Vulnerability CVE-2018-4944


Published: 2018-05-19

Description:
Adobe Flash Player versions 29.0.0.140 and earlier have an exploitable type confusion vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.

Type:

CWE-704

(Incorrect Type Conversion or Cast)

Vendor: Redhat
Product: Enterprise linux server 
Version: 6.0;
Product: Enterprise linux desktop 
Version: 6.0;
Product: Enterprise linux workstation 
Version: 6.0;
Vendor: Adobe
Product: Flash player 
Version: 29.0.0.140;

CVSS2 => (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
10/10
10/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete

 References:
http://www.securityfocus.com/bid/104101
http://www.securitytracker.com/id/1040840
https://access.redhat.com/errata/RHSA-2018:1367
https://helpx.adobe.com/security/products/flash-player/apsb18-16.html
https://security.gentoo.org/glsa/201806-02

Related CVE
CVE-2019-7956
Adobe Dreamweaver direct download installer versions 19.0 and below, 18.0 and below have an Insecure Library Loading (DLL hijacking) vulnerability. Successful exploitation could lead to Privilege Escalation in the context of the current user.
CVE-2019-7955
Adobe Experience Manager version 6.4 and ealier have a Reflected Cross-site Scripting vulnerability. Successful exploitation could lead to Sensitive Information disclosure in the context of the current user.
CVE-2019-7953
Adobe Experience Manager version 6.4 and ealier have a Cross-Site Request Forgery vulnerability. Successful exploitation could lead to Sensitive Information disclosure in the context of the current user.
CVE-2019-7941
Adobe Campaign Classic version 18.10.5-8984 and earlier versions have an Information Exposure Through an Error Message vulnerability. Successful exploitation could lead to Information Disclosure in the context of the current user.
CVE-2019-7850
Adobe Campaign Classic version 18.10.5-8984 and earlier versions have a Command injection vulnerability. Successful exploitation could lead to Arbitrary Code Execution in the context of the current user.
CVE-2019-7848
Adobe Campaign Classic version 18.10.5-8984 and earlier versions have an Inadequate access control vulnerability. Successful exploitation could lead to Information Disclosure in the context of the current user.
CVE-2019-7845
Adobe Flash Player versions 32.0.0.192 and earlier, 32.0.0.192 and earlier, and 32.0.0.192 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution.
CVE-2019-7840
ColdFusion versions Update 3 and earlier, Update 10 and earlier, and Update 18 and earlier have a deserialization of untrusted data vulnerability. Successful exploitation could lead to arbitrary code execution.

Copyright 2019, cxsecurity.com

 

Back to Top