Information disclosure in Adobe Flash Player

Published: 2018-09-11 20:03:23
Severity Low
Patch available YES
Number of vulnerabilities 1
CVE ID CVE-2018-15967
CVSSv3 3.8 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CWE ID CWE-200
Exploitation vector Network
Public exploit Not available
Vulnerable software Adobe Flash Player
Vulnerable software versions Adobe Flash Player 30.0.0.154
Adobe Flash Player 30.0.0.134
Adobe Flash Player 30.0.0.113
Vendor URL Adobe

Security Advisory

1) Information disclosure

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The vulnerability exists due to unspecified error when processing .swf files. A remote attacker can create a specially crafted .swf file, trick the victim to open it and gain access to potentially sensitive information.

Remediation

Update to version 31.0.0.108.

External links

https://helpx.adobe.com/security/products/flash-player/apsb18-31.html

Back to List