CVE-2018-4944

CRITICAL

Adobe Flash Player <29.0.0.140 - RCE

Title source: llm

Description

Adobe Flash Player versions 29.0.0.140 and earlier have an exploitable type confusion vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.

References (5)

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/104101

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1040840

[Third Party Advisory] https://access.redhat.com/errata/RHSA-2018:1367

[Third Party Advisory] https://security.gentoo.org/glsa/201806-02

[Vendor Advisory] https://helpx.adobe.com/security/products/flash-player/apsb18-16.html

Scores

CVSS v3 9.8

EPSS 0.2400

EPSS Percentile 96.1%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-704

Status published

Products (4)

adobe/flash_player < 29.0.0.140 (4 CPE variants)

redhat/enterprise_linux_desktop 6.0

redhat/enterprise_linux_server 6.0

redhat/enterprise_linux_workstation 6.0

Published May 19, 2018

Tracked Since Feb 18, 2026