CVE-2018-4944 — Incorrect Type Conversion or Cast in Adobe Flash Player

CWE-704 — Incorrect Type Conversion or Cast CWE-843 — Type Confusion14 documents11 sources

Severity

9.8CRITICALNVD

EPSS

24.0%

top 3.95%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Adobe Flash Player Redhat Enterprise Linux Desktop Redhat Enterprise Linux Server +1 more

Timeline

PublishedMay 19

Latest updateAug 21

Description

Adobe Flash Player versions 29.0.0.140 and earlier have an exploitable type confusion vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages4 packages

▶NVDadobe/flash_player29.0.0.140

▶NVDredhat/enterprise_linux_server6.0

▶NVDredhat/enterprise_linux_desktop6.0

▶NVDredhat/enterprise_linux_workstation6.0

🔴Vulnerability Details

GHSA

GHSA-w5rc-5jqm-p8hv: Adobe Flash Player versions 29↗2022-05-13

▶

CVEList

CVE-2018-4944: Adobe Flash Player versions 29↗2018-05-19

▶

OSV

CVE-2018-4944: Adobe Flash Player versions 29↗2018-05-19

▶

📋Vendor Advisories

Red Hat

flash-plugin: Arbitrary Code Execution vulnerability (APSB18-16)↗2018-05-08

▶

🕵️Threat Intelligence

Tenable

Microsoft May Madness↗2018-05-09

▶

Tenable

Microsoft May Madness↗2018-05-09

▶

Qualys

May 2018 Patch Tuesday – Medium Weight, However One Active Exploit Needs Attention↗2018-05-08

▶

Talos

Microsoft Patch Tuesday - May 2018↗2018-05-08

▶

Talos

Microsoft Patch Tuesday - May 2018↗2018-05-08

▶

📄Research Papers

arXiv

A Practical Guideline and Taxonomy to LLVM's Control Flow Integrity↗2025-08-21

▶

💬Community

Bugzilla

CVE-2018-4944 flash-plugin: Arbitrary Code Execution vulnerability (APSB18-16)↗2018-05-08

▶