PT-2018-13323 · Adobe+1 · Flash Player+1

Published

2018-12-05

Updated

2019-01-28

CVE-2018-15983

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Adobe Flash Player versions 31.0.0.153 and earlier Adobe Flash Player versions 31.0.0.108 and earlier

Description A vulnerability in Adobe Flash Player allows attackers to escalate privileges. The issue is related to insecure library loading, also known as dll hijacking. Successful exploitation could lead to privilege escalation.

Recommendations For Adobe Flash Player versions 31.0.0.153 and earlier, update to a version later than 31.0.0.153 to resolve the issue. For Adobe Flash Player versions 31.0.0.108 and earlier, update to a version later than 31.0.0.108 to resolve the issue. As a temporary workaround, consider restricting the loading of external libraries to minimize the risk of exploitation.

Fix

Untrusted Search Path

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-426

Related Identifiers

ALT-PU-2019-1042

CVE-2018-15983

MGASA-2018-0478

Affected Products

Alt Linux

Flash Player

PT-2018-13323 · Adobe+1 · Flash Player+1

CVE-2018-15983

Weakness Enumeration

Related Identifiers

Affected Products

References · 10