CVE-2018-4935

HIGH

Adobe Flash Player < 29.0.0.113 - Out-of-bounds Write

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-4935. PoCs published by Google Security Research.

AI-analyzed exploit summary This exploit is a fuzzed SWF file that triggers heap or stack corruption in Adobe Flash Player, leading to potential remote code execution. The PoC is noted to be unreliable but works best in standalone Flash Player and Microsoft Edge.

Description

Adobe Flash Player versions 29.0.0.113 and earlier have an exploitable out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Google Security Research · textdosmultiple

https://www.exploit-db.com/exploits/44527

View Code ZIP pw:eip

This exploit is a fuzzed SWF file that triggers heap or stack corruption in Adobe Flash Player, leading to potential remote code execution. The PoC is noted to be unreliable but works best in standalone Flash Player and Microsoft Edge.

Classification

Working Poc 80%

Attack Type

Rce

Complexity

Moderate

Reliability

Racy

Target: Adobe Flash Player (versions affected by CVE-2018-4935)

No auth needed

Prerequisites: Victim must open the malicious SWF file in a vulnerable Flash Player environment

MITRE ATT&CK