1 February 2018

Zero-day vulnerability in Adobe Flash Player

Zero-day vulnerability in Adobe Flash Player

The South Korean Computer Emergency Response Team (KR-CERT) issued a security alert warning about zero-day vulnerability in the latest version of Adobe Flash Player 28.0.0.137.

According to the South Korean security firm Hauri Inc., the exploitation was detected in mid-November 2017. The attackers used Microsoft Excel files with embedded .swf document, which contained a malicious payload.

Screenshot of the malicious document looks as follows:

As for now there are no official comments on the issue from Adobe. We will keep an eye on this vulnerability and update our advisories accordingly:

https://www.cybersecurity-help.cz/vdb/SB2018020120

https://www.zero-day.cz/database/484/

This is a second zero-day vulnerability in 2018. The first one (CVE-2018-0802) was revealed by Microsoft in January.

Back to the list

Latest Posts

Microsoft patches for June 2018

Microsoft patches for June 2018

50 vulnerabilities patched, some of them are potentially wormable.
13 June 2018
VPNFilter, attacks on routers and why external scanning is essential for security

VPNFilter, attacks on routers and why external scanning is essential for security

How to protect your router from VPNFilter and other attacks.
8 June 2018
New zero-day in Adobe Flash Player heavily exploited in the Middle East

New zero-day in Adobe Flash Player heavily exploited in the Middle East

Users in Doha and Qatar suffered from a targeted attack.
7 June 2018