CVE-2018-15983

MEDIUM

Description

Flash Player versions 31.0.0.153 and earlier, and 31.0.0.108 and earlier have an insecure library loading (dll hijacking) vulnerability. Successful exploitation could lead to privilege escalation.

References

http://www.securityfocus.com/bid/106108

https://helpx.adobe.com/security/products/flash-player/apsb18-42.html

Details

Source: MITRE

Published: 2019-01-18

Updated: 2019-01-28

Type: CWE-426

Risk Information

CVSS v2.0

Base Score: 6.8

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 8.6

Severity: MEDIUM

CVSS v3.0

Base Score: 7.8

Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 1.8

Severity: HIGH

Vulnerable Software

Configuration 1

AND

cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*

cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

Configuration 2

AND

cpe:2.3:a:adobe:flash_player:*:*:*:*:*:chrome:*:*

cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*

cpe:2.3:o:google:chrome_os:-:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

Configuration 3

AND

cpe:2.3:a:adobe:flash_player:*:*:*:*:*:edge:*:*

cpe:2.3:a:adobe:flash_player:*:*:*:*:*:internet_explorer_11:*:*

cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*

Tenable Plugins

View all (5 total)

ID	Name	Product	Family	Severity
119481	FreeBSD : Flash Player -- multiple vulnerabilities (49cbe200-f92a-11e8-a89d-d43d7ef03aa6)	Nessus	FreeBSD Local Security Checks	critical
119463	KB4471331: Security update for Adobe Flash Player (December 2018)	Nessus	Windows : Microsoft Bulletins	critical
119462	Adobe Flash Player <= 31.0.0.153 (APSB18-42)	Nessus	Windows	critical
119424	Adobe Flash Player for Mac <= 31.0.0.153 (APSB18-42)	Nessus	MacOS X Local Security Checks	critical
700375	Adobe Flash Player < 32.0.0.101 Multiple RCE (APSB18-42)	Nessus Network Monitor	Web Clients	high