Flash Player versions 31.0.0.153 and earlier, and 31.0.0.108 and earlier have an insecure library loading (dll hijacking) vulnerability. Successful exploitation could lead to privilege escalation.

Adobe reports :

- This update resolves a use-after-free vulnerability that could lead to arbitrary code execution (CVE-2018-15982).

- This update resolves an insecure library loading vulnerability that could lead to privilege escalation (CVE-2018-15983).

The remote Windows host is missing security update KB4471331. It is, therefore, affected by the following vulnerabilities :

  - An unspecified use-after-free error exists that allows     remote code execution. (CVE-2018-15982)

  - An unspecified insecure library loading error exists     that allows privilege escalation. (CVE-2018-15983)

The version of Adobe Flash Player installed on the remote Windows host is equal or prior to version 31.0.0.153. It is therefore affected by the following vulnerabilities :

  - An unspecified use-after-free error exists that allows     remote code execution. (CVE-2018-15982)

  - An unspecified insecure library loading error exists     that allows privilege escalation. (CVE-2018-15983)

The version of Adobe Flash Player installed on the remote macOS or Mac OS X host is equal or prior to version 31.0.0.153.
It is therefore affected by the following vulnerabilities :

  - An unspecified use-after-free error exists that allows     remote code execution. (CVE-2018-15982)

  - An unspecified insecure library loading error exists     that allows privilege escalation. (CVE-2018-15983)

Versions of Adobe Flash Player prior to 32.0.0.101 are unpatched, and therefore affected by the following RCE vulnerabilities :

 - An unspecified use-after-free error exists that allows remote code execution. (CVE-2018-15982)
 - An unspecified insecure library loading error exists that allows privilege escalation. (CVE-2018-15983)

ID	Name	Product	Family	Severity
119481	FreeBSD : Flash Player -- multiple vulnerabilities (49cbe200-f92a-11e8-a89d-d43d7ef03aa6)	Nessus	FreeBSD Local Security Checks	critical
119463	KB4471331: Security update for Adobe Flash Player (December 2018)	Nessus	Windows : Microsoft Bulletins	critical
119462	Adobe Flash Player <= 31.0.0.153 (APSB18-42)	Nessus	Windows	critical
119424	Adobe Flash Player for Mac <= 31.0.0.153 (APSB18-42)	Nessus	MacOS X Local Security Checks	critical
700375	Adobe Flash Player < 32.0.0.101 Multiple RCE (APSB18-42)	Nessus Network Monitor	Web Clients	high

Detections

Analytics

CVE-2018-15983

high

Tenable Plugins

critical

critical

critical

critical

high