NA

CVE-2018-15982

Vulnerability Trend

Github Repositories

penetration tools Twitter: @Hktalent3135773 ||| ||| how install # mac os brew install node # linux apt install nodejs node yum install nodejs node mkdir ~/safe && cd ~/safe git clone https://github.com/hktalent/myhktools.git cd myhktools sh ./install.sh node checkUrl.js -h New features # how use exploit CVE-2018-15982 ? py2 tools/replaceBin.py

CVE-2018-15982_PoC CVE-2018-15982_PoC

Adobe Flash CVE-2018-15982 Script to dynamically create swf payload. The script creates a swf payload which is based off of the PoC payload from https://github.com/smgorelik/Windows-RCE-exploits. The vulnerability is a use-after-free flaw enabling arbitrary code-execution in Flash. More information can be found here. https://threatpost.com/adobe-patches-zero-day-vulnerability

CVE-2018-15982_EXP Usage msfvenom -p windows/exec cmd=notepad.exe -f raw > 86.bin msfvenom -p windows/x64/exec cmd=notepad.exe -f raw > 64.bin python CVE_2018_15982.py -i 86.bin -I 64.bin output exp.swf and index.html。 Demo https://twitter.com/Evi1cg/status/1071284773169950721

Adobe Flash CVE-2018-15982 This script creates a swf payload for CVE-2018-15982, which is based off of the PoC from https://github.com/smgorelik/Windows-RCE-exploits. The vulnerability was discovered by Chenming Xu and Ed Miles of Gigamon ATR. The vulnerability is a use-after-free flaw enabling arbitrary code-execution in Flash. More information can be found in the links belo

CVE-2018-15982_EXP Usage msfvenom -p windows/exec cmd=notepad.exe -f raw > 86.bin msfvenom -p windows/x64/exec cmd=notepad.exe -f raw > 64.bin python CVE_2018_15982.py -i 86.bin -I 64.bin output exp.swf and index.html。 Demo https://twitter.com/Evi1cg/status/1071284773169950721

Credits @Ridter https://github.com/Ridter/CVE-2018-15982_EXP @prsecurity https://github.com/prsecurity/CVE-2018-15982 Description Aggressor Script to launch an Internet Explorer driveby attack using CVE-2018-15982 exploit for Flash player. Usage: Click Host > Host CVE-2018-15982 Payload > Host Send link to victim or embed as part of other pages or a redirect Vi

CVE-2018-15982 Flash sources for CVE-2018-15982 used by NK this is a dump of a fully weaponized activex obj used by NK https://threatpost.com/adobe-patches-zero-day-vulnerability-in-flash-player/139629/ Payloads are in Class 6 and 7

Exploit CVE-2018-15982

Recent Articles

Adobe December 2018 Security Update Fixes Reader, Acrobat
Threatpost • Tara Seals • 11 Dec 2018

Adobe has patched 88 vulnerabilities for Acrobat and Reader in its December Patch Tuesday update, including a slew of critical flaws that would allow arbitrary code-execution.
The scheduled update comes less than a week after Adobe released several out-of-band fixes for Flash Player, including a critical vulnerability (CVE-2018-15982) that it said is being exploited in the wild. That’s a use-after-free flaw enabling arbitrary code-execution in Flash.
The addressed critical vulnerab...

Adobe Flash Zero-Day Leveraged Via Office Docs in Campaign
Threatpost • Lindsey O'Donnell • 05 Dec 2018

An Adobe Flash Player zero-day exploit has been spotted in the wild as part of a widespread campaign, researchers said on Wednesday.
Adobe has just issued a patch for the previously unknown critical flaw.
The vulnerability, CVE-2018-15982, is a use-after-free flaw enabling arbitrary code execution in Flash. Researchers with Gigamon Applied Threat Research said the zero-day in Flash was being exploited via a Microsoft Office document dubbed “22.docx.”
Researchers said the d...

Adobe Patches Zero-Day Vulnerability in Flash Player
Threatpost • Lindsey O'Donnell • 05 Dec 2018

Adobe on Wednesday released several unscheduled fixes for Flash Player, including a critical vulnerability that it said is being exploited in the wild.
The critical vulnerability, CVE-2018-15982, is a use-after-free flaw enabling arbitrary code-execution in Flash.
“Adobe has released security updates for Adobe Flash Player for Windows, macOS, Linux and Chrome OS,” Adobe said in its release. “These updates address one critical vulnerability in Adobe Flash Player and one importan...