Critical vulnerability in Adobe Flash Player 28.0.0.137 and earlier

Last Updated: 06 Feb 2018 at 22:54

UPDATE 2/6: KB4074595 Security Update for Adobe Flash Player - Feb. 6 - Windows 10 Forums

Security Advisory for Flash Player | APSA18-01

Bulletin ID Date Published Priority

APSA18-01 February 1, 2018 1

Summary

A critical vulnerability (CVE-2018-4878) exists in Adobe Flash Player 28.0.0.137 and earlier versions. Successful exploitation could potentially allow an attacker to take control of the affected system.

Adobe is aware of a report that an exploit for CVE-2018-4878 exists in the wild, and is being used in limited, targeted attacks against Windows users. These attacks leverage Office documents with embedded malicious Flash content distributed via email.

Adobe will address this vulnerability in a release planned for the week of February 5.

For the latest information, users may monitor the Adobe Product Security Incident Response Team blog.

Affected Product Versions

Product Version Platform

Adobe Flash Player Desktop Runtime 28.0.0.137 and earlier versions Windows, Macintosh

Adobe Flash Player for Google Chrome 28.0.0.137 and earlier versions Windows, Macintosh, Linux and Chrome OS

Adobe Flash Player for Microsoft Edge and Internet Explorer 11 28.0.0.137 and earlier versions Windows 10 and 8.1

Adobe Flash Player Desktop Runtime 28.0.0.137 and earlier versions Linux

To verify the version of Adobe Flash Player installed on your system, access the About Flash Player page, or right- click on content running in Flash Player and select "About Adobe (or Macromedia) Flash Player" from the menu. If you use multiple browsers, perform the check for each browser you have installed on your system.

Mitigations

Beginning with Flash Player 27, administrators have the ability to change Flash Player's behavior when running on Internet Explorer on Windows 7 and below by prompting the user before playing SWF content. For more details, see this administration guide.

Administrators may also consider implementing Protected View for Office. Protected View opens a file marked as potentially unsafe in Read-only mode.

Vulnerability details

Vulnerability Category Vulnerability Impact Severity CVE Number

Use-after-free Remote Code Execution Critical CVE-2018-4878

Acknowledgments

Adobe would like to thank KrCERT/CC for reporting this issue and for working with Adobe to help protect our customers.

Source: Adobe Security Advisory

Latest Version of Adobe Flash Player - Windows 10 Forums

Posted By: Brink
03 Feb 2018

TairikuOkami

Posts : 5,452
Windows 11 Home
New 03 Feb 2018 #1
Latest beta is 28.0.0.152, not sure if it is vulnerable though.

Code:

https://labs.adobe.com/downloads/flashplayer.html
My Computer
- My Computer
Computer Type: PC/Desktop
OS: Windows 11 Home
CPU: AMD Ryzen 5 3600 with Noctua NH-U12S@700rpm (07/2019)
Motherboard: MSI B450 TOMAHAWK 7C02v1E (07/2019)
Memory: 4x 8GB ADATA XPG GAMMIX D10 DDR4 3200MHz CL16 (07/2019)
Graphics Card: MSI Radeon RX 580 ARMOR 8G OC @48FPS (08/2019)
Sound Card: Creative Sound Blaster Z (11/2016)
Monitor(s) Displays: 24" AOC G2460VQ6 (01/2019)
Screen Resolution: 1920×1080@75Hz + FreeSync (DisplayPort)
Keyboard: HP Wired Desktop 320K + Rabalux 76017 Parker
Mouse: Logitech M330 Silent Plus (04/23)
PSU: Seasonic M12II-520 80 Plus Bronze (11/2016)
Case: Lian Li PC-7NB + 3x Noctua NF-S12A FLX@700rpm (11/2016)
Hard Drives: ADATA XPG GAMMIX S11 Pro SSD 512GB (07/2019)
Internet Speed: 400/40 Mbps via RouterOS (05/2021) + TCP Optimizer
Browser: Microsoft Edge + Brave for YouTube + LibreWolf for FB
Antivirus: NoAV + Binisoft WFC + NextDNS
Other Info: Headphones: Sennheiser RS170 (09/2010)
Quote
Cliff S

Posts : 27,183
Win11 Pro, Win10 Pro N, Win10 Home, Windows 8.1 Pro, Ubuntu

New 03 Feb 2018 #2

Why don't those OneDeeTenTee's(1D10T's) just stop integrating that garbage with Win10?
My Computers
- System One
- System Two
Computer Type: PC/Desktop
System Manufacturer/Model Number: ۞ΞЖ†ԘΜΞ۞
OS: Win11 Pro, Win10 Pro N, Win10 Home, Windows 8.1 Pro, Ubuntu
CPU: Intel Core i9 9900K
Motherboard: ASUS ROG Maximus X Hero
Memory: 32 GB Quad Kit, G.Skill Trident Z RGB Series schwarz, DDR4-3866, 18-19-19-39-2T
Graphics Card: ASUS GeForce RTX 3090 ROG Strix O24G, 24576 MB GDDR6X
Sound Card: (1) HD Webcam C270 (2) NVIDIA High Definition Audio (3) Realtek High Definition Audio
Monitor(s) Displays: BenQ BL2711U(4K) and a hp 27vx(1080p)
Keyboard: Trust GTX THURA
Mouse: Trust GTX 148
PSU: Corsair HX1000i High Performance ATX Power Supply 80+ Platinum
Case: Phanteks Enthoo Pro TG
Cooling: Thermaltake Floe Riing RGB TT Premium-Edition 360mm and 2x120 Phantek& Halo front, and 1x140 Phante
Hard Drives: C: Samsung 960 EVO NVMe M.2 SSD E: & O: Libraries & OneDrive-> Samsung 850 EVO 1TB D: Hyper-V VM's -> Samsung PM951 Client M.2 512Gb SSD G: System Images -> Samsung 860 Pro 2TB
Internet Speed: 25+/5+ (+usually faster)
Browser: Edge; Chrome
Antivirus: Windows Defender of course & Malwarebytes Anti-Exploit as an added layer between browser & OS
Other Info: Router: FRITZ!Box 7590 AX V2 Sound system: SHARP HT-SBW460 Dolby Atmos Soundbar Webcam: Logitech BRIO ULTRA HD PRO WEBCAM 4K webcam with HDR

Computer Type: PC/Desktop
System Manufacturer/Model Number: Hyper-V Virtual Machine
OS: Windows 10 Insider Build - Fast Ring
CPU: 8 Virtual Processors(8 threads)
Motherboard: N/A
Memory: 8192 MB - Dynamic Memory turned on
Screen Resolution: Being a VM, it depends what size I need at a given moment;)
Hard Drives: VM is on a separate internal SSD(Samsung 850 EVO SSD)
Browser: Edge, chrome
Antivirus: Defender
Other Info: Secure Boot enabled, All Integration Services are turned on, Enhanced Session Mode selected
Quote
eLPuSHeR

Posts : 2,935
Windows 10 Home x64

New 04 Feb 2018 #3

Agreed. This is the version I have. Please let Flash Player die.
My Computer
- My Computer
Computer Type: PC/Desktop
System Manufacturer/Model Number: Gigabyte
OS: Windows 10 Home x64
CPU: Intel Core i7 5960-X
Motherboard: X99-Gaming 5
Memory: 8 GB DDR4
Graphics Card: 8 GB GeForce GTX 1070 G1 Gaming (Gigabyte)
Quote
delijohn

Posts : 14
Win10

New 05 Feb 2018 #4

Go to chrome, in chrome://components/ and force the update of flash.
Latest version is the 28.0.0.161

Last edited by delijohn; 05 Feb 2018 at 03:50.
My Computer
- My Computer
Computer Type: PC/Desktop
OS: Win10
CPU: i7
Memory: 16gb
Quote
Brink

Posts : 68,987
64-bit Windows 11 Pro for Workstations
Thread Starter

New 06 Feb 2018 #5

New Adobe Flash Player WHQL 28.0.0.161 is now officially available. :)

Latest Version of Adobe Flash Player - Windows 10 Forums
My Computers
- System One
- System Two
Computer Type: PC/Desktop
System Manufacturer/Model Number: Custom self built
OS: 64-bit Windows 11 Pro for Workstations
CPU: Intel i7-8700K 5 GHz
Motherboard: ASUS ROG Maximus XI Formula Z390
Memory: 64 GB (4x16GB) G.SKILL TridentZ RGB DDR4 3600 MHz (F4-3600C18D-32GTZR)
Graphics Card: ASUS ROG-STRIX-GTX1080TI-O11G-GAMING
Sound Card: Integrated Digital Audio (S/PDIF)
Monitor(s) Displays: 2 x Samsung Odyssey G75 27"
Screen Resolution: 2560x1440
Keyboard: Logitech wireless K800
Mouse: Logitech MX Master 3
PSU: Seasonic Prime Titanium 850W
Case: Thermaltake Core P3 wall mounted
Cooling: Corsair Hydro H115i
Hard Drives: 1TB Samsung 990 PRO M.2, 4TB Samsung 990 PRO PRO M.2, 8TB WD MyCloudEX2Ultra NAS
Internet Speed: 1 Gbps Download and 35 Mbps Upload
Browser: Google Chrome
Antivirus: Windows Defender and Malwarebytes Premium
Other Info: Logitech Z625 speaker system, Logitech BRIO 4K Pro webcam, HP Color LaserJet Pro MFP M477fdn, APC SMART-UPS RT 1000 XL - SURT1000XLI, Galaxy S23 Plus phone

View my PC Album

Computer Type: Laptop
System Manufacturer/Model Number: HP Spectre x360 2in1
OS: 64-bit Windows 10 Pro build 21390
CPU: i7-1065G7 3.9 GHz
Memory: 16 GB LPDDR4-3200
Graphics Card: Intel Iris Plus
Sound Card: Intel SST
Monitor(s) Displays: 13.3" 4K UWVA AMOLED multitouch
Screen Resolution: 3840 x 2160
Hard Drives: 512 GB PCIe NVMe M.2 SSD
Browser: Google Chrome
Antivirus: Windows Defender and Malwarebytes Premium
Quote
ThrashZone

Posts : 7,724
3-Win-7Prox64 3-Win10Prox64 3-LinuxMint20.2

New 06 Feb 2018 #6

Hi,
Yeah got to love any updates to flash in 10
MS always resets everything to default enabling everything again

I forget what win-10 apps actually use this crapware beside "edge of the cliff" no pun intended @Cliff
My Computers
- System One
- System Two
Computer Type: PC/Desktop
System Manufacturer/Model Number: Custom assembled by me :}
OS: 3-Win-7Prox64 3-Win10Prox64 3-LinuxMint20.2
CPU: i9-10900k with Optimus foundation water block
Motherboard: ASUS z490 ROG XII Maximus Apex
Memory: Trident-Z Royal 4000C16 2x16gb's
Graphics Card: Titan Xp with copper water block
Sound Card: Built in RealTek with Insignia 2.0 soundbar HSB318
Monitor(s) Displays: 1-AOC G2460PG 24"G-Sync 144Hz/ 2nd 1-ASUS VG248QE 24" 144Hz
Screen Resolution: 1920 x 1080 144Hz
Keyboard: Logitech G710+ wired
Mouse: 2-RedDragon M901 Perdition 16400 dpi Gaming mouse = wired
PSU: EVGA SuperNOVA 1000wP2 80+ PLATINUM
Case: 2-Corsair 450D case with 2nd floor for radiator
Cooling: D5 combo/ 280ce/ built in VRM copper/ 240GTX/ D5 top/ CPU Plexi copper/ GPU Plexi nickle/ Mora 360
Hard Drives: 1-970 evo 500gb M.2/ 2-850 Pro 256gb/ 2-Samsung 850 EVO 500GB SSD's/ 2-2.5 W.D. Black 750gb/3-3.5 WD Black 1tb hdd's
Internet Speed: Comcast Ping 19ms 179.31mbps download speed 6.12mbps upload
Browser: PaleMoon & Firefox
Antivirus: Malwarebytes Pro

View my PC Album

Computer Type: PC/Desktop
System Manufacturer/Model Number: Custom assembled by me :}
OS: Win-7-Prox64 10pro
CPU: i9-9940x with Optimus SigV2 water block & Heatkiller VRM Plexi copper water block
Motherboard: Asus x299 Rampage VI Apex
Memory: Trident Z 3600C16 4x8gb's F4-3600C16Q-32GTZKK
Graphics Card: 1080ti FTW3 with water block
Sound Card: Built in Realtek HD with Insignia 2.0 soundbar HSB318
Monitor(s) Displays: ASUS VG248QE 24" 144Hz
Screen Resolution: 1920x1080
Keyboard: Logitech G910 Orion Spectrum
Mouse: RedDragon M901 Perdition 16400 dpi Gaming mouse = wired
PSU: EVGA SuperNova 1200wP2 Platinum
Case: Corsair 450D Black with 2nd floor to house radiator
Cooling: D5 reservoir combo/ 280GTX/ VRM plexi copper/ 280GTX/ D5 top/ CPU plexi copper/ GPU copper/ Mora 360
Hard Drives: 1-970 Evo Plus M.2 500gb/ 850 Pro 256gb/ 2-860 Pro 250gb/ Samsung 850 Pro 256gb/ several Western digital 1tb & 750gb hdd's couple Samsung 500gb evo's
Browser: Palemoon/ Firefox
Antivirus: mbam premium

View my 2nd PC Album
Quote
reddice

Posts : 622
Windows 10 Pro x64

New 06 Feb 2018 #7

I disable flash and only enable it site by site. Some sites like Disney require crapFlash.
My Computer
- My Computer
Computer Type: PC/Desktop
System Manufacturer/Model Number: CyberPower
OS: Windows 10 Pro x64
Memory: 16 GB
Graphics Card: Nvidia GeForce GTX 1060 3GB
Sound Card: SoundBlaster Z
Screen Resolution: 2560x1440
Internet Speed: 200 mbps
Quote
Farvatten

Posts : 915
Windows 10 Pro 64bit 22H2 19045.3324

New 06 Feb 2018 #8

KB4074595 - Flash v. 28.0.0.161 just arrived on WU

KB4074595 Security Update for Adobe Flash Player - Feb. 6 - Windows 10 Forums

Last edited by Brink; 06 Feb 2018 at 22:26. Reason: added link
My Computers
- System One
- System Two
Computer Type: PC/Desktop
System Manufacturer/Model Number: Dell XPS 8500
OS: Windows 10 Pro 64bit 22H2 19045.3324
CPU: Intel Core i5-3450 CPU@ 3.10GHz
Memory: 8.00 GB
Graphics Card: Nvidia GeForce GT 640
Other Info: Macrium 8.0.6560

Computer Type: Laptop
System Manufacturer/Model Number: Dell Inspiron 5559
OS: Windows 11 Home 64bit 22H2 22621.2134
CPU: Intel Core i5-6200U CPU@ 2.40GHz
Memory: 8Gb
Other Info: Macrium 8.0.6979
Quote

Subscribe to Thread

Related Discussions

Our Sites

Site Links

About Us

Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 19:23.

Find Us

Bulletin ID	Date Published	Priority
APSA18-01	February 1, 2018	1

Product	Version	Platform
Adobe Flash Player Desktop Runtime	28.0.0.137 and earlier versions	Windows, Macintosh
Adobe Flash Player for Google Chrome	28.0.0.137 and earlier versions	Windows, Macintosh, Linux and Chrome OS
Adobe Flash Player for Microsoft Edge and Internet Explorer 11	28.0.0.137 and earlier versions	Windows 10 and 8.1
Adobe Flash Player Desktop Runtime	28.0.0.137 and earlier versions	Linux

Vulnerability Category	Vulnerability Impact	Severity	CVE Number
Use-after-free	Remote Code Execution	Critical	CVE-2018-4878

Critical vulnerability in Adobe Flash Player 28.0.0.137 and earlier

Critical vulnerability in Adobe Flash Player 28.0.0.137 and earlier

KB4074595 - Flash v. 28.0.0.161 just arrived on WU