9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.974 High
EPSS
Percentile
99.9%
Name | adobe_flash_metadata_uaf |
---|---|
CVE | CVE-2018-15982 Exploit Pack |
VENDOR: Adobe | |
NOTES: In the package com.adobe.tvsdk.mediacore.metadata the setObject method | |
does not set a reference to the key String Object so if we force the GC | |
this memory will be released but it will still be in our vector (Use-After-Free). |
This exploit only support x86 targets, this has been tested on Windows 7 with
Flash Player 31.0.0.153.
VersionsAffected: Affects all Flash versions from 19.0 up to and including 31.0.0.153
Repeatability: Infinite
References:
CVE Url: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15982
Date public: 07/12/2018
CVSS: N/A
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.974 High
EPSS
Percentile
99.9%