Type Confusion Vulnerability in Adobe Flash Player
CVE-2018-4945

8.8HIGH

Key Information:

Vendor
Adobe
Status
Adobe Flash Player 29.0.0.171 And Earlier Versions
Vendor
CVE Published:
9 July 2018

Summary

Adobe Flash Player is susceptible to a Type Confusion vulnerability present in versions 29.0.0.171 and earlier. This issue arises when the application incorrectly handles objects, which allows for arbitrary code execution within the user context. If exploited, this vulnerability could enable attackers to execute malicious code on an affected system, posing a significant risk to user security. Users are encouraged to update to the latest version of Adobe Flash Player to mitigate potential threats.

Affected Version(s)

Adobe Flash Player 29.0.0.171 and earlier Adobe Flash Player 29.0.0.171 and earlier versions

References

https://access.redhat.com/errata/RHSA-2018:1827
vendor-advisoryx_refsource_REDHAT
http://www.securitytracker.com/id/1041058
vdb-entryx_refsource_SECTRACK
https://helpx.adobe.com/security/products/flash-player/ap...
x_refsource_MISC

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.