CVE-2018-4920
HIGHAdobe Flash Player < 28.0.0.161 - Remote Code Execution via Type Confusion
Title source: llmDescription
Adobe Flash Player versions 28.0.0.161 and earlier have an exploitable type confusion vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
References (4)
Core 4
Core References
Broken Link, Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/103383
Third Party Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2018:0520
Patch, Vendor Advisory x_refsource_misc
https://helpx.adobe.com/security/products/flash-player/apsb18-05.html
Broken Link, Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1040509
Scores
CVSS v3
8.8
EPSS
0.0787
EPSS Percentile
94.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-843
Status
published
Products (2)
adobe/flash_player
< 28.0.0.161 (3 CPE variants)
adobe/flash_player_desktop_runtime
< 28.0.0.161
Published
May 19, 2018
Tracked Since
Feb 18, 2026