CVE-2018-15982

HIGH CISA KEV EPSS 99.6%
Published Jan 18, 20197y ago · Modified Jun 17, 20262w ago
7.8 CVSS 3.1
High
Find Similar
Published Jan 18, 2019 7y ago
Last Modified Jun 17, 2026 2w ago
KEV Listed Feb 15, 2022 4y ago
KEV Due Aug 15, 2022 1419d overdue

Description

Flash Player versions 31.0.0.153 and earlier, and 31.0.0.108 and earlier have a use after free vulnerability. Successful exploitation could lead to arbitrary code execution.

CVSS Details

Base Score
7.8
Exploitability
1.8
Impact
5.9
Vector string
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required None
User Interaction Required
Scope Unchanged
Confidentiality High
Integrity High
Availability High

Threat Intelligence

CISA Known Exploited Overdue 1419d
Added
Feb 15, 2022
Due
Aug 15, 2022

The impacted product is end-of-life and should be disconnected if still in use.

EPSS Exploit Probability
99.6% percentile
Exploit & Patch Status
Actively Exploited (KEV)
Patch Available

Weaknesses 1

CWE-416 Use After Free Memory Safety

Affected Products 18

VendorProductVersionRange
adobeflash_player* ≤31.0.0.153
applemac_os_x*any
linuxlinux_kernel*any
microsoftwindows*any
adobeflash_player* ≤31.0.0.153
applemac_os_x*any
googlechrome_os*any
linuxlinux_kernel*any
microsoftwindows*any
adobeflash_player* ≤31.0.0.153
adobeflash_player* ≤31.0.0.153
microsoftwindows_10*any
microsoftwindows_8.1*any
redhatenterprise_linux_desktop6.0any
redhatenterprise_linux_server6.0any
redhatenterprise_linux_workstation6.0any
adobeflash_player_installer* ≤31.0.0.108
microsoftwindows*any

References 6

  • securityfocus.com http://www.securityfocus.com/bid/106116
    Broken LinkThird Party AdvisoryVDB Entry
  • access.redhat.com https://access.redhat.com/errata/RHSA-2018:3795
    Third Party Advisory
  • github.com https://github.com/cisagov/vulnrichment/issues/195
    Issue Tracking
  • helpx.adobe.com https://helpx.adobe.com/security/products/flash-player/apsb18-42.html
    PatchVendor Advisory
  • cisa.gov https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-15982
    Third Party AdvisoryUS Government Resource
  • exploit-db.com https://www.exploit-db.com/exploits/46051/
    ExploitThird Party AdvisoryVDB Entry

Remediation

  • helpx.adobe.com https://helpx.adobe.com/security/products/flash-player/apsb18-42.html
    PatchVendor Advisory