Multiple Vulnerability in Adobe Flash Player: Arbitrary code execution/Information Disclosure
On June 7, Adobe officially released a security notice that fixed several bugs in Adobe Flash Player, including information disclosure and arbitrary code execution.
The vulnerability is summarized as follows:
| Vulnerability Category | Vulnerability Impact | Severity | CVE Number |
| Type Confusion | Arbitrary Code Execution | Critical | CVE-2018-4945 |
| Integer Overflow | Information Disclosure | Important | CVE-2018-5000 |
| Out-of-bounds read | Information Disclosure | Important | CVE-2018-5001 |
| Stack-based buffer overflow | Arbitrary Code Execution | Critical | CVE-2018-5002 |
Detailed information can be found here.
Affected version
- Adobe Flash Player <= 29.0.0.171
Unaffected version
- Adobe Flash Player 30.0.0.113
Solution
Adobe official has released a new version to fix the above vulnerabilities. Users should upgrade in time for protection.
