VDB

CVE-2018-4878

CVE-2018-4878 PUBLISHED KEV

A use-after-free vulnerability was discovered in Adobe Flash Player before 28.0.0.161. This vulnerability occurs due to a dangling pointer in the Primetime SDK related to media player handling of listener objects. A successful attack can lead to arbitrary code execution. This was exploited in the wild in January and February 2018.

EPSS 93.51% · 99.8th percentile

Risk Scores

EPSS Score
93.51%
99.8th percentile

Affected Products

VendorProductVersions
Ubuntu:16.04:LTSflashplugin-nonfree0, 11.2.202.540ubuntu2, 11.2.202.548ubuntu1
Ubuntu:14.04:LTSflashplugin-nonfree11.2.202.626ubuntu0.14.04.1, 11.2.202.632ubuntu0.14.04.1, 11.2.202.635ubuntu0.14.04.1

Exploit Intelligence

…and 191 more exploits

Timeline

  • Jan 19, 1970 VulnCheck XDB Entry
  • Jul 5, 2015 VulnCheck KEV Exploitation
  • Jul 21, 2015 VulnCheck KEV Exploitation
  • Aug 10, 2015 VulnCheck KEV Exploitation
  • Feb 3, 2016 VulnCheck KEV Exploitation
  • Jan 9, 2017 VulnCheck KEV Exploitation
  • Feb 2, 2018 CVE Published
  • Feb 2, 2018 PoC Published
  • Feb 4, 2018 VulnCheck KEV Exploitation
  • Feb 6, 2018 PoC Published
  • Feb 24, 2018 PoC Published
  • Apr 4, 2018 PoC Published

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›