CVE-2018-15983 — Untrusted Search Path in Adobe Flash Player

CWE-426 — Untrusted Search Path8 documents7 sources

Severity

7.8HIGHNVD

EPSS

0.5%

top 32.98%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Adobe Flash Player

Timeline

PublishedJan 18

Latest updateMay 14

Description

Flash Player versions 31.0.0.153 and earlier, and 31.0.0.108 and earlier have an insecure library loading (dll hijacking) vulnerability. Successful exploitation could lead to privilege escalation.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages1 packages

▶NVDadobe/flash_player31.0.0.153

Patches

Patch: helpx.adobe.com ↗Patch: helpx.adobe.com ↗

🔴Vulnerability Details

GHSA

GHSA-c2xf-g8c5-v9p9: Flash Player versions 31↗2022-05-14

▶

CVEList

CVE-2018-15983: Flash Player versions 31↗2019-01-18

▶

OSV

CVE-2018-15983: Flash Player versions 31↗2019-01-18

▶

📋Vendor Advisories

Red Hat

flash-plugin: Privilege Escalation vulnerability (APSB18-42)↗2018-12-05

▶

🕵️Threat Intelligence

Qualys

December 2018 Patch Tuesday – 39 Vulns, Workstation Patches, Adobe Vulns↗2018-12-11

▶

Qualys

December 2018 Patch Tuesday – 39 Vulns, Workstation Patches, Adobe Vulns | Qualys↗2018-12-11

▶

💬Community

Bugzilla

CVE-2018-15983 flash-plugin: Privilege Escalation vulnerability (APSB18-42)↗2018-12-05

▶