CVE-2018-15982
HIGH CISA KEV EPSS 99.6%
Published Jan 18, 20197y ago · Modified Jun 17, 20262w ago
7.8 CVSS 3.1
Published Jan 18, 2019 7y ago
Last Modified Jun 17, 2026 2w ago
KEV Listed Feb 15, 2022 4y ago
KEV Due Aug 15, 2022 1419d overdue
Description
Flash Player versions 31.0.0.153 and earlier, and 31.0.0.108 and earlier have a use after free vulnerability. Successful exploitation could lead to arbitrary code execution.
CVSS Details
Base Score
Exploitability
Impact
Vector string
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Attack Vector Local
Attack Complexity Low
Privileges Required None
User Interaction Required
Scope Unchanged
Confidentiality High
Integrity High
Availability High
Threat Intelligence
CISA Known Exploited Overdue 1419d
- Added
- Feb 15, 2022
- Due
- Aug 15, 2022
The impacted product is end-of-life and should be disconnected if still in use.
EPSS Exploit Probability
99.6% percentile
Exploit & Patch Status
Actively Exploited (KEV)
Patch Available
Weaknesses 1
CWE-416 Use After Free Memory Safety
Affected Products 18
| Vendor | Product | Version | Range |
|---|---|---|---|
| adobe | flash_player | * | ≤31.0.0.153 |
| apple | mac_os_x | * | any |
| linux | linux_kernel | * | any |
| microsoft | windows | * | any |
| adobe | flash_player | * | ≤31.0.0.153 |
| apple | mac_os_x | * | any |
| chrome_os | * | any | |
| linux | linux_kernel | * | any |
| microsoft | windows | * | any |
| adobe | flash_player | * | ≤31.0.0.153 |
| adobe | flash_player | * | ≤31.0.0.153 |
| microsoft | windows_10 | * | any |
| microsoft | windows_8.1 | * | any |
| redhat | enterprise_linux_desktop | 6.0 | any |
| redhat | enterprise_linux_server | 6.0 | any |
| redhat | enterprise_linux_workstation | 6.0 | any |
| adobe | flash_player_installer | * | ≤31.0.0.108 |
| microsoft | windows | * | any |
References 6
- securityfocus.com http://www.securityfocus.com/bid/106116
- access.redhat.com https://access.redhat.com/errata/RHSA-2018:3795
- github.com https://github.com/cisagov/vulnrichment/issues/195
- helpx.adobe.com https://helpx.adobe.com/security/products/flash-player/apsb18-42.html
- cisa.gov https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-15982
- exploit-db.com https://www.exploit-db.com/exploits/46051/
Remediation
- helpx.adobe.com https://helpx.adobe.com/security/products/flash-player/apsb18-42.html