Mar 20, 2019 Versions of Adobe Flash Player prior to 29.0.0.140 are unpatched, and therefore affected by multiple vulnerabilities: A Use-After-Free vulnerability exists that could lead to arbitrary code execution. (CVE-2018-4932) Multiple out-of-bounds read vulnerabilities exist that could lead to information disclosure. (CVE-2018-4933, CVE-2018-4934, CVE-2018-4935, CVE-2018-4937) A heap overflow. May 07, 2018 In Flash Player 29.0.0.113 Notification Update workflow was changed from Flash Player itself to a Task. Up until 28.0.0.161, Flash Player itself performed the check (for a new version) when Flash content was viewed. As of 29.0.0.113 this functionality was moved to a Task (Adobe Flash Player NPAPI Notifier Task). The Adobe Flash Player is freeware software for viewing multimedia, executing Rich Internet Applications, and streaming video and audio, content created on the Adobe Flash platform. Notes This vendor versions software only by the latest major version so -version parameter wich targets specific minor version will always install latest minor version.
- Adobe Flash Player 29.0 Download
Adobe Flash Player 29.0 Download
Adobe Flash Player versions 29.0.0.113 and earlier have an exploitable out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
Publish Date : 2018-05-19 Last Update Date : 2019-03-07 | Scroll To | Comments | External Links |
- CVSS Scores & Vulnerability Types | CVSS Score |
|---|
| Confidentiality Impact | Complete(There is total information disclosure, resulting in all system files being revealed.) |
|---|
| Integrity Impact | Complete(There is a total compromise of system integrity. There is a complete loss of system protection, resulting in the entire system being compromised.) |
|---|
| Availability Impact | Complete(There is a total shutdown of the affected resource. The attacker can render the resource completely unavailable.) |
|---|
| Access Complexity | Low(Specialized access conditions or extenuating circumstances do not exist. Very little knowledge or skill is required to exploit. ) |
|---|
| Authentication | Not required(Authentication is not required to exploit the vulnerability.) |
|---|
| Gained Access | None |
|---|
| Vulnerability Type(s) | Execute Code |
|---|
| CWE ID | 787 |
|---|
|
- Products Affected By CVE-2018-4937 | # | Product Type | Vendor | Product | Version | Update | Edition | Language |
|---|
No vulnerable product found. If the vulnerability is created recently it may take a few days to gather vulnerable products list and other information like cvss scores. Please check again in a few days. |
- References For CVE-2018-4937 http://www.securityfocus.com/bid/103708
BID 103708 Adobe Flash Player APSB18-08 Multiple Security Vulnerabilities Release Date:2018-04-16 | https://security.gentoo.org/glsa/201804-11
GENTOO GLSA-201804-11 | http://www.securitytracker.com/id/1040648
SECTRACK 1040648 | https://access.redhat.com/errata/RHSA-2018:1119
REDHAT RHSA-2018:1119 | https://www.exploit-db.com/exploits/44529/
EXPLOIT-DB 44529 | https://helpx.adobe.com/security/products/flash-player/apsb18-08.html
|
|
- Metasploit Modules Related To CVE-2018-4937There are not any metasploit modules related to this CVE entry (Please visit www.metasploit.com for more information)
|