CVE-2018-5002

HIGH CISA KEV EPSS 97.7%
Published Jul 9, 20187y ago · Modified Jun 17, 20262w ago
7.8 CVSS 3.1
High
Find Similar
Published Jul 9, 2018 7y ago
Last Modified Jun 17, 2026 2w ago
KEV Listed May 23, 2022 4y ago
KEV Due Jun 13, 2022 1482d overdue

Description

Adobe Flash Player versions 29.0.0.171 and earlier have a Stack-based buffer overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.

CVSS Details

Base Score
7.8
Exploitability
1.8
Impact
5.9
Vector string
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required None
User Interaction Required
Scope Unchanged
Confidentiality High
Integrity High
Availability High

Threat Intelligence

CISA Known Exploited Overdue 1482d
Added
May 23, 2022
Due
Jun 13, 2022

The impacted product is end-of-life and should be disconnected if still in use.

EPSS Exploit Probability
97.7% percentile
Exploit & Patch Status
Actively Exploited (KEV)
Patch Available

Weaknesses 2

CWE-121
CWE-787 Out-of-bounds Write Memory Safety

Affected Products 16

VendorProductVersionRange
adobeflash_player_desktop_runtime* ≤29.0.0.171
applemac_os_x*any
linuxlinux_kernel*any
microsoftwindows*any
adobeflash_player* ≤29.0.0.171
applemac_os_x*any
googlechrome_os*any
linuxlinux_kernel*any
microsoftwindows*any
adobeflash_player* ≤29.0.0.171
adobeflash_player* ≤29.0.0.171
microsoftwindows_10*any
microsoftwindows_8.1*any
redhatenterprise_linux_desktop6.0any
redhatenterprise_linux_server6.0any
redhatenterprise_linux_workstation6.0any

References 7

  • securityfocus.com http://www.securityfocus.com/bid/104412
    Broken LinkThird Party AdvisoryVDB Entry
  • securitytracker.com http://www.securitytracker.com/id/1041058
    Broken LinkThird Party AdvisoryVDB Entry
  • access.redhat.com https://access.redhat.com/errata/RHSA-2018:1827
    Third Party Advisory
  • github.com https://github.com/cisagov/vulnrichment/issues/196
    Issue Tracking
  • helpx.adobe.com https://helpx.adobe.com/security/products/flash-player/apsb18-19.html
    PatchVendor Advisory
  • security.gentoo.org https://security.gentoo.org/glsa/201806-02
    Third Party Advisory
  • cisa.gov https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-5002
    Third Party AdvisoryUS Government Resource

Remediation

  • helpx.adobe.com https://helpx.adobe.com/security/products/flash-player/apsb18-19.html
    PatchVendor Advisory