Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Critical vulnerability in Adobe Flash Player 28.0.0.137 and earlier

03 Feb 2018   #1
Brink

64-bit Windows 10 Pro
 
 
Critical vulnerability in Adobe Flash Player 28.0.0.137 and earlier

Quote:
Security Advisory for Flash Player | APSA18-01

Bulletin ID: APSA18-01

Date Published: February 1, 2018

Priority: 1

Summary

A critical vulnerability (CVE-2018-4878) exists in Adobe Flash Player 28.0.0.137 and earlier versions. Successful exploitation could potentially allow an attacker to take control of the affected system.

Adobe is aware of a report that an exploit for CVE-2018-4878 exists in the wild, and is being used in limited, targeted attacks against Windows users. These attacks leverage Office documents with embedded malicious Flash content distributed via email.

Adobe will address this vulnerability in a release planned for the week of February 5.

For the latest information, users may monitor the Adobe Product Security Incident Response Team blog.

Affected Product Versions

Product: Adobe Flash Player Desktop Runtime
Version: 28.0.0.137 and earlier versions
Platform: Windows, Macintosh

Product: Adobe Flash Player for Google Chrome
Version: 28.0.0.137 and earlier versions
Platform: Windows, Macintosh, Linux and Chrome OS

Product: Adobe Flash Player for Microsoft Edge and Internet Explorer 11
Version: 28.0.0.137 and earlier versions
Platform: Windows 10 and 8.1

Product: Adobe Flash Player Desktop Runtime
Version: 28.0.0.137 and earlier versions
Platform: Linux

To verify the version of Adobe Flash Player installed on your system, access the About Flash Player page, or right- click on content running in Flash Player and select "About Adobe (or Macromedia) Flash Player" from the menu. If you use multiple browsers, perform the check for each browser you have installed on your system.

Mitigations

Beginning with Flash Player 27, administrators have the ability to change Flash Player's behavior when running on Internet Explorer on Windows 7 and below by prompting the user before playing SWF content. For more details, see this administration guide.

Administrators may also consider implementing Protected View for Office. Protected View opens a file marked as potentially unsafe in Read-only mode.

Vulnerability details

Vulnerability Category: Use-after-free

Vulnerability Impact: Remote Code Execution

Severity: Critical

CVE Number: CVE-2018-4878


Acknowledgments

Adobe would like to thank KrCERT/CC for reporting this issue and for working with Adobe to help protect our customers.


Source: Adobe Security Advisory


Latest Version of Adobe Flash Player - Windows 10 Forums


My System SpecsSystem Spec
.
03 Feb 2018   #2
Ranger4

Windows 7 Home Premium 64 bit sp1
 
 

I looked for the Adobe Flash player update in Browsers & Mail, where it usually is & was surprised there was no mention. So I clicked on Brink's link to Windows 10 Forums & then to clicked on the link to "Adobe Flash Player - Downloads" & downloaded & installed Adobe Flash Player version 28.0.0.137 for IE11 & for Chrome & Opera to suit the browsers I use.
My System SpecsSystem Spec
03 Feb 2018   #3
lehnerus2000

W7 Ultimate SP1, LM18.3 MATE, W10 Home, #All 64 bit
 
 

Quote   Quote: Originally Posted by Ranger4 View Post
I looked for the Adobe Flash player update in Browsers & Mail, where it usually is & was surprised there was no mention. So I clicked on Brink's link to Windows 10 Forums & then to clicked on the link to "Adobe Flash Player - Downloads" & downloaded & installed Adobe Flash Player version 28.0.0.137 for IE11 & for Chrome & Opera to suit the browsers I use.
Adobe Flash Player v28.0.0.137 has the vulnerability.
Quote:
A critical vulnerability (CVE-2018-4878) exists in Adobe Flash Player 28.0.0.137 and earlier versions. Successful exploitation could potentially allow an attacker to take control of the affected system.
https://helpx.adobe.com/security/pro...apsa18-01.html
They haven't released a fixed version yet.
My System SpecsSystem Spec
.

03 Feb 2018   #4
Ranger4

Windows 7 Home Premium 64 bit sp1
 
 

Thanks for that & I stand corrected, my mistake.

Hopefully a fix will come through very soon.
My System SpecsSystem Spec
04 Feb 2018   #5
Lenms

Windows 7 Professional x64
 
 

Any effect on Firefox 57+ ?

Thanks,
Lenms
My System SpecsSystem Spec
04 Feb 2018   #6
lehnerus2000

W7 Ultimate SP1, LM18.3 MATE, W10 Home, #All 64 bit
 
 

Quote   Quote: Originally Posted by Lenms View Post
Any effect on Firefox 57+ ?
You'll potentially be vulnerable to the Flash issue if you have Flash installed. :)

Script Blockers may protect you by blocking Flash, but if you enable Flash "all bets are off".
My System SpecsSystem Spec
05 Feb 2018   #7
Anak

Microsoft Community Contributor Award Recipient

Win 7 Home Premium 64bit Ver 6.1.7600 Build 7601 - SP1
 
 

I had the checkmark next to Block dangerous and intrusive Flash content checked and set to always ask but since this newest security hole I've set it to never activate.
  • FF v58.0.1 Tools >Options >Plugins
Critical vulnerability in Adobe Flash Player 28.0.0.137 and earlier-flash.png


My System SpecsSystem Spec
06 Feb 2018   #8
BrightBlessings

Win7 Pro-64 Bit
 
 

Version 28.0.0.161 Available

Offline installers

IE-http://fpdownload.macromedia.com/pub/flashplayer/latest/help/install_flash_player_ax.exe

Firefox=http://fpdownload.macromedia.com/pub/flashplayer/latest/help/install_flash_player.exe
My System SpecsSystem Spec
06 Feb 2018   #9
Anak

Microsoft Community Contributor Award Recipient

Win 7 Home Premium 64bit Ver 6.1.7600 Build 7601 - SP1
 
 

Thanks BrightBlessings,

I'll keep updating just in case there's a site that hasn't changed over to HTML5, Canvas and CSS3, but I'm going to leave them both deactivated. I'm finding more an more that I don't need flash.

btw..Check your settings for add-ons. The update changed my never activate to ask to activate.
My System SpecsSystem Spec
06 Feb 2018   #10
Brink

64-bit Windows 10 Pro
 
 

New Adobe Flash Player WHQL 28.0.0.161 is now officially available. :)

Latest Version of Adobe Flash Player - Windows 7 Help Forums
My System SpecsSystem Spec
Reply

 Critical vulnerability in Adobe Flash Player 28.0.0.137 and earlier




Thread Tools




Similar help and support threads
Thread Forum
Critical Update: Adobe Flash Player
An Adobe Security Bulletin has been posted to address critical security issues in Adobe Flash Player, referenced in Security Advisory APSA10-01. This Security Bulletin affects Flash Player versions 10.0.45.2 and earlier, as well as AIR versions 1.5.3.9130 and earlier.Although Adobe...
News
New 0-day vulnerability in Adobe´s Flash Player, Reader & Acrobat
hi ! i got a flash-message from SITIC, (the Swedish IT-Incident Center), there is a new 0-day vulnerability in Adobe´s Flash Player, Reader & Acrobat ! info from Adobe: "Security Advisory for Flash Player, Adobe Reader and Acrobat Release date: June 4, 2010 ...
System Security
Critical vulnerability found in Adobe Flash Player
more..
News


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 12:13.
Twitter Facebook Google+