The recent zero-day vulnerability CVE-2018-15982 in Adobe Flash Player enables attackers to perform a Remote Code Execution on targeted machines. Adobe has released a security advisory APSB18-42 on December 5, 2018 to address this issue. According to Adobe, the in-wild exploit is being used in targeted attacks.<\/p>\n
Vulnerable Versions<\/b><\/strong><\/p>\n About the vulnerability<\/b><\/strong><\/p>\n This is a Use after free vulnerability in Adobe Reader which allows attackers to perform a Remote Code Execution on targeted machines. The vulnerability allows for a maliciously crafted Flash object to execute code on a victim\u2019s computer, which enables an attacker to gain command line access to the system. After successful exploitation, attackers can take control of the vulnerable system and executes extracted malware.<\/p>\n Reportedly, the vulnerability is currently being exploited in the wild through a malicious Office document. This Office document is an initial attack vector which executes malicious Flash file. According to the advisory, the malicious office document was spread via spear-phishing attack.<\/p>\n Quick Heal <\/b><\/strong>D<\/b><\/strong>etection <\/b><\/strong><\/p>\n Quick Heal has released the following detection for the vulnerability CVE-2018-15982:<\/p>\n Quick Heal Security Labs is actively looking for new in-the-wild exploits for this vulnerability and ensuring coverage for them.<\/p>\n\n
\n