CVE-2018-15982

high-risk

Published 2019-01-18

Flash Player versions 31.0.0.153 and earlier, and 31.0.0.108 and earlier have a use after free vulnerability. Successful exploitation could lead to arbitrary code execution.

Do I need to act?

93.6% chance of exploitation in next 30 days

EPSS score — higher than 6% of all CVEs

CISA KEV: actively exploited in the wild

On the Known Exploited Vulnerabilities catalog — federal agencies must patch

1 public exploit available

46051

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 7.8/10 High

LOCAL / LOW complexity

Affected Products (8)

Flash Player

Enterprise Linux Desktop

Enterprise Linux Server

Enterprise Linux Workstation

Flash Player Installer

Affected Vendors

Redhat Adobe

References (10)

Broken Link http://www.securityfocus.com/bid/106116

Third Party Advisory https://access.redhat.com/errata/RHSA-2018:3795

Patch https://helpx.adobe.com/security/products/flash-player/apsb18-42.html

Exploit https://www.exploit-db.com/exploits/46051/

Broken Link http://www.securityfocus.com/bid/106116

Third Party Advisory https://access.redhat.com/errata/RHSA-2018:3795

Patch https://helpx.adobe.com/security/products/flash-player/apsb18-42.html

Exploit https://www.exploit-db.com/exploits/46051/

Issue Tracking https://github.com/cisagov/vulnrichment/issues/195

Third Party Advisory https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-...

/ 100

high-risk

Severity 24/34 · High

Exploitability 27/34 · High

Exposure 14/34 · Moderate