CVE-2018-4871

MEDIUM

Description

An Out-of-bounds Read issue was discovered in Adobe Flash Player before 28.0.0.137. This vulnerability occurs because of computation that reads data that is past the end of the target buffer. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.

References

http://www.securityfocus.com/bid/102465

http://www.securitytracker.com/id/1040155

https://access.redhat.com/errata/RHSA-2018:0081

https://helpx.adobe.com/security/products/flash-player/apsb18-01.html

Details

Source: MITRE

Published: 2018-01-09

Updated: 2018-01-30

Type: CWE-125

Risk Information

CVSS v2.0

Base Score: 5

Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N)

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM

CVSS v3.0

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Impact Score: 3.6

Exploitability Score: 3.9

Severity: HIGH