Zero-day vulnerability in Adobe Flash Player


Vulnerability exploitation was spotted by several security companies. The attack was detected on November 29, 2018 and seems to be executed by a Ukrainian APT group UA-APT.

360 Core Security dubbed the attack "Operation Poison Needles".

Vulnerability details

Advisory: SB2018120508 - Multiple vulnerabilities in Adobe Flash Player

Vulnerable component: Adobe Flash Player

CVE-ID: CVE-2018-15982

CVSSv3 score: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C

CWE-ID: CWE-416 - Use After Free


The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when processing SWF files. A remote attacker can create a specially crafted .swf file, trick the victim to open it and execute arbitrary code on system with privileges of the current user.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Note: this vulnerability is being exploited in the wild.

Known APT campaigns:

Operation Poison Needles

A targeted attack against Russian medical institution FSBI тАЬPolyclinic No.2тАЭ, affiliated to the Presidential Administration of Russia. The attack was spotted on the evening of November 29, 2018 by several threat intelligence companies.

A Microsoft Word document with embedded exploit for zero-day vulnerability was uploaded to VirusTotal from a Ukrainian IP address.