Description
Adobe Flash Player versions 28.0.0.161 and earlier have an exploitable use after free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
References (4)
Core 4
Core References
Third Party Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2018:0520
Patch, Vendor Advisory x_refsource_misc
https://helpx.adobe.com/security/products/flash-player/apsb18-05.html
Broken Link, Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/103385
Broken Link, Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1040509
Scores
CVSS v3
8.8
EPSS
0.0766
EPSS Percentile
93.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-416
Status
published
Products (2)
adobe/flash_player
< 28.0.0.161 (3 CPE variants)
adobe/flash_player_desktop_runtime
< 28.0.0.161
Published
May 19, 2018
Tracked Since
Feb 18, 2026