Lucene search

K
mageiaGentoo FoundationMGASA-2018-0120
HistoryFeb 07, 2018 - 4:50 p.m.

Updated flash-player-plugin packages fix security vulnerability

2018-02-0716:50:37
Gentoo Foundation
advisories.mageia.org
50

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.973

Percentile

99.9%

Adobe Flash Player 28.0.0.161 addresses critical use-after-free vulnerabilities that could lead to remote code execution (CVE-2018-4877, CVE-2018-4878). Successful exploitation could potentially allow an attacker to take control of the affected system. Adobe is aware of a report that an exploit for CVE-2018-4878 exists in the wild, and is being used in limited, targeted attacks against Windows users. These attacks leverage Office documents with embedded malicious Flash content distributed via email.

OSVersionArchitecturePackageVersionFilename
Mageia6noarchflash-player-plugin<Β 28.0.0.161-1flash-player-plugin-28.0.0.161-1.mga6.nonfree

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.973

Percentile

99.9%