Identified as CVE-2018-15982, this vulnerability is being found in Adobe Flash Player version 220.127.116.11 as well as older products such as Flash Player Desktop Runtime, Flash Player for Google Chrome, Microsoft Edge and Internet Explorer 11. Adobe Flash Player Installer versions 18.104.22.168 and earlier have also been named. It is recognized as a use-after-free flaw being exploited in the wild and if it exploits Flash Player successfully, arbitrary code can be executed and allow the attacker to gain full control of the system. Researchers discovered the exploit last week in Microsoft Office documents which posed as employment applications for Russian healthcare clinics and contained the planted Flash Active X in the header. When the user opened it, Flash player was exploited. Despite discovering this, neither the Office file or the Flash exploit contained the system take over. Instead, the final payload is an image file (scan042.jpg) which has been placed inside a WinRAR archive to be used in certain attacks such as spear-phishing emails amongst other methods. Updated version 22.214.171.124 has been released to patch all of the affected models.
By Akshay Rohatgi and Randy Pargman About this Student Research Project Binary Defense’s mission is