CVE-2018-4932

CWE-416 — Use After Free6 documents6 sources

Severity

8.8HIGH

EPSS

1.6%

top 18.57%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Adobe Flash Player Adobe Flash Player Desktop Runtime

Timeline

PublishedMay 19

Latest updateMay 14

Description

Adobe Flash Player versions 29.0.0.113 and earlier have an exploitable Use-After-Free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages4 packages

▶CVEListV5adobe_flash_player_29.0.0.113_and_earlier_versionsAdobe Flash Player 29.0.0.113 and earlier versions

▶NVDadobe/flash_player29.0.0.113

▶NVDadobe/flash_player_desktop_runtime29.0.0.113

▶Ubuntuflashplugin-nonfree< 29.0.0.140ubuntu0.14.04.1+2

Patches

Patch: helpx.adobe.com ↗Patch: helpx.adobe.com ↗

🔴Vulnerability Details

GHSA

GHSA-26hq-7m9g-65cf: Adobe Flash Player versions 29↗2022-05-14

▶

CVEList

CVE-2018-4932: Adobe Flash Player versions 29↗2018-05-19

▶

OSV

CVE-2018-4932: Adobe Flash Player versions 29↗2018-05-19

▶

📋Vendor Advisories

Red Hat

flash-plugin: Remote Code Execution vulnerabilities (APSB18-08)↗2018-04-10

▶

💬Community

Bugzilla

CVE-2018-4935 CVE-2018-4937 CVE-2018-4932 flash-plugin: Remote Code Execution vulnerabilities (APSB18-08)↗2018-04-10

▶