| Vulnerability Name: | CVE-2018-4871 (CCN-137160) | ||||||||||||
| Assigned: | 2018-01-09 | ||||||||||||
| Published: | 2018-01-09 | ||||||||||||
| Updated: | 2021-09-08 | ||||||||||||
| Summary: | An Out-of-bounds Read issue was discovered in Adobe Flash Player before 28.0.0.137. This vulnerability occurs because of computation that reads data that is past the end of the target buffer. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure. | ||||||||||||
| CVSS v3 Severity: | 7.5 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) 6.5 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C)
5.7 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C)
| ||||||||||||
| CVSS v2 Severity: | 5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)
| ||||||||||||
| Vulnerability Type: | CWE-125 | ||||||||||||
| Vulnerability Consequences: | Obtain Information | ||||||||||||
| References: | Source: MITRE Type: CNA CVE-2018-4871 Source: BID Type: Third Party Advisory, VDB Entry 102465 Source: CCN Type: BID-102465 Adobe Flash Player Out-Of-Bounds Read Information Disclosure Vulnerability Source: SECTRACK Type: Third Party Advisory, VDB Entry 1040155 Source: REDHAT Type: Third Party Advisory, VDB Entry RHSA-2018:0081 Source: XF Type: UNKNOWN adobe-flash-cve20184871-info-disc(137160) Source: CCN Type: Adobe Security Bulletin APSB18-01 Security updates available for Adobe Flash Player Source: CONFIRM Type: Vendor Advisory https://helpx.adobe.com/security/products/flash-player/apsb18-01.html Source: CCN Type: ZDI-18-124 Adobe Flash ATF Parsing Out-Of-Bounds Read Information Disclosure Vulnerability | ||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration 2: Configuration 3: Configuration 4:  Denotes that component is vulnerable | ||||||||||||
| BACK | |||||||||||||