Vulnerabilities > CVE-2018-4944 - Incorrect Type Conversion or Cast vulnerability in multiple products

047910
CVSS 10.0 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
network
low complexity
adobe
redhat
CWE-704
critical
nessus

Summary

Adobe Flash Player versions 29.0.0.140 and earlier have an exploitable type confusion vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.

Vulnerable Configurations

Part Description Count
Application
Adobe
518
OS
Linux
1
OS
Apple
1
OS
Microsoft
3
OS
Redhat
3
OS
Google
1

Common Weakness Enumeration (CWE)

Nessus

  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_FLASH_PLAYER_APSB18-16.NASL
    descriptionThe version of Adobe Flash Player installed on the remote macOS or Mac OS X host is equal or prior to version 29.0.0.140. It is therefore affected by multiple vulnerabilities.
    last seen2020-06-01
    modified2020-06-02
    plugin id109602
    published2018-05-08
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/109602
    titleAdobe Flash Player for Mac <= 29.0.0.140 (APSB18-16)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(109602);
      script_version("1.6");
      script_cvs_date("Date: 2019/11/08");
    
      script_cve_id("CVE-2018-4944");
      script_bugtraq_id(104101);
    
      script_name(english:"Adobe Flash Player for Mac <= 29.0.0.140 (APSB18-16)");
      script_summary(english:"Checks the version of the ActiveX control.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote macOS or Mac OSX host has a browser plugin installed that is
    affected by multiple vulnerabilities.");
      script_set_attribute(attribute:"description", value:
    "The version of Adobe Flash Player installed on the remote macOS or Mac
    OS X host is equal or prior to version 29.0.0.140.
    It is therefore affected by multiple vulnerabilities.");
      script_set_attribute(attribute:"see_also", value:"https://helpx.adobe.com/security/products/flash-player/apsb18-16.html");
      # http://helpx.adobe.com/flash-player/kb/archived-flash-player-versions.html
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?0cb17c10");
      script_set_attribute(attribute:"solution", value:
    "Upgrade to Adobe Flash Player version 29.0.0.171 or later.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-4944");
    
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/05/08");
      script_set_attribute(attribute:"patch_publication_date", value:"2018/05/08");
      script_set_attribute(attribute:"plugin_publication_date", value:"2018/05/08");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:adobe:flash_player");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"MacOS X Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("macosx_flash_player_installed.nasl");
      script_require_keys("MacOSX/Flash_Player/Version");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    
    version = get_kb_item_or_exit("MacOSX/Flash_Player/Version");
    path = get_kb_item_or_exit("MacOSX/Flash_Player/Path");
    
    cutoff_version = "29.0.0.140";
    fix = "29.0.0.171";
    # We're checking for versions less than or equal to the cutoff!
    if (ver_compare(ver:version, fix:cutoff_version, strict:FALSE) <= 0)
    {
      report =
        '\n  Path              : ' + path +
        '\n  Installed version : ' + version +
        '\n  Fixed version     : ' + fix +
        '\n';
      security_report_v4(severity:SECURITY_HOLE, port:0, extra:report);
    }
    else audit(AUDIT_INST_PATH_NOT_VULN, "Flash Player for Mac", version, path);
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2018-1367.NASL
    descriptionAn update for flash-plugin is now available for Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update upgrades Flash Player to version 29.0.0.171. Security Fix(es) : * flash-plugin: Arbitrary Code Execution vulnerability (APSB18-16) (CVE-2018-4944) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id109670
    published2018-05-10
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/109670
    titleRHEL 6 : flash-plugin (RHSA-2018:1367)
  • NASL familyWindows : Microsoft Bulletins
    NASL idSMB_NT_MS18_MAY_4103729.NASL
    descriptionThe remote Windows host is missing security update KB4103729. It is, therefore, affected by multiple remote code execution vulnerabilities in Adobe Flash Player.
    last seen2020-06-01
    modified2020-06-02
    plugin id109609
    published2018-05-08
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/109609
    titleKB4103729: Security update for Adobe Flash Player (May 2018)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201806-02.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201806-02 (Adobe Flash Player: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Adobe Flash Player. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could possibly execute arbitrary code with the privileges of the process or obtain sensitive information. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id110523
    published2018-06-14
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/110523
    titleGLSA-201806-02 : Adobe Flash Player: Multiple vulnerabilities
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_9558D49C534C11E88177D43D7EF03AA6.NASL
    descriptionAdobe reports : - This update resolves a type confusion vulnerability that could lead to arbitrary code execution (CVE-2018-4944).
    last seen2020-06-01
    modified2020-06-02
    plugin id109626
    published2018-05-09
    reporterThis script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/109626
    titleFreeBSD : Flash Player -- arbitrary code execution (9558d49c-534c-11e8-8177-d43d7ef03aa6)
  • NASL familyWindows
    NASL idFLASH_PLAYER_APSB18-16.NASL
    descriptionThe version of Adobe Flash Player installed on the remote Windows host is equal or prior to version 29.0.0.140. It is therefore affected by multiple vulnerabilities.
    last seen2020-06-01
    modified2020-06-02
    plugin id109601
    published2018-05-08
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/109601
    titleAdobe Flash Player <= 29.0.0.140 (APSB18-16)

Redhat

advisories
rhsa
idRHSA-2018:1367
rpmsflash-plugin-0:29.0.0.171-1.el6_9