PT-2018-1083 · Adobe+2 · Flash Player+2

Publicado

2018-02-06

Atualizado

2021-09-08

CVE-2018-4877

CVSS v2.0

Crítica

Vetor

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Adobe Flash Player versions prior to 28.0.0.161

Description A use-after-free vulnerability was discovered in the Primetime SDK related to the media player's quality of service functionality. This issue occurs due to a dangling pointer, allowing a successful attack to lead to arbitrary code execution. The vulnerability can be exploited by a remote attacker to execute code remotely.

Recommendations For versions prior to 28.0.0.161, update to version 28.0.0.161 or later to resolve the issue. As a temporary workaround, consider disabling the quality of service functionality in the Primetime SDK until a patch is available. Restrict access to the media player's quality of service functionality to minimize the risk of exploitation.

Correção

Use After Free

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-416

Identificadores relacionados

ALT-PU-2018-1250

ALT-PU-2018-2414

BDU:2018-00449

CVE-2018-4877

MGASA-2018-0120

RHSA-2018:0285

RHSA-2018_0285

ZDI-18-178

Produtos afetados

Alt Linux

Flash Player

Red Hat

PT-2018-1083 · Adobe+2 · Flash Player+2

CVE-2018-4877

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 13