Lucene search

AdobeCVE-2018-4944

HistoryMay 19, 2018 - 5:29 p.m.

CVE-2018-4944

2018-05-1917:29:01

CWE-704

adobe

web.nvd.nist.gov

cve-2018-4944

adobe flash player

type confusion

vulnerability

arbitrary code execution

nvd

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.5

Confidence

High

EPSS

0.302

Percentile

97.0%

JSON

Adobe Flash Player versions 29.0.0.140 and earlier have an exploitable type confusion vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.

Affected configurations

Nvd

Vulners

Node

adobeflash_playerRange≤29.0.0.140

AND

applemacosMatch-

linuxlinux_kernelMatch-

microsoftwindowsMatch-

Node

redhatenterprise_linux_desktopMatch6.0

redhatenterprise_linux_serverMatch6.0

redhatenterprise_linux_workstationMatch6.0

Node

adobeflash_playerRange≤29.0.0.140edge

adobeflash_playerRange≤29.0.0.140internet_explorer_11

AND

microsoftwindows_10

microsoftwindows_8.1

Node

adobeflash_playerRange≤29.0.0.140chrome

AND

applemacosMatch-

googlechrome_osMatch-

linuxlinux_kernelMatch-

microsoftwindowsMatch-

VendorProductVersionCPE
adobeflash_playercpe:/a:adobe:flash_player::::

Vendor	Product	Version	CPE
adobe	flash_player		cpe:/a:adobe:flash_player::::

CNA Affected

[
  {
    "product": "Adobe Flash Player 29.0.0.140 and earlier versions",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Adobe Flash Player 29.0.0.140 and earlier versions"
      }
    ]
  }
]