Adobe Zero day Exploit arbitrary code execution

Reference: CERT.be Advisory #2018-019
Version: 1.0
Reference: CVE-2018-5002
CVSS: Unknown at this time but ranked as critical
Affected software: Adobe Flash Player Desktop Runtime, Adobe Flash Player for Google Chrome, Adobe Flash Player for Microsoft Edge and Internet Explorer 11
Type: Arbitrary code execution in the context of the current user.

Sources

https://helpx.adobe.com/security/products/flash-player/apsb18-19.html

Risks

Its exploitation could allow an attacker to execute malicious code in the context of the current user. This vulnerability is known to be already exploited.

Description

The team “Qihoo 360” found this vulnerability. An attacker could create a special Office document that, once opened, would load the flash Active-X plug-in that contains the vulnerability. It can be used to download and execute malicious code from remote servers for example.
A proof of concept is available on Qihoo 360 blog (see references).
The affected products are the following :
• Adobe Flash Player Desktop Runtime, 29.0.0.171 and earlier versions on Windows, macOS and Linux
• Adobe Flash Player for Google Chrome, 29.0.0.171 and earlier versions on Windows, macOS, Linux and Chrome OS
• Adobe Flash Player for Microsoft Edge and Internet Explorer 11, 29.0.0.171 and earlier versions on Windows 10 and 8.1

Recommended actions

CERT.be recommends users to always keep their systems up to date. Please be advised that Flash is part of Windows 10 and that it cannot be removed.
https://helpx.adobe.com/security/products/flash-player/apsb18-19.html
The Flash plugin can be deactivated by following one or more of these steps :
https://www.laptopmag.com/articles/disable-flash-windows-10-edge-browser
https://support.google.com/chrome/answer/6258784
https://help.my-private-network.co.uk/support/solutions/articles/6000152...

You can also test if it’s activated using the following link :
https://helpx.adobe.com/flash-player.html

References

http://blogs.360.cn/blog/cve-2018-5002-en/