This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities, detailed in the Adobe Security Bulletin listed in the References section, could allow an attacker to create a specially crafted SWF file that would cause flash-plugin to crash, execute arbitrary code, or disclose sensitive information when the victim loaded a page containing the malicious SWF content. (CVE-2018-4877, CVE-2018-4878)

OSVersionArchitecturePackageVersionFilename
RedHat6i686flash-plugin< 28.0.0.161-1.el6_9flash-plugin-28.0.0.161-1.el6_9.i686.rpm

OS	Version	Architecture	Package	Version	Filename
RedHat	6	i686	flash-plugin	< 28.0.0.161-1.el6_9	flash-plugin-28.0.0.161-1.el6_9.i686.rpm

nessus 7

adobe 2

openvas 8

redhatcve 2

mscve 1

freebsd 1

mageia 1

trendmicroblog 3

threatpost 4

attackerkb 1

ubuntucve 2

checkpoint_advisories 2

zdt 3

prion 2

myhack58 3

zdi 1

fireeye 7

seebug 1

exploitpack 3

symantec 2

talosblog 1

krebs 1

malwarebytes 18

cve 2

gentoo 1

thn 1

packetstorm 1

kaspersky 1

cisa_kev 1

exploitdb 3

securelist 3

qualysblog 3

ics 1

nessus

RHEL 6 : flash-plugin (RHSA-2018:0285) (Underminer)

2018-02-08 00:00:00

KB4074595: Security update for Adobe Flash Player (February 2018)

2018-02-07 00:00:00

Adobe Flash Player <= 28.0.0.137 Use-after-free Remote Code Execution (APSA18-01) (APSB18-03)

2018-02-05 00:00:00

adobe

APSB18-03 Security updates available for Adobe Flash Player

2018-02-06 00:00:00

APSA18-01 Security Advisory for Adobe Flash Player

2018-02-01 00:00:00

openvas

Adobe Flash Player Within Google Chrome Multiple RCE Vulnerabilities (APSA18-01) - Windows

2018-02-02 00:00:00

Mageia: Security Advisory (MGASA-2018-0120)

2022-01-28 00:00:00

Adobe Flash Player Within Google Chrome Multiple RCE Vulnerabilities - Mac OS X

2018-02-02 00:00:00

redhatcve

CVE-2018-4877

2018-02-06 20:19:59

CVE-2018-4878

2018-02-05 11:19:42

mscve

February 2018 Adobe Flash Security Update

2018-02-06 08:00:00

freebsd

Flash Player -- multiple vulnerabilities

2018-01-31 00:00:00

mageia

Updated flash-player-plugin packages fix security vulnerability

2018-02-07 16:50:37

trendmicroblog

TippingPoint Threat Intelligence and Zero-Day Coverage – Week of February 5, 2018

2018-02-09 16:55:38

This Week in Security News: Trends and Tea Parties

2018-03-02 14:35:07

This Week in Security News: Botnets and Breaches

2018-02-09 14:00:56

threatpost

Massive Spam Campaign Targets Unpatched Systems

2018-02-27 17:55:35

Adobe Patches Zero-Day Vulnerability in Flash Player

2018-12-05 15:18:09

Adobe Flash Player Zero-Day Spotted in the Wild

2018-02-01 15:40:55

attackerkb

CVE-2018-4878

2018-02-06 00:00:00

ubuntucve

CVE-2018-4878

2018-02-06 00:00:00

CVE-2018-4877

2018-02-06 00:00:00

checkpoint_advisories

Adobe Flash Player Use After Free (APSB18-03: CVE-2018-4877)

2018-02-06 00:00:00

Adobe Flash Player Use After Free (APSB18-03: CVE-2018-4878)

2018-02-04 00:00:00

zdt

Flash ActiveX 28.0.0.137 - Code Execution Exploit (2)

2018-05-24 00:00:00

Flash ActiveX 28.0.0.137 - Code Execution Exploit (1)

2018-05-24 00:00:00

Adobe Flash 28.0.0.137 Remote Code Execution Exploit

2018-04-04 00:00:00

prion

Design/Logic Flaw

2018-02-06 21:29:00

Design/Logic Flaw

2018-02-06 21:29:00

myhack58

CVE-2018-4878 case: for a Hong Kong Telecommunications Company website is intrusion investigations-vulnerability and early warning-the black bar safety net

2018-04-10 00:00:00

To see the Hidden Bee how to use a new vulnerability propagation-vulnerability warning-the black bar safety net

2018-08-07 00:00:00

The macro perspective of the office vulnerability, 2010-2018-a vulnerability warning-the black bar safety net

2019-06-13 00:00:00

zdi

Adobe Flash Player QOSProvider attachMediaPlayerItemLoader Use-After-Free Remote Code Execution Vulnerability

2018-02-23 00:00:00

fireeye

Attacks Leveraging Adobe Zero-Day (CVE-2018-4878) – Threat Attribution, Attack Scenario and Recommendations

2018-02-03 02:15:00

Attacks Leveraging Adobe Zero-Day (CVE-2018-4878) – Threat Attribution, Attack Scenario and Recommendations

2018-02-02 21:15:00

APT37 (Reaper): The Overlooked North Korean Actor

2018-02-20 08:30:00

seebug

Adobe Flash Player Use After Free Remote Code Execution Vulnerability(CVE-2018-4878)

2018-02-23 00:00:00

exploitpack

Adobe Flash 28.0.0.161 - Use-After-Free

2018-04-06 00:00:00

Flash ActiveX 28.0.0.137 - Code Execution (2)

2016-02-13 00:00:00

Flash ActiveX 28.0.0.137 - Code Execution (1)

2016-02-16 00:00:00

symantec

Adobe Flash Player CVE-2018-4878 Use After Free Remote Code Execution Vulnerability

2018-02-01 00:00:00

Adobe Flash Player CVE-2018-4877 Use After Free Remote Code Execution Vulnerability

2018-02-06 00:00:00

talosblog

Flash 0-Day In The Wild: Group 123 At The Controls

2018-02-02 08:27:00

krebs

Attackers Exploiting Unpatched Flaw in Flash

2018-02-02 14:21:06

malwarebytes

New Flash Player zero-day comes inside Office document

2018-02-05 20:55:16

Week in security (February 26 – March 4)

2018-03-05 17:00:00

Hermes ransomware distributed to South Koreans via recent Flash zero-day

2018-03-14 17:59:32

cve

CVE-2018-4878

2018-02-06 21:29:00

CVE-2018-4877

2018-02-06 21:29:00

gentoo

Adobe Flash Player: Multiple vulnerabilities

2018-03-19 00:00:00

thn

(Unpatched) Adobe Flash Player Zero-Day Exploit Spotted in the Wild

2018-02-01 19:10:00

packetstorm

Adobe Flash 28.0.0.137 Remote Code Execution

2018-04-04 00:00:00

kaspersky

KLA11191 Multiple use-after-free vulnerabilities in Adobe Flash Player

2018-02-01 00:00:00

cisa_kev

Adobe Flash Player Use-After-Free Vulnerability

2021-11-03 00:00:00

exploitdb

Flash ActiveX 28.0.0.137 - Code Execution (1)

2016-02-16 00:00:00

Flash ActiveX 28.0.0.137 - Code Execution (2)

2016-02-13 00:00:00

Adobe Flash < 28.0.0.161 - Use-After-Free

2018-04-06 00:00:00

securelist

APT Trends Report Q2 2018

2018-07-10 10:00:22

APT Trends report Q1 2018

2018-04-12 10:00:17

IT threat evolution Q1 2018. Statistics

2018-05-14 10:00:30

qualysblog

Intel Makes Spectre Patch Progress, while Adobe Grapples with Latest Flash Bug

2018-02-09 15:20:40

Top 19+ Vulnerability CVEs in Santa’s Dashboard Tracking

2019-12-27 18:01:22

Managing CISA Known Exploited Vulnerabilities with Qualys VMDR

2022-02-23 05:39:00

ics

Top 10 Routinely Exploited Vulnerabilities

2020-05-12 12:00:00

Products

Security Intelligence
Non-intrusive assessment
Developers SDK
Windows scanner
Linux scanner
Perimeter control tool
MSSP

Database

Vulnerabilities
Exploits
IOC
Security News
BugBounty
Popular
Wild Exploited
Top Vulnerabilities

Tools

Linux Security Scanner
API integration
Subscriptions
Plugins
Manual Audit

Learn More

Stats
API
Docs
Api-keys
License
Pricing
Glossary
FAQ

Company

Blog
Contacts
About Us
OpenSource
EULA
Brand Guideline
Privacy Policy

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please contact us. Using Vulners services you are accepting Vulners services end-user license agreement

@2024 Vulners Inc

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.973 High

EPSS

Percentile

99.9%

JSON

Related for RHSA-2018:0285