cvelistv5 - cve-2018-4877

CVE-2018-4877 (GCVE-0-2018-4877)

Vulnerability from cvelistv5 – Published: 2018-02-06 20:00 – Updated: 2024-08-05 05:18

Summary

A use-after-free vulnerability was discovered in Adobe Flash Player before 28.0.0.161. This vulnerability occurs due to a dangling pointer in the Primetime SDK related to media player's quality of service functionality. A successful attack can lead to arbitrary code execution.

Severity ?

No CVSS data available.

CWE

use-after-free

Assigner

adobe

References

URL

Tags

	https://helpx.adobe.com/security/products/flash-p…	x_refsource_MISC
	https://access.redhat.com/errata/RHSA-2018:0285	vendor-advisoryx_refsource_REDHAT
	http://www.securityfocus.com/bid/102930	vdb-entryx_refsource_BID

Impacted products

	Vendor	Product	Version
	n/a	Adobe Flash Player before 28.0.0.161	Affected: Adobe Flash Player before 28.0.0.161

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T05:18:26.666Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://helpx.adobe.com/security/products/flash-player/apsb18-03.html"
          },
          {
            "name": "RHSA-2018:0285",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:0285"
          },
          {
            "name": "102930",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/102930"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Adobe Flash Player before 28.0.0.161",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Adobe Flash Player before 28.0.0.161"
            }
          ]
        }
      ],
      "datePublic": "2018-02-06T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A use-after-free vulnerability was discovered in Adobe Flash Player before 28.0.0.161. This vulnerability occurs due to a dangling pointer in the Primetime SDK related to media player\u0027s quality of service functionality. A successful attack can lead to arbitrary code execution."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "use-after-free",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-02-27T04:57:01",
        "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "shortName": "adobe"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://helpx.adobe.com/security/products/flash-player/apsb18-03.html"
        },
        {
          "name": "RHSA-2018:0285",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:0285"
        },
        {
          "name": "102930",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/102930"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@adobe.com",
          "ID": "CVE-2018-4877",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Adobe Flash Player before 28.0.0.161",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Adobe Flash Player before 28.0.0.161"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A use-after-free vulnerability was discovered in Adobe Flash Player before 28.0.0.161. This vulnerability occurs due to a dangling pointer in the Primetime SDK related to media player\u0027s quality of service functionality. A successful attack can lead to arbitrary code execution."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "use-after-free"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://helpx.adobe.com/security/products/flash-player/apsb18-03.html",
              "refsource": "MISC",
              "url": "https://helpx.adobe.com/security/products/flash-player/apsb18-03.html"
            },
            {
              "name": "RHSA-2018:0285",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:0285"
            },
            {
              "name": "102930",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/102930"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
    "assignerShortName": "adobe",
    "cveId": "CVE-2018-4877",
    "datePublished": "2018-02-06T20:00:00",
    "dateReserved": "2018-01-03T00:00:00",
    "dateUpdated": "2024-08-05T05:18:26.666Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"28.0.0.161\", \"matchCriteriaId\": \"BB5FEF26-84B9-4C1D-99AC-9E2E52A92390\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"387021A0-AF36-463C-A605-32EA7DAC172E\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"703AF700-7A70-47E2-BC3A-7FD03B3CA9C1\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A2572D17-1DE6-457B-99CC-64AFD54487EA\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9BBCD86A-E6C7-4444-9D74-F861084090F0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E5ED5807-55B7-47C5-97A6-03233F4FBC3A\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:flash_player:*:*:*:*:*:edge:*:*\", \"versionEndExcluding\": \"28.0.0.161\", \"matchCriteriaId\": \"EAAD5B21-204E-4215-8892-CF0A78015FF9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:flash_player:*:*:*:*:*:internet_explorer_11:*:*\", \"versionEndExcluding\": \"28.0.0.161\", \"matchCriteriaId\": \"C28AD3D1-3392-419D-8C5C-182EC92A5DCA\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_10:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FBC814B4-7DEC-4EFC-ABFF-08FFD9FD16AA\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_8.1:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A7F51B5F-AA19-4D31-89FA-6DFAC4BA8F0F\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:adobe:flash_player:*:*:*:*:*:chrome:*:*\", \"versionEndExcluding\": \"28.0.0.161\", \"matchCriteriaId\": \"B5D4890F-79A6-4187-9556-7127678E0E19\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"387021A0-AF36-463C-A605-32EA7DAC172E\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:google:chrome_os:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D32ACF6F-5FF7-4815-8EAD-4719F5FC9B79\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"703AF700-7A70-47E2-BC3A-7FD03B3CA9C1\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A2572D17-1DE6-457B-99CC-64AFD54487EA\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"A use-after-free vulnerability was discovered in Adobe Flash Player before 28.0.0.161. This vulnerability occurs due to a dangling pointer in the Primetime SDK related to media player\u0027s quality of service functionality. A successful attack can lead to arbitrary code execution.\"}, {\"lang\": \"es\", \"value\": \"Se ha descubierto una vulnerabilidad de uso de memoria previamente liberada en Adobe Flash Player, en versiones anteriores a la 28.0.0.161. Esta vulnerabilidad ocurre debido a un puntero pendiente en el SDK Primetime relacionado con la funcionalidad de calidad del servicio del media player. Un ataque con \\u00e9xito podr\\u00eda permitir la ejecuci\\u00f3n arbitraria de c\\u00f3digo.\"}]",
      "id": "CVE-2018-4877",
      "lastModified": "2024-11-21T04:07:37.580",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 9.8, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:C/I:C/A:C\", \"baseScore\": 10.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 10.0, \"impactScore\": 10.0, \"acInsufInfo\": true, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2018-02-06T21:29:00.253",
      "references": "[{\"url\": \"http://www.securityfocus.com/bid/102930\", \"source\": \"psirt@adobe.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:0285\", \"source\": \"psirt@adobe.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://helpx.adobe.com/security/products/flash-player/apsb18-03.html\", \"source\": \"psirt@adobe.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/102930\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:0285\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://helpx.adobe.com/security/products/flash-player/apsb18-03.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "psirt@adobe.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-416\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2018-4877\",\"sourceIdentifier\":\"psirt@adobe.com\",\"published\":\"2018-02-06T21:29:00.253\",\"lastModified\":\"2024-11-21T04:07:37.580\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A use-after-free vulnerability was discovered in Adobe Flash Player before 28.0.0.161. This vulnerability occurs due to a dangling pointer in the Primetime SDK related to media player\u0027s quality of service functionality. A successful attack can lead to arbitrary code execution.\"},{\"lang\":\"es\",\"value\":\"Se ha descubierto una vulnerabilidad de uso de memoria previamente liberada en Adobe Flash Player, en versiones anteriores a la 28.0.0.161. Esta vulnerabilidad ocurre debido a un puntero pendiente en el SDK Primetime relacionado con la funcionalidad de calidad del servicio del media player. Un ataque con \u00e9xito podr\u00eda permitir la ejecuci\u00f3n arbitraria de c\u00f3digo.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:C/I:C/A:C\",\"baseScore\":10.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":10.0,\"acInsufInfo\":true,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-416\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"28.0.0.161\",\"matchCriteriaId\":\"BB5FEF26-84B9-4C1D-99AC-9E2E52A92390\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"387021A0-AF36-463C-A605-32EA7DAC172E\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"703AF700-7A70-47E2-BC3A-7FD03B3CA9C1\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A2572D17-1DE6-457B-99CC-64AFD54487EA\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9BBCD86A-E6C7-4444-9D74-F861084090F0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E5ED5807-55B7-47C5-97A6-03233F4FBC3A\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:*:*:*:*:*:edge:*:*\",\"versionEndExcluding\":\"28.0.0.161\",\"matchCriteriaId\":\"EAAD5B21-204E-4215-8892-CF0A78015FF9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:*:*:*:*:*:internet_explorer_11:*:*\",\"versionEndExcluding\":\"28.0.0.161\",\"matchCriteriaId\":\"C28AD3D1-3392-419D-8C5C-182EC92A5DCA\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_10:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FBC814B4-7DEC-4EFC-ABFF-08FFD9FD16AA\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_8.1:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A7F51B5F-AA19-4D31-89FA-6DFAC4BA8F0F\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:*:*:*:*:*:chrome:*:*\",\"versionEndExcluding\":\"28.0.0.161\",\"matchCriteriaId\":\"B5D4890F-79A6-4187-9556-7127678E0E19\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"387021A0-AF36-463C-A605-32EA7DAC172E\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:google:chrome_os:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D32ACF6F-5FF7-4815-8EAD-4719F5FC9B79\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"703AF700-7A70-47E2-BC3A-7FD03B3CA9C1\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A2572D17-1DE6-457B-99CC-64AFD54487EA\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/102930\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:0285\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://helpx.adobe.com/security/products/flash-player/apsb18-03.html\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/102930\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:0285\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://helpx.adobe.com/security/products/flash-player/apsb18-03.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}

CNVD-2018-05049

Vulnerability from cnvd - Published: 2018-03-13

Title

Adobe Flash Player内存错误引用漏洞（CNVD-2018-05049）

Description

Adobe Flash Player是美国奥多比（Adobe）公司的一款跨平台、基于浏览器的多媒体播放器产品。该产品支持跨屏幕和浏览器查看应用程序、内容和视频。 Adobe Flash Player中存在内存错误引用漏洞。攻击者可利用该漏洞执行任意代码，控制系统。

Severity

高

Patch Name

Adobe Flash Player内存错误引用漏洞（CNVD-2018-05049）的补丁

Patch Description

Adobe Flash Player是美国奥多比（Adobe）公司的一款跨平台、基于浏览器的多媒体播放器产品。该产品支持跨屏幕和浏览器查看应用程序、内容和视频。 Adobe Flash Player中存在内存错误引用漏洞。攻击者可利用该漏洞执行任意代码，控制系统。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

厂商已发布漏洞修复程序，请及时关注更新： https://helpx.adobe.com/security/products/flash-player/apsb18-03.html

Reference

https://nvd.nist.gov/vuln/detail/CVE-2018-4877

Impacted products

Name
Adobe Flash Player <28.0.0.161

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "102930"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-4877"
    }
  },
  "description": "Adobe Flash Player\u662f\u7f8e\u56fd\u5965\u591a\u6bd4\uff08Adobe\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u8de8\u5e73\u53f0\u3001\u57fa\u4e8e\u6d4f\u89c8\u5668\u7684\u591a\u5a92\u4f53\u64ad\u653e\u5668\u4ea7\u54c1\u3002\u8be5\u4ea7\u54c1\u652f\u6301\u8de8\u5c4f\u5e55\u548c\u6d4f\u89c8\u5668\u67e5\u770b\u5e94\u7528\u7a0b\u5e8f\u3001\u5185\u5bb9\u548c\u89c6\u9891\u3002\r\n\r\nAdobe Flash Player\u4e2d\u5b58\u5728\u5185\u5b58\u9519\u8bef\u5f15\u7528\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u4efb\u610f\u4ee3\u7801\uff0c\u63a7\u5236\u7cfb\u7edf\u3002",
  "discovererName": "bo13oy of Qihoo 360 Vulcan Team working with Trend Micro\u0027s Zero Day Initiative",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://helpx.adobe.com/security/products/flash-player/apsb18-03.html",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-05049",
  "openTime": "2018-03-13",
  "patchDescription": "Adobe Flash Player\u662f\u7f8e\u56fd\u5965\u591a\u6bd4\uff08Adobe\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u8de8\u5e73\u53f0\u3001\u57fa\u4e8e\u6d4f\u89c8\u5668\u7684\u591a\u5a92\u4f53\u64ad\u653e\u5668\u4ea7\u54c1\u3002\u8be5\u4ea7\u54c1\u652f\u6301\u8de8\u5c4f\u5e55\u548c\u6d4f\u89c8\u5668\u67e5\u770b\u5e94\u7528\u7a0b\u5e8f\u3001\u5185\u5bb9\u548c\u89c6\u9891\u3002\r\n\r\nAdobe Flash Player\u4e2d\u5b58\u5728\u5185\u5b58\u9519\u8bef\u5f15\u7528\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u4efb\u610f\u4ee3\u7801\uff0c\u63a7\u5236\u7cfb\u7edf\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Adobe Flash Player\u5185\u5b58\u9519\u8bef\u5f15\u7528\u6f0f\u6d1e\uff08CNVD-2018-05049\uff09\u7684\u8865\u4e01",
  "products": {
    "product": "Adobe Flash Player \u003c28.0.0.161"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2018-4877",
  "serverity": "\u9ad8",
  "submitTime": "2018-02-07",
  "title": "Adobe Flash Player\u5185\u5b58\u9519\u8bef\u5f15\u7528\u6f0f\u6d1e\uff08CNVD-2018-05049\uff09"
}

GHSA-HCF8-MXWR-H337

Vulnerability from github – Published: 2022-05-13 01:06 – Updated: 2022-05-13 01:06

Details

Severity ?

9.8 (Critical)


                  
                    CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2018-4877"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-416"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-02-06T21:29:00Z",
    "severity": "CRITICAL"
  },
  "details": "A use-after-free vulnerability was discovered in Adobe Flash Player before 28.0.0.161. This vulnerability occurs due to a dangling pointer in the Primetime SDK related to media player\u0027s quality of service functionality. A successful attack can lead to arbitrary code execution.",
  "id": "GHSA-hcf8-mxwr-h337",
  "modified": "2022-05-13T01:06:31Z",
  "published": "2022-05-13T01:06:31Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-4877"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2018:0285"
    },
    {
      "type": "WEB",
      "url": "https://helpx.adobe.com/security/products/flash-player/apsb18-03.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/102930"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GSD-2018-4877

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Aliases

CVE-2018-4877

Aliases

CVE-2018-4877

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2018-4877",
    "description": "A use-after-free vulnerability was discovered in Adobe Flash Player before 28.0.0.161. This vulnerability occurs due to a dangling pointer in the Primetime SDK related to media player\u0027s quality of service functionality. A successful attack can lead to arbitrary code execution.",
    "id": "GSD-2018-4877",
    "references": [
      "https://access.redhat.com/errata/RHSA-2018:0285",
      "https://advisories.mageia.org/CVE-2018-4877.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2018-4877"
      ],
      "details": "A use-after-free vulnerability was discovered in Adobe Flash Player before 28.0.0.161. This vulnerability occurs due to a dangling pointer in the Primetime SDK related to media player\u0027s quality of service functionality. A successful attack can lead to arbitrary code execution.",
      "id": "GSD-2018-4877",
      "modified": "2023-12-13T01:22:28.696044Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@adobe.com",
        "ID": "CVE-2018-4877",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Adobe Flash Player before 28.0.0.161",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "Adobe Flash Player before 28.0.0.161"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "A use-after-free vulnerability was discovered in Adobe Flash Player before 28.0.0.161. This vulnerability occurs due to a dangling pointer in the Primetime SDK related to media player\u0027s quality of service functionality. A successful attack can lead to arbitrary code execution."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "use-after-free"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://helpx.adobe.com/security/products/flash-player/apsb18-03.html",
            "refsource": "MISC",
            "url": "https://helpx.adobe.com/security/products/flash-player/apsb18-03.html"
          },
          {
            "name": "RHSA-2018:0285",
            "refsource": "REDHAT",
            "url": "https://access.redhat.com/errata/RHSA-2018:0285"
          },
          {
            "name": "102930",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/102930"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "28.0.0.161",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:internet_explorer_11:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "28.0.0.161",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:edge:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "28.0.0.161",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_8.1:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:chrome:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "28.0.0.161",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:google:chrome_os:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@adobe.com",
          "ID": "CVE-2018-4877"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "A use-after-free vulnerability was discovered in Adobe Flash Player before 28.0.0.161. This vulnerability occurs due to a dangling pointer in the Primetime SDK related to media player\u0027s quality of service functionality. A successful attack can lead to arbitrary code execution."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-416"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://helpx.adobe.com/security/products/flash-player/apsb18-03.html",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://helpx.adobe.com/security/products/flash-player/apsb18-03.html"
            },
            {
              "name": "102930",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/102930"
            },
            {
              "name": "RHSA-2018:0285",
              "refsource": "REDHAT",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:0285"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": true,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2021-09-08T17:21Z",
      "publishedDate": "2018-02-06T21:29Z"
    }
  }
}

RHSA-2018_0285

Vulnerability from csaf_redhat - Published: 2018-02-07 17:58 - Updated: 2024-11-15 02:06

Summary

Red Hat Security Advisory: flash-plugin security update

Notes

Topic

An update for flash-plugin is now available for Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details

The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update upgrades Flash Player to version 28.0.0.161. Security Fix(es): * This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities, detailed in the Adobe Security Bulletin listed in the References section, could allow an attacker to create a specially crafted SWF file that would cause flash-plugin to crash, execute arbitrary code, or disclose sensitive information when the victim loaded a page containing the malicious SWF content. (CVE-2018-4877, CVE-2018-4878)

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Critical"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update for flash-plugin is now available for Red Hat Enterprise Linux 6 Supplementary.\n\nRed Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in.\n\nThis update upgrades Flash Player to version 28.0.0.161.\n\nSecurity Fix(es):\n\n* This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities, detailed in the Adobe Security Bulletin listed in the References section, could allow an attacker to create a specially crafted SWF file that would cause flash-plugin to crash, execute arbitrary code, or disclose sensitive information when the victim loaded a page containing the malicious SWF content. (CVE-2018-4877, CVE-2018-4878)",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2018:0285",
        "url": "https://access.redhat.com/errata/RHSA-2018:0285"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#critical",
        "url": "https://access.redhat.com/security/updates/classification/#critical"
      },
      {
        "category": "external",
        "summary": "https://helpx.adobe.com/security/products/flash-player/apsb18-03.html",
        "url": "https://helpx.adobe.com/security/products/flash-player/apsb18-03.html"
      },
      {
        "category": "external",
        "summary": "1541981",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1541981"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2018/rhsa-2018_0285.json"
      }
    ],
    "title": "Red Hat Security Advisory: flash-plugin security update",
    "tracking": {
      "current_release_date": "2024-11-15T02:06:43+00:00",
      "generator": {
        "date": "2024-11-15T02:06:43+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.1"
        }
      },
      "id": "RHSA-2018:0285",
      "initial_release_date": "2018-02-07T17:58:39+00:00",
      "revision_history": [
        {
          "date": "2018-02-07T17:58:39+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2018-02-07T17:58:39+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-11-15T02:06:43+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
                "product": {
                  "name": "Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
                  "product_id": "6Client-Supplementary-6.9.z",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:6"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Server Supplementary (v. 6)",
                "product": {
                  "name": "Red Hat Enterprise Linux Server Supplementary (v. 6)",
                  "product_id": "6Server-Supplementary-6.9.z",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:6"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
                "product": {
                  "name": "Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
                  "product_id": "6Workstation-Supplementary-6.9.z",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:6"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux Supplementary"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "flash-plugin-0:28.0.0.161-1.el6_9.i686",
                "product": {
                  "name": "flash-plugin-0:28.0.0.161-1.el6_9.i686",
                  "product_id": "flash-plugin-0:28.0.0.161-1.el6_9.i686",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/flash-plugin@28.0.0.161-1.el6_9?arch=i686"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "i686"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "flash-plugin-0:28.0.0.161-1.el6_9.i686 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
          "product_id": "6Client-Supplementary-6.9.z:flash-plugin-0:28.0.0.161-1.el6_9.i686"
        },
        "product_reference": "flash-plugin-0:28.0.0.161-1.el6_9.i686",
        "relates_to_product_reference": "6Client-Supplementary-6.9.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "flash-plugin-0:28.0.0.161-1.el6_9.i686 as a component of Red Hat Enterprise Linux Server Supplementary (v. 6)",
          "product_id": "6Server-Supplementary-6.9.z:flash-plugin-0:28.0.0.161-1.el6_9.i686"
        },
        "product_reference": "flash-plugin-0:28.0.0.161-1.el6_9.i686",
        "relates_to_product_reference": "6Server-Supplementary-6.9.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "flash-plugin-0:28.0.0.161-1.el6_9.i686 as a component of Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
          "product_id": "6Workstation-Supplementary-6.9.z:flash-plugin-0:28.0.0.161-1.el6_9.i686"
        },
        "product_reference": "flash-plugin-0:28.0.0.161-1.el6_9.i686",
        "relates_to_product_reference": "6Workstation-Supplementary-6.9.z"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2018-4877",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "discovery_date": "2018-02-01T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1541981"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A use-after-free vulnerability was discovered in Adobe Flash Player before 28.0.0.161. This vulnerability occurs due to a dangling pointer in the Primetime SDK related to media player\u0027s quality of service functionality. A successful attack can lead to arbitrary code execution.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "flash-plugin: use-after-free causing remote code execution (APSB18-03)",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "6Client-Supplementary-6.9.z:flash-plugin-0:28.0.0.161-1.el6_9.i686",
          "6Server-Supplementary-6.9.z:flash-plugin-0:28.0.0.161-1.el6_9.i686",
          "6Workstation-Supplementary-6.9.z:flash-plugin-0:28.0.0.161-1.el6_9.i686"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2018-4877"
        },
        {
          "category": "external",
          "summary": "RHBZ#1541981",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1541981"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2018-4877",
          "url": "https://www.cve.org/CVERecord?id=CVE-2018-4877"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-4877",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-4877"
        },
        {
          "category": "external",
          "summary": "https://helpx.adobe.com/security/products/flash-player/apsb18-03.html",
          "url": "https://helpx.adobe.com/security/products/flash-player/apsb18-03.html"
        }
      ],
      "release_date": "2018-02-01T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2018-02-07T17:58:39+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "6Client-Supplementary-6.9.z:flash-plugin-0:28.0.0.161-1.el6_9.i686",
            "6Server-Supplementary-6.9.z:flash-plugin-0:28.0.0.161-1.el6_9.i686",
            "6Workstation-Supplementary-6.9.z:flash-plugin-0:28.0.0.161-1.el6_9.i686"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2018:0285"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "6Client-Supplementary-6.9.z:flash-plugin-0:28.0.0.161-1.el6_9.i686",
            "6Server-Supplementary-6.9.z:flash-plugin-0:28.0.0.161-1.el6_9.i686",
            "6Workstation-Supplementary-6.9.z:flash-plugin-0:28.0.0.161-1.el6_9.i686"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "flash-plugin: use-after-free causing remote code execution (APSB18-03)"
    },
    {
      "cve": "CVE-2018-4878",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "discovery_date": "2018-02-01T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1541981"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A use-after-free vulnerability was discovered in Adobe Flash Player before 28.0.0.161. This vulnerability occurs due to a dangling pointer in the Primetime SDK related to media player handling of listener objects. A successful attack can lead to arbitrary code execution. This was exploited in the wild in January and February 2018.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "flash-plugin: use-after-free causing remote code execution (APSB18-03)",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "6Client-Supplementary-6.9.z:flash-plugin-0:28.0.0.161-1.el6_9.i686",
          "6Server-Supplementary-6.9.z:flash-plugin-0:28.0.0.161-1.el6_9.i686",
          "6Workstation-Supplementary-6.9.z:flash-plugin-0:28.0.0.161-1.el6_9.i686"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2018-4878"
        },
        {
          "category": "external",
          "summary": "RHBZ#1541981",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1541981"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2018-4878",
          "url": "https://www.cve.org/CVERecord?id=CVE-2018-4878"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-4878",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-4878"
        },
        {
          "category": "external",
          "summary": "https://helpx.adobe.com/security/products/flash-player/apsb18-03.html",
          "url": "https://helpx.adobe.com/security/products/flash-player/apsb18-03.html"
        },
        {
          "category": "external",
          "summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
          "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
        }
      ],
      "release_date": "2018-02-01T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2018-02-07T17:58:39+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "6Client-Supplementary-6.9.z:flash-plugin-0:28.0.0.161-1.el6_9.i686",
            "6Server-Supplementary-6.9.z:flash-plugin-0:28.0.0.161-1.el6_9.i686",
            "6Workstation-Supplementary-6.9.z:flash-plugin-0:28.0.0.161-1.el6_9.i686"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2018:0285"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "6Client-Supplementary-6.9.z:flash-plugin-0:28.0.0.161-1.el6_9.i686",
            "6Server-Supplementary-6.9.z:flash-plugin-0:28.0.0.161-1.el6_9.i686",
            "6Workstation-Supplementary-6.9.z:flash-plugin-0:28.0.0.161-1.el6_9.i686"
          ]
        }
      ],
      "threats": [
        {
          "category": "exploit_status",
          "date": "2021-11-03T00:00:00+00:00",
          "details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
        },
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "flash-plugin: use-after-free causing remote code execution (APSB18-03)"
    }
  ]
}

RHSA-2018:0285

Vulnerability from csaf_redhat - Published: 2018-02-07 17:58 - Updated: 2025-11-21 18:03

Summary

Red Hat Security Advisory: flash-plugin security update

Notes

Topic

Details

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Critical"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update for flash-plugin is now available for Red Hat Enterprise Linux 6 Supplementary.\n\nRed Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in.\n\nThis update upgrades Flash Player to version 28.0.0.161.\n\nSecurity Fix(es):\n\n* This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities, detailed in the Adobe Security Bulletin listed in the References section, could allow an attacker to create a specially crafted SWF file that would cause flash-plugin to crash, execute arbitrary code, or disclose sensitive information when the victim loaded a page containing the malicious SWF content. (CVE-2018-4877, CVE-2018-4878)",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2018:0285",
        "url": "https://access.redhat.com/errata/RHSA-2018:0285"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#critical",
        "url": "https://access.redhat.com/security/updates/classification/#critical"
      },
      {
        "category": "external",
        "summary": "https://helpx.adobe.com/security/products/flash-player/apsb18-03.html",
        "url": "https://helpx.adobe.com/security/products/flash-player/apsb18-03.html"
      },
      {
        "category": "external",
        "summary": "1541981",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1541981"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2018/rhsa-2018_0285.json"
      }
    ],
    "title": "Red Hat Security Advisory: flash-plugin security update",
    "tracking": {
      "current_release_date": "2025-11-21T18:03:40+00:00",
      "generator": {
        "date": "2025-11-21T18:03:40+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.6.12"
        }
      },
      "id": "RHSA-2018:0285",
      "initial_release_date": "2018-02-07T17:58:39+00:00",
      "revision_history": [
        {
          "date": "2018-02-07T17:58:39+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2018-02-07T17:58:39+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2025-11-21T18:03:40+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
                "product": {
                  "name": "Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
                  "product_id": "6Client-Supplementary-6.9.z",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:6"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Server Supplementary (v. 6)",
                "product": {
                  "name": "Red Hat Enterprise Linux Server Supplementary (v. 6)",
                  "product_id": "6Server-Supplementary-6.9.z",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:6"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
                "product": {
                  "name": "Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
                  "product_id": "6Workstation-Supplementary-6.9.z",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhel_extras:6"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux Supplementary"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "flash-plugin-0:28.0.0.161-1.el6_9.i686",
                "product": {
                  "name": "flash-plugin-0:28.0.0.161-1.el6_9.i686",
                  "product_id": "flash-plugin-0:28.0.0.161-1.el6_9.i686",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/flash-plugin@28.0.0.161-1.el6_9?arch=i686"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "i686"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "flash-plugin-0:28.0.0.161-1.el6_9.i686 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 6)",
          "product_id": "6Client-Supplementary-6.9.z:flash-plugin-0:28.0.0.161-1.el6_9.i686"
        },
        "product_reference": "flash-plugin-0:28.0.0.161-1.el6_9.i686",
        "relates_to_product_reference": "6Client-Supplementary-6.9.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "flash-plugin-0:28.0.0.161-1.el6_9.i686 as a component of Red Hat Enterprise Linux Server Supplementary (v. 6)",
          "product_id": "6Server-Supplementary-6.9.z:flash-plugin-0:28.0.0.161-1.el6_9.i686"
        },
        "product_reference": "flash-plugin-0:28.0.0.161-1.el6_9.i686",
        "relates_to_product_reference": "6Server-Supplementary-6.9.z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "flash-plugin-0:28.0.0.161-1.el6_9.i686 as a component of Red Hat Enterprise Linux Workstation Supplementary (v. 6)",
          "product_id": "6Workstation-Supplementary-6.9.z:flash-plugin-0:28.0.0.161-1.el6_9.i686"
        },
        "product_reference": "flash-plugin-0:28.0.0.161-1.el6_9.i686",
        "relates_to_product_reference": "6Workstation-Supplementary-6.9.z"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2018-4877",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "discovery_date": "2018-02-01T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1541981"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A use-after-free vulnerability was discovered in Adobe Flash Player before 28.0.0.161. This vulnerability occurs due to a dangling pointer in the Primetime SDK related to media player\u0027s quality of service functionality. A successful attack can lead to arbitrary code execution.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "flash-plugin: use-after-free causing remote code execution (APSB18-03)",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "6Client-Supplementary-6.9.z:flash-plugin-0:28.0.0.161-1.el6_9.i686",
          "6Server-Supplementary-6.9.z:flash-plugin-0:28.0.0.161-1.el6_9.i686",
          "6Workstation-Supplementary-6.9.z:flash-plugin-0:28.0.0.161-1.el6_9.i686"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2018-4877"
        },
        {
          "category": "external",
          "summary": "RHBZ#1541981",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1541981"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2018-4877",
          "url": "https://www.cve.org/CVERecord?id=CVE-2018-4877"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-4877",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-4877"
        },
        {
          "category": "external",
          "summary": "https://helpx.adobe.com/security/products/flash-player/apsb18-03.html",
          "url": "https://helpx.adobe.com/security/products/flash-player/apsb18-03.html"
        }
      ],
      "release_date": "2018-02-01T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2018-02-07T17:58:39+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "6Client-Supplementary-6.9.z:flash-plugin-0:28.0.0.161-1.el6_9.i686",
            "6Server-Supplementary-6.9.z:flash-plugin-0:28.0.0.161-1.el6_9.i686",
            "6Workstation-Supplementary-6.9.z:flash-plugin-0:28.0.0.161-1.el6_9.i686"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2018:0285"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "6Client-Supplementary-6.9.z:flash-plugin-0:28.0.0.161-1.el6_9.i686",
            "6Server-Supplementary-6.9.z:flash-plugin-0:28.0.0.161-1.el6_9.i686",
            "6Workstation-Supplementary-6.9.z:flash-plugin-0:28.0.0.161-1.el6_9.i686"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "flash-plugin: use-after-free causing remote code execution (APSB18-03)"
    },
    {
      "cve": "CVE-2018-4878",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "discovery_date": "2018-02-01T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1541981"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A use-after-free vulnerability was discovered in Adobe Flash Player before 28.0.0.161. This vulnerability occurs due to a dangling pointer in the Primetime SDK related to media player handling of listener objects. A successful attack can lead to arbitrary code execution. This was exploited in the wild in January and February 2018.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "flash-plugin: use-after-free causing remote code execution (APSB18-03)",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "6Client-Supplementary-6.9.z:flash-plugin-0:28.0.0.161-1.el6_9.i686",
          "6Server-Supplementary-6.9.z:flash-plugin-0:28.0.0.161-1.el6_9.i686",
          "6Workstation-Supplementary-6.9.z:flash-plugin-0:28.0.0.161-1.el6_9.i686"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2018-4878"
        },
        {
          "category": "external",
          "summary": "RHBZ#1541981",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1541981"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2018-4878",
          "url": "https://www.cve.org/CVERecord?id=CVE-2018-4878"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-4878",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-4878"
        },
        {
          "category": "external",
          "summary": "https://helpx.adobe.com/security/products/flash-player/apsb18-03.html",
          "url": "https://helpx.adobe.com/security/products/flash-player/apsb18-03.html"
        },
        {
          "category": "external",
          "summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
          "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
        }
      ],
      "release_date": "2018-02-01T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2018-02-07T17:58:39+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "6Client-Supplementary-6.9.z:flash-plugin-0:28.0.0.161-1.el6_9.i686",
            "6Server-Supplementary-6.9.z:flash-plugin-0:28.0.0.161-1.el6_9.i686",
            "6Workstation-Supplementary-6.9.z:flash-plugin-0:28.0.0.161-1.el6_9.i686"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2018:0285"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "6Client-Supplementary-6.9.z:flash-plugin-0:28.0.0.161-1.el6_9.i686",
            "6Server-Supplementary-6.9.z:flash-plugin-0:28.0.0.161-1.el6_9.i686",
            "6Workstation-Supplementary-6.9.z:flash-plugin-0:28.0.0.161-1.el6_9.i686"
          ]
        }
      ],
      "threats": [
        {
          "category": "exploit_status",
          "date": "2021-11-03T00:00:00+00:00",
          "details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
        },
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "flash-plugin: use-after-free causing remote code execution (APSB18-03)"
    }
  ]
}

CERTFR-2018-AVI-072

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découverte dans les produits Microsoft Windows utilisant le composant Adobe Flash Player. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Microsoft	Windows	Windows Server 2012
Microsoft	Windows	Windows Server 2012 R2
Microsoft	Windows	Windows 10
Microsoft	Windows	Windows RT 8.1
Microsoft	Windows	Windows Server 2016
Microsoft	Windows	Windows 8.1

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft ADV180004 du 6 février 2018

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Windows Server 2012",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2012 R2",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows RT 8.1",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2016",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 8.1",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2018-4877",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4877"
    },
    {
      "name": "CVE-2018-4878",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4878"
    }
  ],
  "links": [],
  "reference": "CERTFR-2018-AVI-072",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2018-02-07T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couverte dans les produits\nMicrosoft Windows utilisant le composant Adobe Flash Player. Elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Microsoft Windows utilisant le composant Adobe Flash Player",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft ADV180004 du 6 f\u00e9vrier 2018",
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180004"
    }
  ]
}

CERTFR-2018-AVI-072

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Microsoft	Windows	Windows Server 2012
Microsoft	Windows	Windows Server 2012 R2
Microsoft	Windows	Windows 10
Microsoft	Windows	Windows RT 8.1
Microsoft	Windows	Windows Server 2016
Microsoft	Windows	Windows 8.1

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft ADV180004 du 6 février 2018

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Windows Server 2012",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2012 R2",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 10",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows RT 8.1",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows Server 2016",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Windows 8.1",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2018-4877",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4877"
    },
    {
      "name": "CVE-2018-4878",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4878"
    }
  ],
  "links": [],
  "reference": "CERTFR-2018-AVI-072",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2018-02-07T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couverte dans les produits\nMicrosoft Windows utilisant le composant Adobe Flash Player. Elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Microsoft Windows utilisant le composant Adobe Flash Player",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft ADV180004 du 6 f\u00e9vrier 2018",
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180004"
    }
  ]
}

CERTFR-2018-AVI-071

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans Adobe Flash Player. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Adobe	N/A	Adobe Flash Player Desktop Runtime versions 28.0.0.137 et antérieures sur Linux
Adobe	N/A	Adobe Flash Player pour Microsoft Edge and Internet Explorer 11 versions 28.0.0.137 et antérieures sur Windows 10 et 8.1
Adobe	N/A	Adobe Flash Player Desktop Runtime versions 28.0.0.137 et antérieures sur Windows et Macintosh
Adobe	N/A	Adobe Flash Player pour Google Chrome versions 28.0.0.137 et antérieures sur Windows, Macintosh, Linux et Chrome OS

References

Title

Publication Time

Tags

Bulletin de sécurité Adobe APSB18-03 du 6 février 2018

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Adobe Flash Player Desktop Runtime versions 28.0.0.137 et ant\u00e9rieures sur Linux",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    },
    {
      "description": "Adobe Flash Player pour Microsoft Edge and Internet Explorer 11 versions 28.0.0.137 et ant\u00e9rieures sur Windows 10 et 8.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    },
    {
      "description": "Adobe Flash Player Desktop Runtime versions 28.0.0.137 et ant\u00e9rieures sur Windows et Macintosh",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    },
    {
      "description": "Adobe Flash Player pour Google Chrome versions 28.0.0.137 et ant\u00e9rieures sur Windows, Macintosh, Linux et Chrome OS",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2018-4877",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4877"
    },
    {
      "name": "CVE-2018-4878",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4878"
    }
  ],
  "links": [],
  "reference": "CERTFR-2018-AVI-071",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2018-02-07T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Adobe Flash Player.\nElles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code\narbitraire \u00e0 distance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9 dans Adobe Flash Player",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Adobe APSB18-03 du 6 f\u00e9vrier 2018",
      "url": "https://helpx.adobe.com/security/products/flash-player/apsb18-03.html"
    }
  ]
}

CERTFR-2018-AVI-071

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans Adobe Flash Player. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Adobe	N/A	Adobe Flash Player Desktop Runtime versions 28.0.0.137 et antérieures sur Linux
Adobe	N/A	Adobe Flash Player pour Microsoft Edge and Internet Explorer 11 versions 28.0.0.137 et antérieures sur Windows 10 et 8.1
Adobe	N/A	Adobe Flash Player Desktop Runtime versions 28.0.0.137 et antérieures sur Windows et Macintosh
Adobe	N/A	Adobe Flash Player pour Google Chrome versions 28.0.0.137 et antérieures sur Windows, Macintosh, Linux et Chrome OS

References

Title

Publication Time

Tags

Bulletin de sécurité Adobe APSB18-03 du 6 février 2018

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Adobe Flash Player Desktop Runtime versions 28.0.0.137 et ant\u00e9rieures sur Linux",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    },
    {
      "description": "Adobe Flash Player pour Microsoft Edge and Internet Explorer 11 versions 28.0.0.137 et ant\u00e9rieures sur Windows 10 et 8.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    },
    {
      "description": "Adobe Flash Player Desktop Runtime versions 28.0.0.137 et ant\u00e9rieures sur Windows et Macintosh",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    },
    {
      "description": "Adobe Flash Player pour Google Chrome versions 28.0.0.137 et ant\u00e9rieures sur Windows, Macintosh, Linux et Chrome OS",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2018-4877",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4877"
    },
    {
      "name": "CVE-2018-4878",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4878"
    }
  ],
  "links": [],
  "reference": "CERTFR-2018-AVI-071",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2018-02-07T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Adobe Flash Player.\nElles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code\narbitraire \u00e0 distance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9 dans Adobe Flash Player",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Adobe APSB18-03 du 6 f\u00e9vrier 2018",
      "url": "https://helpx.adobe.com/security/products/flash-player/apsb18-03.html"
    }
  ]
}

CERTFR-2018-ALE-003

Vulnerability from certfr_alerte - Published: - Updated:

Le 01 février 2018, Adobe a publié un avis de sécurité concernant une vulnérabilité de type 0-jour affectant Flash Player.

Cette vulnérabilité, portant l'identifiant CVE-2018-4878, permet une exécution de code arbitraire à distance.

Adobe indique que cette vulnérabilité est activement exploitée dans le cadre d'attaques ciblées.

Le vecteur de distribution constaté jusqu'à présent est un courriel d'hameçonnage ciblé avec un fichier Office contenant la charge malveillante.

Toutefois, l'exploitation de cette vulnérabilité dans le contexte d'un navigateur est possible dès lors qu'un greffon Flash Player est activé.

Solution

Le 6 février 2018, Adobe a publié un bulletin annonçant un correctif pour les systèmes affectés par les vulnérabilités CVE-2018-4878 et CVE-2018-4877.

À la même date, Microsoft annonce l'intégration de ce correctif pour ses systèmes Windows utilisant Adobe Flash Player dans un bulletin de sécurité hors de son cycle de mises à jour mensuelles (cf. section Documentation).

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Contournement provisoire

Dans l'attente des correctifs prévus pour la semaine du 5 février 2018, le CERT-FR recommande :

de s'assurer que le mode protégé d'Office est bien activé car il empêche l'exécution automatique, entre autres, de Flash pour les documents téléchargés sur internet (cf. section Documentation) ;
que les utilisateurs respectent le guide des bonnes pratiques de l'informatique de l'ANSSI (cf. section Documentation) ;
de désactiver, voire de désinstaller les greffons Flash Player ; à ce titre, des conseils sont disponibles dans le bulletin d'actualité CERTFR-2016-ACT-052 (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Adobe	N/A	Adobe Flash Player Desktop Runtime versions 28.0.0.137 et antérieures sur Linux
Adobe	N/A	Adobe Flash Player Desktop Runtime versions 28.0.0.137 et antérieures sur Windows et Macintosh
Adobe	N/A	Adobe Flash Player pour Google Chrome versions 28.0.0.137 et antérieures sur Windows, Macintosh, Linux et Chrome OS
Adobe	N/A	Adobe Flash Player for Microsoft Edge et Internet Explorer 11 versions 28.0.0.137 et antérieures sur Windows 10 et 8.1

References

Title

Publication Time

Tags

Bulletin de sécurité Adobe apsa18-03 du 06 février 2018	None	vendor-advisory
Bulletin de sécurité Adobe apsa18-01 du 01 février 2018	None	vendor-advisory
Bulletin d'actualité CERT-FR CERTFR-2016-ACT-052	-	other
Guide des bonnes pratiques de l'informatique	-	other
Avis CERT-FR CERTFR-2018-AVI-072 Multiples vulnérabilités dans les produits Microsoft Windows utilisant le composant Adobe Flash Player	-	other
Office mode protégé	-	other
Avis CERT-FR CERTFR-2018-AVI-071 Multiples vulnérabilité dans Adobe Flash Player	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Adobe Flash Player Desktop Runtime versions 28.0.0.137 et ant\u00e9rieures sur Linux",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    },
    {
      "description": "Adobe Flash Player Desktop Runtime versions 28.0.0.137 et ant\u00e9rieures sur Windows et Macintosh",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    },
    {
      "description": "Adobe Flash Player pour Google Chrome versions 28.0.0.137 et ant\u00e9rieures sur Windows, Macintosh, Linux et Chrome OS",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    },
    {
      "description": "Adobe Flash Player for Microsoft Edge et Internet Explorer 11 versions 28.0.0.137 et ant\u00e9rieures sur Windows 10 et 8.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "closed_at": "2018-02-07",
  "content": "## Solution\n\nLe 6 f\u00e9vrier 2018, Adobe a publi\u00e9 un bulletin annon\u00e7ant un correctif\npour les syst\u00e8mes affect\u00e9s par les vuln\u00e9rabilit\u00e9s CVE-2018-4878 et\nCVE-2018-4877.\n\n\u00c0 la m\u00eame date, Microsoft annonce l\u0027int\u00e9gration de ce correctif pour ses\nsyst\u00e8mes Windows utilisant Adobe Flash Player dans un bulletin de\ns\u00e9curit\u00e9 hors de son cycle de mises \u00e0 jour mensuelles (cf. section\nDocumentation).\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n\n## Contournement provisoire\n\nDans l\u0027attente des correctifs pr\u00e9vus pour la semaine du 5 f\u00e9vrier 2018,\nle CERT-FR recommande :\n\n-   de s\u0027assurer que le mode prot\u00e9g\u00e9 d\u0027Office est bien activ\u00e9 car il\n    emp\u00eache l\u0027ex\u00e9cution automatique, entre autres, de Flash pour les\n    documents t\u00e9l\u00e9charg\u00e9s sur internet (cf. section Documentation) ;\n-   que les utilisateurs respectent le guide des bonnes pratiques de\n    l\u0027informatique de l\u0027ANSSI\u00a0(cf. section Documentation) ;\n-   de d\u00e9sactiver, voire de d\u00e9sinstaller les greffons Flash Player ; \u00e0\n    ce titre, des conseils sont disponibles dans le bulletin\n    d\u0027actualit\u00e9\u00a0CERTFR-2016-ACT-052 (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2018-4878",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4878"
    },
    {
      "name": "CVE-2018-4877",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4877"
    }
  ],
  "links": [
    {
      "title": "Bulletin d\u0027actualit\u00e9 CERT-FR CERTFR-2016-ACT-052",
      "url": "https://www.cert.ssi.gouv.fr/actualite/CERTFR-2016-ACT-052/"
    },
    {
      "title": "Guide des bonnes pratiques de l\u0027informatique",
      "url": "https://www.ssi.gouv.fr/particulier/guide/guide-des-bonnes-pratiques-de-linformatique/"
    },
    {
      "title": "Avis CERT-FR CERTFR-2018-AVI-072 Multiples vuln\u00e9rabilit\u00e9s dans les produits Microsoft Windows utilisant le composant Adobe Flash Player",
      "url": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2018-AVI-072"
    },
    {
      "title": "Office mode prot\u00e9g\u00e9",
      "url": "https://support.office.com/fr-fr/article/qu-est-ce-que-le-mode-prot%c3%a9g%c3%a9-d6f09ac7-e6b9-4495-8e43-2bbcdbcb6653?ui=fr-FR\u0026rs=fr-FR\u0026ad=FR#bm5"
    },
    {
      "title": "Avis CERT-FR CERTFR-2018-AVI-071 Multiples vuln\u00e9rabilit\u00e9 dans Adobe Flash Player",
      "url": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2018-AVI-071"
    }
  ],
  "reference": "CERTFR-2018-ALE-003",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2018-02-02T00:00:00.000000"
    },
    {
      "description": "Pas de nouveau contenu",
      "revision_date": "2018-02-02T00:00:00.000000"
    },
    {
      "description": "Mise \u00e0 jour suite \u00e0 la publication d\u0027un correctif par Adobe. Cl\u00f4ture de l\u0027alerte.",
      "revision_date": "2018-02-07T00:00:00.000000"
    },
    {
      "description": "Mise \u00e0 jour suite \u00e0 la publication d\u0027un correctif par Adobe. Cl\u00f4ture de l\u0027alerte.",
      "revision_date": "2018-02-07T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Le 01 f\u00e9vrier 2018, Adobe a publi\u00e9 un avis de s\u00e9curit\u00e9 concernant une\nvuln\u00e9rabilit\u00e9 de type 0-jour affectant Flash Player.\n\nCette vuln\u00e9rabilit\u00e9, portant l\u0027identifiant CVE-2018-4878, permet une\nex\u00e9cution de code arbitraire \u00e0 distance.\n\nAdobe indique que cette vuln\u00e9rabilit\u00e9 est activement exploit\u00e9e dans le\ncadre d\u0027attaques cibl\u00e9es.\n\nLe vecteur de distribution constat\u00e9 jusqu\u0027\u00e0 pr\u00e9sent est un courriel\nd\u0027hame\u00e7onnage cibl\u00e9 avec un fichier Office contenant la charge\nmalveillante.\n\nToutefois, l\u0027exploitation de cette vuln\u00e9rabilit\u00e9 dans le contexte d\u0027un\nnavigateur est possible d\u00e8s lors qu\u0027un greffon Flash Player est activ\u00e9.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans Adobe Flash Player",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Adobe apsa18-03 du 06 f\u00e9vrier 2018",
      "url": "https://helpx.adobe.com/security/products/flash-player/apsa18-03.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Adobe apsa18-01 du 01 f\u00e9vrier 2018",
      "url": "https://helpx.adobe.com/security/products/flash-player/apsa18-01.html"
    }
  ]
}

CERTFR-2018-ALE-003

Vulnerability from certfr_alerte - Published: - Updated:

Le 01 février 2018, Adobe a publié un avis de sécurité concernant une vulnérabilité de type 0-jour affectant Flash Player.

Cette vulnérabilité, portant l'identifiant CVE-2018-4878, permet une exécution de code arbitraire à distance.

Adobe indique que cette vulnérabilité est activement exploitée dans le cadre d'attaques ciblées.

Le vecteur de distribution constaté jusqu'à présent est un courriel d'hameçonnage ciblé avec un fichier Office contenant la charge malveillante.

Toutefois, l'exploitation de cette vulnérabilité dans le contexte d'un navigateur est possible dès lors qu'un greffon Flash Player est activé.

Solution

Le 6 février 2018, Adobe a publié un bulletin annonçant un correctif pour les systèmes affectés par les vulnérabilités CVE-2018-4878 et CVE-2018-4877.

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Contournement provisoire

Dans l'attente des correctifs prévus pour la semaine du 5 février 2018, le CERT-FR recommande :

de s'assurer que le mode protégé d'Office est bien activé car il empêche l'exécution automatique, entre autres, de Flash pour les documents téléchargés sur internet (cf. section Documentation) ;
que les utilisateurs respectent le guide des bonnes pratiques de l'informatique de l'ANSSI (cf. section Documentation) ;
de désactiver, voire de désinstaller les greffons Flash Player ; à ce titre, des conseils sont disponibles dans le bulletin d'actualité CERTFR-2016-ACT-052 (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Adobe	N/A	Adobe Flash Player Desktop Runtime versions 28.0.0.137 et antérieures sur Linux
Adobe	N/A	Adobe Flash Player Desktop Runtime versions 28.0.0.137 et antérieures sur Windows et Macintosh
Adobe	N/A	Adobe Flash Player pour Google Chrome versions 28.0.0.137 et antérieures sur Windows, Macintosh, Linux et Chrome OS
Adobe	N/A	Adobe Flash Player for Microsoft Edge et Internet Explorer 11 versions 28.0.0.137 et antérieures sur Windows 10 et 8.1

References

Title

Publication Time

Tags

Bulletin de sécurité Adobe apsa18-03 du 06 février 2018	None	vendor-advisory
Bulletin de sécurité Adobe apsa18-01 du 01 février 2018	None	vendor-advisory
Bulletin d'actualité CERT-FR CERTFR-2016-ACT-052	-	other
Guide des bonnes pratiques de l'informatique	-	other
Avis CERT-FR CERTFR-2018-AVI-072 Multiples vulnérabilités dans les produits Microsoft Windows utilisant le composant Adobe Flash Player	-	other
Office mode protégé	-	other
Avis CERT-FR CERTFR-2018-AVI-071 Multiples vulnérabilité dans Adobe Flash Player	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Adobe Flash Player Desktop Runtime versions 28.0.0.137 et ant\u00e9rieures sur Linux",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    },
    {
      "description": "Adobe Flash Player Desktop Runtime versions 28.0.0.137 et ant\u00e9rieures sur Windows et Macintosh",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    },
    {
      "description": "Adobe Flash Player pour Google Chrome versions 28.0.0.137 et ant\u00e9rieures sur Windows, Macintosh, Linux et Chrome OS",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    },
    {
      "description": "Adobe Flash Player for Microsoft Edge et Internet Explorer 11 versions 28.0.0.137 et ant\u00e9rieures sur Windows 10 et 8.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "closed_at": "2018-02-07",
  "content": "## Solution\n\nLe 6 f\u00e9vrier 2018, Adobe a publi\u00e9 un bulletin annon\u00e7ant un correctif\npour les syst\u00e8mes affect\u00e9s par les vuln\u00e9rabilit\u00e9s CVE-2018-4878 et\nCVE-2018-4877.\n\n\u00c0 la m\u00eame date, Microsoft annonce l\u0027int\u00e9gration de ce correctif pour ses\nsyst\u00e8mes Windows utilisant Adobe Flash Player dans un bulletin de\ns\u00e9curit\u00e9 hors de son cycle de mises \u00e0 jour mensuelles (cf. section\nDocumentation).\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n\n## Contournement provisoire\n\nDans l\u0027attente des correctifs pr\u00e9vus pour la semaine du 5 f\u00e9vrier 2018,\nle CERT-FR recommande :\n\n-   de s\u0027assurer que le mode prot\u00e9g\u00e9 d\u0027Office est bien activ\u00e9 car il\n    emp\u00eache l\u0027ex\u00e9cution automatique, entre autres, de Flash pour les\n    documents t\u00e9l\u00e9charg\u00e9s sur internet (cf. section Documentation) ;\n-   que les utilisateurs respectent le guide des bonnes pratiques de\n    l\u0027informatique de l\u0027ANSSI\u00a0(cf. section Documentation) ;\n-   de d\u00e9sactiver, voire de d\u00e9sinstaller les greffons Flash Player ; \u00e0\n    ce titre, des conseils sont disponibles dans le bulletin\n    d\u0027actualit\u00e9\u00a0CERTFR-2016-ACT-052 (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2018-4878",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4878"
    },
    {
      "name": "CVE-2018-4877",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4877"
    }
  ],
  "links": [
    {
      "title": "Bulletin d\u0027actualit\u00e9 CERT-FR CERTFR-2016-ACT-052",
      "url": "https://www.cert.ssi.gouv.fr/actualite/CERTFR-2016-ACT-052/"
    },
    {
      "title": "Guide des bonnes pratiques de l\u0027informatique",
      "url": "https://www.ssi.gouv.fr/particulier/guide/guide-des-bonnes-pratiques-de-linformatique/"
    },
    {
      "title": "Avis CERT-FR CERTFR-2018-AVI-072 Multiples vuln\u00e9rabilit\u00e9s dans les produits Microsoft Windows utilisant le composant Adobe Flash Player",
      "url": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2018-AVI-072"
    },
    {
      "title": "Office mode prot\u00e9g\u00e9",
      "url": "https://support.office.com/fr-fr/article/qu-est-ce-que-le-mode-prot%c3%a9g%c3%a9-d6f09ac7-e6b9-4495-8e43-2bbcdbcb6653?ui=fr-FR\u0026rs=fr-FR\u0026ad=FR#bm5"
    },
    {
      "title": "Avis CERT-FR CERTFR-2018-AVI-071 Multiples vuln\u00e9rabilit\u00e9 dans Adobe Flash Player",
      "url": "https://www.cert.ssi.gouv.fr/avis/CERTFR-2018-AVI-071"
    }
  ],
  "reference": "CERTFR-2018-ALE-003",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2018-02-02T00:00:00.000000"
    },
    {
      "description": "Pas de nouveau contenu",
      "revision_date": "2018-02-02T00:00:00.000000"
    },
    {
      "description": "Mise \u00e0 jour suite \u00e0 la publication d\u0027un correctif par Adobe. Cl\u00f4ture de l\u0027alerte.",
      "revision_date": "2018-02-07T00:00:00.000000"
    },
    {
      "description": "Mise \u00e0 jour suite \u00e0 la publication d\u0027un correctif par Adobe. Cl\u00f4ture de l\u0027alerte.",
      "revision_date": "2018-02-07T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Le 01 f\u00e9vrier 2018, Adobe a publi\u00e9 un avis de s\u00e9curit\u00e9 concernant une\nvuln\u00e9rabilit\u00e9 de type 0-jour affectant Flash Player.\n\nCette vuln\u00e9rabilit\u00e9, portant l\u0027identifiant CVE-2018-4878, permet une\nex\u00e9cution de code arbitraire \u00e0 distance.\n\nAdobe indique que cette vuln\u00e9rabilit\u00e9 est activement exploit\u00e9e dans le\ncadre d\u0027attaques cibl\u00e9es.\n\nLe vecteur de distribution constat\u00e9 jusqu\u0027\u00e0 pr\u00e9sent est un courriel\nd\u0027hame\u00e7onnage cibl\u00e9 avec un fichier Office contenant la charge\nmalveillante.\n\nToutefois, l\u0027exploitation de cette vuln\u00e9rabilit\u00e9 dans le contexte d\u0027un\nnavigateur est possible d\u00e8s lors qu\u0027un greffon Flash Player est activ\u00e9.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans Adobe Flash Player",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Adobe apsa18-03 du 06 f\u00e9vrier 2018",
      "url": "https://helpx.adobe.com/security/products/flash-player/apsa18-03.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Adobe apsa18-01 du 01 f\u00e9vrier 2018",
      "url": "https://helpx.adobe.com/security/products/flash-player/apsa18-01.html"
    }
  ]
}

FKIE_CVE-2018-4877

Vulnerability from fkie_nvd - Published: 2018-02-06 21:29 - Updated: 2024-11-21 04:07

Severity ?

9.8 (Critical) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
psirt@adobe.com	http://www.securityfocus.com/bid/102930	Third Party Advisory, VDB Entry
psirt@adobe.com	https://access.redhat.com/errata/RHSA-2018:0285	Third Party Advisory
psirt@adobe.com	https://helpx.adobe.com/security/products/flash-player/apsb18-03.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/102930	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://access.redhat.com/errata/RHSA-2018:0285	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://helpx.adobe.com/security/products/flash-player/apsb18-03.html	Vendor Advisory

Impacted products

Vendor	Product	Version
adobe	flash_player	*
apple	macos	-
linux	linux_kernel	-
microsoft	windows	-
redhat	enterprise_linux_desktop	6.0
redhat	enterprise_linux_server	6.0
redhat	enterprise_linux_workstation	6.0
adobe	flash_player	*
adobe	flash_player	*
microsoft	windows_10	*
microsoft	windows_8.1	*
adobe	flash_player	*
apple	macos	-
google	chrome_os	-
linux	linux_kernel	-
microsoft	windows	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB5FEF26-84B9-4C1D-99AC-9E2E52A92390",
              "versionEndExcluding": "28.0.0.161",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:edge:*:*",
              "matchCriteriaId": "EAAD5B21-204E-4215-8892-CF0A78015FF9",
              "versionEndExcluding": "28.0.0.161",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:internet_explorer_11:*:*",
              "matchCriteriaId": "C28AD3D1-3392-419D-8C5C-182EC92A5DCA",
              "versionEndExcluding": "28.0.0.161",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows_10:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FBC814B4-7DEC-4EFC-ABFF-08FFD9FD16AA",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_8.1:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7F51B5F-AA19-4D31-89FA-6DFAC4BA8F0F",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:chrome:*:*",
              "matchCriteriaId": "B5D4890F-79A6-4187-9556-7127678E0E19",
              "versionEndExcluding": "28.0.0.161",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:google:chrome_os:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D32ACF6F-5FF7-4815-8EAD-4719F5FC9B79",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A use-after-free vulnerability was discovered in Adobe Flash Player before 28.0.0.161. This vulnerability occurs due to a dangling pointer in the Primetime SDK related to media player\u0027s quality of service functionality. A successful attack can lead to arbitrary code execution."
    },
    {
      "lang": "es",
      "value": "Se ha descubierto una vulnerabilidad de uso de memoria previamente liberada en Adobe Flash Player, en versiones anteriores a la 28.0.0.161. Esta vulnerabilidad ocurre debido a un puntero pendiente en el SDK Primetime relacionado con la funcionalidad de calidad del servicio del media player. Un ataque con \u00e9xito podr\u00eda permitir la ejecuci\u00f3n arbitraria de c\u00f3digo."
    }
  ],
  "id": "CVE-2018-4877",
  "lastModified": "2024-11-21T04:07:37.580",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": true,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-02-06T21:29:00.253",
  "references": [
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/102930"
    },
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0285"
    },
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://helpx.adobe.com/security/products/flash-player/apsb18-03.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/102930"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0285"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://helpx.adobe.com/security/products/flash-player/apsb18-03.html"
    }
  ],
  "sourceIdentifier": "psirt@adobe.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-416"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2018-4877 (GCVE-0-2018-4877)

Solution

Solution

Solution

Solution

Solution

Contournement provisoire

Solution

Contournement provisoire

Tags

Sightings

Nomenclature