Zero-day vulnerability in Adobe Flash Player

Vulnerability exploitation was spotted by several security companies. The attack was detected on November 29, 2018 and seems to be executed by a Ukrainian APT group UA-APT.

360 Core Security dubbed the attack "Operation Poison Needles".

Advisory: SB2018120508 - Multiple vulnerabilities in Adobe Flash Player

Vulnerable component: Adobe Flash Player

CVE-ID: CVE-2018-15982

CVSSv3 score: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C

CWE-ID: CWE-416 - Use After Free

Description:

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when processing SWF files. A remote attacker can create a specially crafted .swf file, trick the victim to open it and execute arbitrary code on system with privileges of the current user.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Note: this vulnerability is being exploited in the wild.

Operation Poison Needles

A targeted attack against Russian medical institution FSBI “Polyclinic No.2”, affiliated to the Presidential Administration of Russia. The attack was spotted on the evening of November 29, 2018 by several threat intelligence companies.

A Microsoft Word document with embedded exploit for zero-day vulnerability was uploaded to VirusTotal from a Ukrainian IP address.

External links: