CVE-2018-4920

CWE-843 CWE-7046 documents6 sources

Severity

8.8HIGH

EPSS

7.2%

top 8.41%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Adobe Flash Player Adobe Flash Player Desktop Runtime

Timeline

PublishedMay 19

Latest updateMay 14

Description

Adobe Flash Player versions 28.0.0.161 and earlier have an exploitable type confusion vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages4 packages

▶CVEListV5adobe_flash_player_28.0.0.161_and_earlier_versionsAdobe Flash Player 28.0.0.161 and earlier versions

▶NVDadobe/flash_player28.0.0.161

▶NVDadobe/flash_player_desktop_runtime28.0.0.161

▶Ubuntuflashplugin-nonfree< 29.0.0.140ubuntu0.14.04.1+1

Patches

Patch: helpx.adobe.com ↗Patch: helpx.adobe.com ↗

🔴Vulnerability Details

GHSA

GHSA-j5xf-xfvf-pjw6: Adobe Flash Player versions 28↗2022-05-14

▶

CVEList

CVE-2018-4920: Adobe Flash Player versions 28↗2018-05-19

▶

OSV

CVE-2018-4920: Adobe Flash Player versions 28↗2018-05-19

▶

📋Vendor Advisories

Red Hat

flash-plugin: Type Confusion - remote code execution vulnerability (APSB18-05)↗2018-03-13

▶

💬Community

Bugzilla

CVE-2018-4920 flash-plugin: Type Confusion - remote code execution vulnerability (APSB18-05)↗2018-03-13

▶