CVE-2018-4920

HIGH

Description

Adobe Flash Player versions 28.0.0.161 and earlier have an exploitable type confusion vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.

References

http://www.securityfocus.com/bid/103383

http://www.securitytracker.com/id/1040509

https://access.redhat.com/errata/RHSA-2018:0520

https://helpx.adobe.com/security/products/flash-player/apsb18-05.html

Details

Source: MITRE

Published: 2018-05-19

Updated: 2018-06-27

Type: CWE-704

Risk Information

CVSS v2.0

Base Score: 10

Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C)

Impact Score: 10

Exploitability Score: 10

Severity: HIGH

CVSS v3.0

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 3.9

Severity: CRITICAL