header-logo
Suggest Exploit
vendor:
Flash Player
by:
Exploit Database
9,8
CVSS
CRITICAL
Use-after-free
416
CWE
Product Name: Flash Player
Affected Version From: 28.0.0.137
Affected Version To: 28.0.0.137
Patch Exists: YES
Related CWE: CVE-2018-4878
CPE: o:adobe:flash_player:28.0.0.137
Metasploit: https://www.rapid7.com/db/vulnerabilities/msft-cve-2018-4878/https://www.rapid7.com/db/vulnerabilities/msft-cve-2018-4877/https://www.rapid7.com/db/vulnerabilities/centos_linux-cve-2018-4878/https://www.rapid7.com/db/vulnerabilities/flash_player-cve-2018-4878/https://www.rapid7.com/db/vulnerabilities/gentoo-linux-cve-2018-4878/https://www.rapid7.com/db/vulnerabilities/redhat_linux-cve-2018-4878/https://www.rapid7.com/db/vulnerabilities/freebsd-cve-2018-4878/
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows, Linux, Mac
2018

CVE-2018-4878

CVE-2018-4878 is a use-after-free vulnerability in Adobe Flash Player 28.0.0.137 and earlier versions. The vulnerability is caused by a dangling pointer in the Primetime SDK related to video object lifetime management. An attacker can exploit this vulnerability to execute arbitrary code in the context of the current user.

Mitigation:

Adobe has released a security update to address this vulnerability.
Source

Exploit-DB raw data:

## CVE-2018-4878 

Pop up a calculator - Requires Flash ActiveX 28.0.0.137

Download: https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/44745.swf

Navigation

Suggest Exploit

Services By CQR