Sid 1-48566

Message

FILE-FLASH Adobe Flash Player TVSDK metadata use after free attempt

Summary

This event is generated when an attacker attempts to exploit a vulnerability in Adobe Flash.

Impact

Attempted User Privilege Gain

CVE-2018-15982:

CVSS base score 9.8

CVSS impact score 5.9

CVSS exploitability score 3.9

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Detailed information

CVE-2018-15982: Flash Player versions 31.0.0.153 and earlier, and 31.0.0.108 and earlier have a use after free vulnerability. Successful exploitation could lead to arbitrary code execution.

Affected systems

• adobe flash_player 31.0.0.153
• adobe flashplayerinstaller 31.0.0.108
• redhat enterpriselinuxdesktop 6.0
• redhat enterpriselinuxserver 6.0
• redhat enterpriselinuxworkstation 6.0

Ease of attack

CVE-2018-15982:

Access Vector

Access Complexity

Authentication

False positives

False negatives

Corrective action

Contributors

• Cisco's Talos Intelligence Group

Additional References

• helpx.adobe.com/security/products/flash-player/APSB18-42.html