1 February 2018

Zero-day vulnerability in Adobe Flash Player

Zero-day vulnerability in Adobe Flash Player

The South Korean Computer Emergency Response Team (KR-CERT) issued a security alert warning about zero-day vulnerability in the latest version of Adobe Flash Player 28.0.0.137.

According to the South Korean security firm Hauri Inc., the exploitation was detected in mid-November 2017. The attackers used Microsoft Excel files with embedded .swf document, which contained a malicious payload.

Screenshot of the malicious document looks as follows:

As for now there are no official comments on the issue from Adobe. We will keep an eye on this vulnerability and update our advisories accordingly:

https://www.cybersecurity-help.cz/vdb/SB2018020120

https://www.zero-day.cz/database/484/

This is a second zero-day vulnerability in 2018. The first one (CVE-2018-0802) was revealed by Microsoft in January.

Back to the list

Latest Posts

Remote code execution in NetBSD – nasty and potentially wormable bug

Remote code execution in NetBSD – nasty and potentially wormable bug

NetBSD users are advised to install patched ASAP.
12 February 2018
Zero-day vulnerability in Adobe Flash Player

Zero-day vulnerability in Adobe Flash Player

Second zero-day this year. No remedy available.
1 February 2018
Jackpotting: Weird Attack On ATM

Jackpotting: Weird Attack On ATM

Jackpotting requires not only technical skills and great coordination but also acting skills, audacity and composure.
30 January 2018