Use-After-Free Vulnerability in Adobe Flash Player
CVE-2018-4932

8.8HIGH

Key Information:

Vendor
Adobe
Status
Adobe Flash Player 29.0.0.113 And Earlier Versions
Vendor
CVE Published:
19 May 2018

Summary

Adobe Flash Player versions prior to 29.0.0.114 contain a Use-After-Free vulnerability that can be exploited to execute arbitrary code in the context of the user. This flaw arises when the application fails to properly manage memory, potentially allowing an attacker to manipulate the execution flow of the application. Users are urged to update to the latest version to mitigate risks associated with this vulnerability.

Affected Version(s)

Adobe Flash Player 29.0.0.113 and earlier Adobe Flash Player 29.0.0.113 and earlier versions

References

http://www.securityfocus.com/bid/103708
vdb-entryx_refsource_BID
https://access.redhat.com/errata/RHSA-2018:1119
vendor-advisoryx_refsource_REDHAT
http://www.securitytracker.com/id/1040648
vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.