CVE-2018-4919

HIGH

Adobe Flash Player < 28.0.0.161 - Use-After-Free

Title source: llm
STIX 2.1

Description

Adobe Flash Player versions 28.0.0.161 and earlier have an exploitable use after free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.

References (4)

Core 4
Core References
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2018:0520
Broken Link, Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/103385
Broken Link, Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1040509

Scores

CVSS v3 8.8
EPSS 0.0766
EPSS Percentile 93.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE
CWE-416
Status published
Products (2)
adobe/flash_player < 28.0.0.161 (3 CPE variants)
adobe/flash_player_desktop_runtime < 28.0.0.161
Published May 19, 2018
Tracked Since Feb 18, 2026