CVE-2018-4944

HIGH

Description

Adobe Flash Player versions 29.0.0.140 and earlier have an exploitable type confusion vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.

References

http://www.securityfocus.com/bid/104101

http://www.securitytracker.com/id/1040840

https://access.redhat.com/errata/RHSA-2018:1367

https://helpx.adobe.com/security/products/flash-player/apsb18-16.html

https://security.gentoo.org/glsa/201806-02

Details

Source: MITRE

Published: 2018-05-19

Updated: 2019-03-07

Type: CWE-704

Risk Information

CVSS v2.0

Base Score: 10

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 10

Severity: HIGH

CVSS v3.0

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 3.9

Severity: CRITICAL