • adobe flash_player 11.2.202.569
  • adobe flash_player 11.2.202.577
  • adobe flash_player 11.2.202.626
  • adobe flash_player 11.2.202.632
  • adobe flash_player 11.2.202.637
  • adobe flash_player 11.3.300.257
  • adobe flash_player 11.3.300.262
  • adobe flash_player 11.3.300.265
  • adobe flash_player 11.3.300.268
  • adobe flash_player 11.3.300.270
  • adobe flash_player 11.3.300.271
  • adobe flash_player 11.3.300.273
  • adobe flash_player 11.4.402.265
  • adobe flash_player 11.4.402.278
  • adobe flash_player 11.4.402.287
  • adobe flash_player 11.5.502.110
  • adobe flash_player 11.5.502.135
  • adobe flash_player 11.5.502.136
  • adobe flash_player 11.5.502.146
  • adobe flash_player 11.5.502.149
  • adobe flash_player 11.6.602.167
  • adobe flash_player 11.6.602.168
  • adobe flash_player 11.6.602.171
  • adobe flash_player 11.6.602.180
  • adobe flash_player 11.7.700.169
  • adobe flash_player 11.7.700.202
  • adobe flash_player 11.7.700.203
  • adobe flash_player 11.7.700.224
  • adobe flash_player 11.7.700.225
  • adobe flash_player 11.7.700.232
  • adobe flash_player 11.7.700.242
  • adobe flash_player 11.7.700.252
  • adobe flash_player 11.7.700.257
  • adobe flash_player 11.7.700.260
  • adobe flash_player 11.7.700.261
  • adobe flash_player 11.7.700.269
  • adobe flash_player 11.7.700.272
  • adobe flash_player 11.7.700.275
  • adobe flash_player 11.7.700.279
  • adobe flash_player 11.8.800.94
  • adobe flash_player 11.8.800.97
  • adobe flash_player 11.8.800.168
  • adobe flash_player 11.9.900.117
  • adobe flash_player 11.9.900.152
  • adobe flash_player 11.9.900.170
  • adobe flash_player 12.0.0.38
  • adobe flash_player 12.0.0.41
  • adobe flash_player 12.0.0.43
  • adobe flash_player 12.0.0.44
  • adobe flash_player 12.0.0.70
  • adobe flash_player 12.0.0.77
  • adobe flash_player 13.0.0.182
  • adobe flash_player 13.0.0.201
  • adobe flash_player 13.0.0.206
  • adobe flash_player 13.0.0.214
  • adobe flash_player 13.0.0.223
  • adobe flash_player 13.0.0.231
  • adobe flash_player 13.0.0.250
  • adobe flash_player 13.0.0.252
  • adobe flash_player 13.0.0.258
  • adobe flash_player 13.0.0.260
  • adobe flash_player 13.0.0.262
  • adobe flash_player 13.0.0.264
  • adobe flash_player 13.0.0.289
  • adobe flash_player 13.0.0.292
  • adobe flash_player 14.0.0.125
  • adobe flash_player 14.0.0.145
  • adobe flash_player 15.0.0.189
  • adobe flash_player 15.0.0.239
  • adobe flash_player 16.0.0.234
  • adobe flash_player 16.0.0.257
  • adobe flash_player 16.0.0.287
  • adobe flash_player 16.0.0.296
  • adobe flash_player 16.0.0.305
  • adobe flash_player 17.0.0.134
  • adobe flash_player 17.0.0.169
  • adobe flash_player 17.0.0.188
  • adobe flash_player 18.0.0.161
  • adobe flash_player 18.0.0.194
  • adobe flash_player 18.0.0.209
  • adobe flash_player 18.0.0.261
  • adobe flash_player 18.0.0.268
  • adobe flash_player 18.0.0.324
  • adobe flash_player 18.0.0.326
  • adobe flash_player 18.0.0.333
  • adobe flash_player 18.0.0.343
  • adobe flash_player 18.0.0.352
  • adobe flash_player 18.0.0.360
  • adobe flash_player 18.0.0.366
  • adobe flash_player 19.0.0.185
  • adobe flash_player 19.0.0.207
  • adobe flash_player 19.0.0.226
  • adobe flash_player 19.0.0.245
  • adobe flash_player 20.0.0.228
  • adobe flash_player 20.0.0.235
  • adobe flash_player 20.0.0.286
  • adobe flash_player 20.0.0.306
  • adobe flash_player 21.0.0.97
  • adobe flash_player 21.0.0.213
  • adobe flash_player 21.0.0.226
  • adobe flash_player 21.0.0.242
  • adobe flash_player 22.0.0.192
  • adobe flash_player 22.0.0.211
  • adobe flash_player 23.0.0.185
  • adobe flash_player 23.0.0.207
  • adobe flash_player 24.0.0.186
  • adobe flash_player 24.0.0.194
  • adobe flash_player 24.0.0.221
  • adobe flash_player 26.0.0.137
  • redhat enterpriselinuxdesktop 6.0
  • redhat enterpriselinuxserver 6.0
  • redhat enterpriselinuxworkstation 6.0

Ease of attack

CVE-2018-4878:

Access Vector

Access Complexity

Authentication

False positives

None Known

False negatives

None Known

Corrective action

Contributors

  • Cisco's Talos Intelligence Group

Additional References

  • helpx.adobe.com/security/products/flash-player/apsb18-03.html