CVE-2018-15978

MEDIUM

Description

Flash Player versions 31.0.0.122 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.

References

http://www.securityfocus.com/bid/105909

http://www.securitytracker.com/id/1042098

https://access.redhat.com/errata/RHSA-2018:3618

https://helpx.adobe.com/security/products/flash-player/apsb18-39.html

Details

Source: MITRE

Published: 2018-11-29

Updated: 2018-12-28

Type: CWE-125

Risk Information

CVSS v2.0

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM

CVSS v3.0

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Impact Score: 3.6

Exploitability Score: 3.9

Severity: HIGH

Vulnerable Software

Configuration 1

AND

OR

cpe:2.3:a:adobe:flash_player_desktop_runtime:*:*:*:*:*:*:*:*

OR

cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

Configuration 2

AND

OR

cpe:2.3:a:adobe:flash_player:*:*:*:*:*:chrome:*:*

OR

cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*

cpe:2.3:o:google:chrome_os:-:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

Configuration 3

AND

OR

cpe:2.3:a:adobe:flash_player:*:*:*:*:*:edge:*:*

cpe:2.3:a:adobe:flash_player:*:*:*:*:*:internet_explorer_11:*:*

OR

cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*

Configuration 4

OR

cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*

Tenable Plugins

View all (6 total)

ID	Name	Product	Family	Severity
700438	Flash Player < 31.0.0.148 Information Disclosure (APSB18-39)	Nessus Network Monitor	Web Clients	high
118964	RHEL 6 : flash-plugin (RHSA-2018:3618)	Nessus	Red Hat Local Security Checks	medium
118942	FreeBSD : Flash Player -- information disclosure (b69292e8-e798-11e8-ae07-6451062f0f7a)	Nessus	FreeBSD Local Security Checks	medium
118917	KB4467694: Security update for Adobe Flash Player (November 2018)	Nessus	Windows : Microsoft Bulletins	medium
118909	Adobe Flash Player <= 31.0.0.122 (APSB18-39)	Nessus	Windows	medium
118908	Adobe Flash Player for Mac <= 31.0.0.122 (APSB18-39)	Nessus	MacOS X Local Security Checks	medium