CVE-2018-4878

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Adobe Flash Player versions prior to 28.0.0.161

Description The issue is related to a use-after-free vulnerability, which occurs due to a dangling pointer in the Primetime SDK related to media player handling of listener objects. This can allow a remote attacker to execute arbitrary code using a specially crafted document or web page with malicious Flash content. The vulnerability was exploited in the wild in January and February 2018.

Recommendations For Adobe Flash Player versions prior to 28.0.0.161, update to version 28.0.0.161 or later to resolve the issue. As a temporary workaround, consider disabling the use of Flash content in web pages until a patch is applied. Restrict access to Flash-based modules to minimize the risk of exploitation. Avoid using Flash-based documents or web pages with untrusted or unknown sources until the issue is resolved.

Exploit

Fix

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

ALT-PU-2017-1308

ALT-PU-2017-1495

ALT-PU-2017-1581

ALT-PU-2017-1727

ALT-PU-2017-2075

ALT-PU-2017-2290

ALT-PU-2017-2537

ALT-PU-2017-2836

ALT-PU-2018-1250

ALT-PU-2018-1421

ALT-PU-2018-1663

ALT-PU-2018-2115

ALT-PU-2018-2414

BDU:2018-00993

CVE-2018-4878

MGASA-2018-0120

RHSA-2017_0526

RHSA-2017_0934

RHSA-2017_1219

RHSA-2017_1439

RHSA-2017_2457

RHSA-2017_2702

RHSA-2017_2899

RHSA-2017_3222

RHSA-2018:0285

RHSA-2018_0081

RHSA-2018_0285

RHSA-2018_0484

RHSA-2018_0520

RHSA-2018_1119

RHSA-2018_1827

RHSA-2018_2175

RHSA-2018_2707

Affected Products

Alt Linux

Flash Player

Red Hat

CVE-2018-4878

Weakness Enumeration

Related Identifiers

Affected Products

References · 36