Vulnerability Description
A use-after-free vulnerability was discovered in Adobe Flash Player before 28.0.0.161. This vulnerability occurs due to a dangling pointer in the Primetime SDK related to media player's quality of service functionality. A successful attack can lead to arbitrary code execution.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Adobe | Flash Player | < 28.0.0.161 |
| Apple | Macos | - |
| Linux | Linux Kernel | - |
| Microsoft | Windows | - |
| Redhat | Enterprise Linux Desktop | 6.0 |
| Redhat | Enterprise Linux Server | 6.0 |
| Redhat | Enterprise Linux Workstation | 6.0 |
| Microsoft | Windows 10 | All versions |
| Microsoft | Windows 8.1 | All versions |
| Chrome Os | - |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/102930Third Party AdvisoryVDB Entry
- https://access.redhat.com/errata/RHSA-2018:0285Third Party Advisory
- https://helpx.adobe.com/security/products/flash-player/apsb18-03.htmlVendor Advisory
- http://www.securityfocus.com/bid/102930Third Party AdvisoryVDB Entry
- https://access.redhat.com/errata/RHSA-2018:0285Third Party Advisory
- https://helpx.adobe.com/security/products/flash-player/apsb18-03.htmlVendor Advisory
FAQ
What is CVE-2018-4877?
CVE-2018-4877 is a vulnerability with a CVSS score of 9.8 (CRITICAL). A use-after-free vulnerability was discovered in Adobe Flash Player before 28.0.0.161. This vulnerability occurs due to a dangling pointer in the Primetime SDK related to media player's quality of ser...
How severe is CVE-2018-4877?
CVE-2018-4877 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2018-4877?
Check the references section above for vendor advisories and patch information. Affected products include: Adobe Flash Player, Apple Macos, Linux Linux Kernel, Microsoft Windows, Redhat Enterprise Linux Desktop.