APSA18-01 Security Advisory for Adobe Flash Player on 02 Feb. 2018

APSA18-01 Security Advisory for Adobe Flash Player on 02 Feb. 2018

APSA18-01 Security Advisory for Adobe Flash Player が更新されました。最新の更新プログラムが配信されていない状況で、Security Advisory だけが更新、改訂されるのは異例の状況です。

十分な注意をして下さい。最新の更新プログラムが配信されるまでは、メールに添付されているファイルを開かない、さらにAdobe Flash Player を無効にするなどの対策が必要です。

APSA18-01 Security Advisory for Adobe Flash Player

Adobe Security Bulletin

Bulletin ID APSB18-01
Date Published February 1, 2018
Priority 1

Summary

A critical vulnerability (CVE-2018-4878) exists in Adobe Flash Player 28.0.0.137 and earlier versions. Successful exploitation could potentially allow an attacker to take control of the affected system.

Adobe is aware of a report that an exploit for CVE-2018-4878 exists in the wild, and is being used in limited, targeted attacks against Windows users. These attacks leverage Office documents with embedded malicious Flash content distributed via email.

Adobe will address this vulnerability in a release planned for the week of February 5.

Vulnerability Category Use-after-free
Vulnerability Impact Remote Code Execution
Severity Critical
CVE Numbers CVE-2018-4878

Security Advisory for Adobe Flash Player

A Security Advisory (APSA18-01) has been published regarding a critical vulnerability (CVE-2018-4878) in Adobe Flash Player. Adobe is aware of a report that an exploit for CVE-2018-4878 exists in the wild, and is being used in limited, targeted attacks against Windows users. These attacks leverage Office documents with embedded malicious Flash content distributed via email.

Adobe will address this vulnerability in a release planned for the week of February 5.

A Security Bulletin (APSB18-01) has been published regarding security updates for Adobe Flash Player. These updates address an important out-of-bounds read vulnerability that could lead to information disclosure, and Adobe recommends users update their product installations to the latest versions using the instructions referenced in the security bulletin.

  • 実験、検証環境
  • The environment of confirmation and experiment
  • Windows XP Pro SP3 x86 : ASUS P5W-DH-DX, ASUS P5QL-E
  • Windows 7 Pro sp1 x86 : ASUS P8Z77-M Pro, HP ProBook 5310m : Strict No_GWX
  • Windows 8.1 Pro x64 : 富士通 (Fujitsu) LifeBook S762/F, P772/G : Strict No_GWX
  • Windows 10 Pro x64 : 富士通 (Fujitsu) LifeBook S762/F
  • Strict No_GWX : Windows 10の広告、遠隔診断を取り除いた機体用

Issued by Volitional Engineering
( winveg.com ) on 02 Feb. 2017

Pocket