Multiple Vulnerability in Adobe Flash Player: Arbitrary code execution/Information Disclosure
On June 7, Adobe officially released a security notice that fixed several bugs in Adobe Flash Player, including information disclosure and arbitrary code execution.
The vulnerability is summarized as follows:
|Vulnerability Category||Vulnerability Impact||Severity||CVE Number|
|Type Confusion||Arbitrary Code Execution||Critical||CVE-2018-4945|
|Integer Overflow||Information Disclosure||Important||CVE-2018-5000|
|Out-of-bounds read||Information Disclosure||Important||CVE-2018-5001|
|Stack-based buffer overflow||Arbitrary Code Execution||Critical||CVE-2018-5002|
Detailed information can be found here.
- Adobe Flash Player <= 220.127.116.11
- Adobe Flash Player 18.104.22.168
Adobe official has released a new version to fix the above vulnerabilities. Users should upgrade in time for protection.