Adobe Flash Player 30.0.0.134 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.

Versions of Adobe Flash Player prior to 30.0.0.154 are unpatched, and therefore affected by multiple vulnerabilities :

 - An out-of-bounds read vulnerability exists that could lead to information disclosure. (CVE-2018-12824, CVE-2018-12826, CVE-2018-12827)
 - A security bypass vulnerability exists that could lead to security mitigation bypass. (CVE-2018-12825)
 - A "use of a component with a known vulnerability" vulnerability exists that could lead to privilege escalation. (CVE-2018-12828)

An update for flash-plugin is now available for Red Hat Enterprise Linux 6 Supplementary.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in.

This update upgrades Flash Player to version 30.0.0.154.

Security Fix(es) :

* flash-plugin: Information Disclosure vulnerabilities (APSB18-25) (CVE-2018-12824, CVE-2018-12826, CVE-2018-12827)

* flash-plugin: Security Mitigation Bypass vulnerability (APSB18-25) (CVE-2018-12825)

* flash-plugin: Privilege Escalation vulnerability (APSB18-25) (CVE-2018-12828)

For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

Adobe reports :

- This update resolves out-of-bounds read vulnerabilities that could lead to information disclosure (CVE-2018-12824, CVE-2018-12826, CVE-2018-12827).

- This update resolves a security bypass vulnerability that could lead to security mitigation bypass (CVE-2018-12825).

- This update resolves a component vulnerability that could lead to privilege escalation (CVE-2018-12828).

The remote Windows host is missing security update KB4343902. It is, therefore, affected by multiple remote code execution vulnerabilities in Adobe Flash Player.

The version of Adobe Flash Player installed on the remote Windows host is equal or prior to version 30.0.0.134. It is therefore affected by multiple vulnerabilities.

The version of Adobe Flash Player installed on the remote macOS or Mac OS X host is equal or prior to version 30.0.0.134.
It is therefore affected by multiple vulnerabilities.

ID	Name	Product	Family	Severity
700436	Flash Player < 30.0.0.154 Multiple Vulnerabilities (APSB18-25)	Nessus Network Monitor	Web Clients	high
111776	RHEL 6 : flash-plugin (RHSA-2018:2435)	Nessus	Red Hat Local Security Checks	critical
111721	FreeBSD : Flash Player -- multiple vulnerabilities (98b603c8-9ff3-11e8-ad63-6451062f0f7a)	Nessus	FreeBSD Local Security Checks	critical
111691	KB4343902: Security update for Adobe Flash Player (August 2018)	Nessus	Windows : Microsoft Bulletins	critical
111683	Adobe Flash Player <= 30.0.0.134 (APSB18-25)	Nessus	Windows	critical
111681	Adobe Flash Player for Mac <= 30.0.0.134 (APSB18-25)	Nessus	MacOS X Local Security Checks	critical

Detections

Analytics

CVE-2018-12827

high

Tenable Plugins

high

critical

critical

critical

critical

critical