CVE-2018-4877

CRITICAL

Adobe Flash Player < 28.0.0.161 - Use-After-Free in Primetime SDK Media Player QoS

Title source: llm
STIX 2.1

Description

A use-after-free vulnerability was discovered in Adobe Flash Player before 28.0.0.161. This vulnerability occurs due to a dangling pointer in the Primetime SDK related to media player's quality of service functionality. A successful attack can lead to arbitrary code execution.

References (3)

Core 3
Core References
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2018:0285
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/102930

Scores

CVSS v3 9.8
EPSS 0.0851
EPSS Percentile 94.4%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-416
Status published
Products (4)
adobe/flash_player < 28.0.0.161 (4 CPE variants)
redhat/enterprise_linux_desktop 6.0
redhat/enterprise_linux_server 6.0
redhat/enterprise_linux_workstation 6.0
Published Feb 06, 2018
Tracked Since Feb 18, 2026