|Number of vulnerabilities||1|
|CVE ID|| CVE-2018-4878
|CWE ID|| CWE-416
|Public exploit||This vulnerability is being exploited in the wild.|
Adobe Flash Player
Client/Desktop applications / Plugins for browsers, ActiveX components
This security advisory describes one critical risk vulnerability.
CWE-416 - Use After Free
Exploit availability: Yes [Search exploit]Description
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a use-after-free error when processing .swf files. A remote attacker can execute arbitrary code on the target system.
Note: this vulnerability is being actively exploited in the wild against the latest version of Adobe Flash Player.
UPDATE: The vendor has issued the fixed version on February 6, 2018.
Update to version 126.96.36.199.Vulnerable software versions
Adobe Flash Player: 188.8.131.52, 184.108.40.206, 220.127.116.11, 18.104.22.168, 22.214.171.124, 126.96.36.199, 188.8.131.52, 184.108.40.206, 220.127.116.11, 18.104.22.168, 22.214.171.124, 126.96.36.199, 188.8.131.52, 184.108.40.206CPE
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.