Adobe Flash Player <= 29.0.0.113 (apsb18-08)

Mar 20, 2019 Versions of Adobe Flash Player prior to 29.0.0.140 are unpatched, and therefore affected by multiple vulnerabilities: A Use-After-Free vulnerability exists that could lead to arbitrary code execution. (CVE-2018-4932) Multiple out-of-bounds read vulnerabilities exist that could lead to information disclosure. (CVE-2018-4933, CVE-2018-4934, CVE-2018-4935, CVE-2018-4937) A heap overflow. May 07, 2018 In Flash Player 29.0.0.113 Notification Update workflow was changed from Flash Player itself to a Task. Up until 28.0.0.161, Flash Player itself performed the check (for a new version) when Flash content was viewed. As of 29.0.0.113 this functionality was moved to a Task (Adobe Flash Player NPAPI Notifier Task). The Adobe Flash Player is freeware software for viewing multimedia, executing Rich Internet Applications, and streaming video and audio, content created on the Adobe Flash platform. Notes This vendor versions software only by the latest major version so -version parameter wich targets specific minor version will always install latest minor version.

  1. Adobe Flash Player 29.0 Download
All words(adobe flash player free

Adobe Flash Player 29.0 Download

Adobe Flash Player versions 29.0.0.113 and earlier have an exploitable out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
Publish Date : 2018-05-19 Last Update Date : 2019-03-07
Scroll To Comments External Links

- CVSS Scores & Vulnerability Types

CVSS Score
Confidentiality ImpactComplete(There is total information disclosure, resulting in all system files being revealed.)
Integrity ImpactComplete(There is a total compromise of system integrity. There is a complete loss of system protection, resulting in the entire system being compromised.)
Availability ImpactComplete(There is a total shutdown of the affected resource. The attacker can render the resource completely unavailable.)
Access ComplexityLow(Specialized access conditions or extenuating circumstances do not exist. Very little knowledge or skill is required to exploit. )
AuthenticationNot required(Authentication is not required to exploit the vulnerability.)
Gained AccessNone
Vulnerability Type(s)Execute Code
CWE ID787

- Products Affected By CVE-2018-4937

#Product TypeVendorProductVersionUpdateEditionLanguage
No vulnerable product found. If the vulnerability is created recently it may take a few days to gather vulnerable products list and other information like cvss scores. Please check again in a few days.

- References For CVE-2018-4937

http://www.securityfocus.com/bid/103708
BID 103708 Adobe Flash Player APSB18-08 Multiple Security Vulnerabilities Release Date:2018-04-16
https://security.gentoo.org/glsa/201804-11
GENTOO GLSA-201804-11
http://www.securitytracker.com/id/1040648
SECTRACK 1040648
https://access.redhat.com/errata/RHSA-2018:1119
REDHAT RHSA-2018:1119
https://www.exploit-db.com/exploits/44529/
EXPLOIT-DB 44529
https://helpx.adobe.com/security/products/flash-player/apsb18-08.html

- Metasploit Modules Related To CVE-2018-4937

There are not any metasploit modules related to this CVE entry (Please visit www.metasploit.com for more information)