CVE-2018-4920

Adobe Flash Player versions 28.0.0.161 and earlier have an exploitable type confusion vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
References
Link Resource
https://helpx.adobe.com/security/products/flash-player/apsb18-05.html Patch Vendor Advisory
https://access.redhat.com/errata/RHSA-2018:0520 Third Party Advisory
http://www.securitytracker.com/id/1040509 Broken Link Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/103383 Broken Link Third Party Advisory VDB Entry
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

AND
cpe:2.3:a:adobe:flash_player_desktop_runtime:*:*:*:*:*:*:*:*
OR cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:a:adobe:flash_player:*:*:*:*:*:chrome:*:*
OR cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*
cpe:2.3:o:google:chrome_os:-:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
OR cpe:2.3:a:adobe:flash_player:*:*:*:*:*:edge:*:*
cpe:2.3:a:adobe:flash_player:*:*:*:*:*:internet_explorer:*:*
OR cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*

Information

Published : 2018-05-19 10:29

Updated : 2022-11-18 08:25


NVD link : CVE-2018-4920

Mitre link : CVE-2018-4920


JSON object : View

CWE
CWE-843

Access of Resource Using Incompatible Type ('Type Confusion')

Advertisement

dedicated server usa

Products Affected

adobe

  • flash_player_desktop_runtime
  • flash_player

microsoft

  • windows
  • windows_8.1
  • windows_10

google

  • chrome_os

linux

  • linux_kernel

apple

  • mac_os_x