Vulnerability CVE-2018-4877


Published: 2018-02-06

Description:
A use-after-free vulnerability was discovered in Adobe Flash Player before 28.0.0.161. This vulnerability occurs due to a dangling pointer in the Primetime SDK related to media player's quality of service functionality. A successful attack can lead to arbitrary code execution.

Type:

CWE-416

(Use After Free)

Vendor: Adobe
Product: Flash player 
Version:
9.125.0
9.0.9.0
9.0.8.0
9.0.48.0
9.0.47.0
9.0.45.0
9.0.31.0
9.0.31
9.0.283.0
9.0.280
9.0.28.0
9.0.28
9.0.277.0
9.0.262.0
9.0.260.0
9.0.246.0
9.0.20.0
9.0.20
9.0.18d60
9.0.16
9.0.159.0
9.0.155.0
9.0.152.0
9.0.151.0
9.0.125.0
9.0.124.0
9.0.115.0
9.0.114.0
9.0.112.0
9.0
8.0.42.0
8.0.39.0
8.0.35.0
8.0.34.0
8.0.33.0
8.0.24.0
8.0.22.0
8.0
7.2
7.1.1
7.1
7.0.73.0
7.0.70.0
7.0.69.0
7.0.68.0
7.0.67.0
7.0.66.0
7.0.63
7.0.61.0
7.0.60.0
7.0.53.0
7.0.25
7.0.24.0
7.0.19.0
7.0.14.0
7.0.1
7.0
6.0.79
6.0.21.0
6
5
4
3
26.0.0.137
24.0.0.221
24.0.0.194
24.0.0.186
23.0.0.207
23.0.0.185
22.0.0.211
22.0.0.192
21.0.0.97
21.0.0.242
21.0.0.226
21.0.0.213
20.0.0.306
20.0.0.286
20.0.0.235
20.0.0.228
2
19.0.0.245
19.0.0.226
19.0.0.207
19.0.0.185
18.0.0.366
18.0.0.360
18.0.0.352
18.0.0.343
18.0.0.333
18.0.0.326
18.0.0.324
18.0.0.268
18.0.0.261
18.0.0.209
See more versions on NVD
Vendor: Redhat
Product: Enterprise linux server 
Version: 6.0;
Product: Enterprise linux desktop 
Version: 6.0;
Product: Enterprise linux workstation 
Version: 6.0;

CVSS2 => (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
10/10
10/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete

 References:
http://www.securityfocus.com/bid/102930
https://access.redhat.com/errata/RHSA-2018:0285
https://helpx.adobe.com/security/products/flash-player/apsb18-03.html

Related CVE
CVE-2016-10746
libvirt-domain.c in libvirt before 1.3.1 supports virDomainGetTime API calls by guest agents with an RO connection, even though an RW connection was supposed to be required, a different vulnerability than CVE-2019-3886.
CVE-2019-3891
It was discovered that a world-readable log file belonging to Candlepin component of Red Hat Satellite 6.4 leaked the credentials of the Candlepin database. A malicious user with local access to a Satellite host can use those credentials to modify th...
CVE-2019-3459
A heap address information leak while using L2CAP_GET_CONF_OPT was discovered in the Linux kernel before 5.1-rc1.
CVE-2019-3845
A lack of access control was found in the message queues maintained by Satellite's QPID broker and used by katello-agent in versions before Satellite 6.2, Satellite 6.1 optional and Satellite Capsule 6.1. A malicious user authenticated to a host regi...
CVE-2019-3837
It was found that the net_dma code in tcp_recvmsg() in the 2.6.32 kernel as shipped in RHEL6 is thread-unsafe. So an unprivileged multi-threaded userspace application calling recvmsg() for the same network socket in parallel executed on ioatdma-enabl...
CVE-2019-3842
In systemd before v242-rc4, it was discovered that pam_systemd does not properly sanitize the environment before using the XDG_SEAT variable. It is possible for an attacker, in some particular configurations, to set a XDG_SEAT environment variable wh...
CVE-2017-3139
A denial of service flaw was found in the way BIND handled DNSSEC validation. A remote attacker could use this flaw to make named exit unexpectedly with an assertion failure via a specially crafted DNS response.
CVE-2019-3893
In Foreman it was discovered that the delete compute resource operation, when executed from the Foreman API, leads to the disclosure of the plaintext password or token for the affected compute resource. A malicious user with the "delete_compute_resou...

Copyright 2019, cxsecurity.com

 

Back to Top