Vulnerability Description
Adobe Flash Player versions 28.0.0.161 and earlier have an exploitable type confusion vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Adobe | Flash Player Desktop Runtime | <= 28.0.0.161 |
| Apple | Mac Os X | - |
| Linux | Linux Kernel | - |
| Microsoft | Windows | - |
| Adobe | Flash Player | <= 28.0.0.161 |
| Chrome Os | - | |
| Microsoft | Windows 10 | - |
| Microsoft | Windows 8.1 | - |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/103383Broken LinkThird Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1040509Broken LinkThird Party AdvisoryVDB Entry
- https://access.redhat.com/errata/RHSA-2018:0520Third Party Advisory
- https://helpx.adobe.com/security/products/flash-player/apsb18-05.htmlPatchVendor Advisory
- http://www.securityfocus.com/bid/103383Broken LinkThird Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1040509Broken LinkThird Party AdvisoryVDB Entry
- https://access.redhat.com/errata/RHSA-2018:0520Third Party Advisory
- https://helpx.adobe.com/security/products/flash-player/apsb18-05.htmlPatchVendor Advisory
FAQ
What is CVE-2018-4920?
CVE-2018-4920 is a vulnerability with a CVSS score of 8.8 (HIGH). Adobe Flash Player versions 28.0.0.161 and earlier have an exploitable type confusion vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
How severe is CVE-2018-4920?
CVE-2018-4920 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-4920?
Check the references section above for vendor advisories and patch information. Affected products include: Adobe Flash Player Desktop Runtime, Apple Mac Os X, Linux Linux Kernel, Microsoft Windows, Adobe Flash Player.