CVE-2018-4920

Adobe Flash Player versions 28.0.0.161 and earlier have an exploitable type confusion vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
References
Link Resource
http://www.securityfocus.com/bid/103383 Broken Link Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1040509 Broken Link Third Party Advisory VDB Entry
https://access.redhat.com/errata/RHSA-2018:0520 Third Party Advisory
https://helpx.adobe.com/security/products/flash-player/apsb18-05.html Patch Vendor Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:a:adobe:flash_player_desktop_runtime:*:*:*:*:*:*:*:*
OR cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:a:adobe:flash_player:*:*:*:*:*:chrome:*:*
OR cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*
cpe:2.3:o:google:chrome_os:-:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
OR cpe:2.3:a:adobe:flash_player:*:*:*:*:*:edge:*:*
cpe:2.3:a:adobe:flash_player:*:*:*:*:*:internet_explorer:*:*
OR cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*

History

18 Nov 2022, 16:25

Type Values Removed Values Added
References (BID) http://www.securityfocus.com/bid/103383 - Third Party Advisory, VDB Entry (BID) http://www.securityfocus.com/bid/103383 - Broken Link, Third Party Advisory, VDB Entry
References (SECTRACK) http://www.securitytracker.com/id/1040509 - Third Party Advisory, VDB Entry (SECTRACK) http://www.securitytracker.com/id/1040509 - Broken Link, Third Party Advisory, VDB Entry
References (MISC) https://helpx.adobe.com/security/products/flash-player/apsb18-05.html - Vendor Advisory (MISC) https://helpx.adobe.com/security/products/flash-player/apsb18-05.html - Patch, Vendor Advisory
CVSS v2 : 10.0
v3 : 9.8
v2 : 9.3
v3 : 8.8
CPE cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
cpe:2.3:o:google:chrome_os:*:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:*:*:*:*:*:internet_explorer_11:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:*:*:*:*:*:internet_explorer:*:*
cpe:2.3:o:google:chrome_os:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*
CWE CWE-704 CWE-843

Information

Published : 2018-05-19 17:29

Updated : 2024-02-04 19:46


NVD link : CVE-2018-4920

Mitre link : CVE-2018-4920

CVE.ORG link : CVE-2018-4920


JSON object : View

Products Affected

microsoft

  • windows
  • windows_8.1
  • windows_10

google

  • chrome_os

adobe

  • flash_player_desktop_runtime
  • flash_player

linux

  • linux_kernel

apple

  • mac_os_x
CWE
CWE-843

Access of Resource Using Incompatible Type ('Type Confusion')