Vulnerabilities Threats

English Russian Japanese LatAm Türkiye Brasil France Český Deutschland

KLA11223
Multiple vulnerabilities in Adobe Flash Player
Updated: 06/18/2020
Detect date
?
 04/10/2018
Severity
?
 Critical
Description

Multiple serious vulnerabilities have been found in Adobe Flash Player. Malicious users can exploit these vulnerabilities to execute arbitrary code and obtain sensitive information.

  1. Use-After-Free vulnerability can be exploited remotely to execute arbitrary code;
  2. Out-of-bounds reading vulnerabilities can be exploited remotely to obtain sensitive information;
  3. Out-of-bounds writing vulnerabilities can be exploited remotely to execute arbitrary code;
  4. Heap overflow vulnerability can be exploited remotely to obtain sensitive information.

Technical details

To update Adobe Flash Player ActiveX (detected as Flash.ocx) on Windows 8 and higher, install latest updates from Control Panel
Affected products

Adobe Flash Player earlier than 29.0.0.140
Solution

Update to the latest version
Download Adobe Flash Player
Original advisories

APSB18-08
Impacts
?
ACE 
[?]

OSI 
[?]
Related products
 Adobe Flash Player ActiveX
Adobe Flash Player NPAPI
Adobe Flash Player PPAPI
CVE-IDS
?
CVE-2018-49334.0Warning
CVE-2018-49345.0Critical
CVE-2018-493510.0Critical
CVE-2018-49365.0Critical
CVE-2018-493710.0Critical
CVE-2018-49329.0Critical
Exploitation

The following public exploits exists for this vulnerability:

https://www.exploit-db.com/exploits/44528

https://www.exploit-db.com/exploits/44527

https://www.exploit-db.com/exploits/44526

https://www.exploit-db.com/exploits/44529
© 2020 AO Kaspersky Lab. All Rights Reserved.
Privacy Policy

Up