Vulnerabilities > CVE-2018-5000 - Integer Overflow or Wraparound vulnerability in multiple products

Adobe Flash Player versions 29.0.0.171 and earlier have an Integer Overflow vulnerability. Successful exploitation could lead to information disclosure.

Vulnerable Configurations

Part	Description	Count
Application	Adobe Adobe Flash Player Desktop Runtime 18.0 Adobe Flash Player Desktop Runtime 18.0.0.203 Adobe Flash Player Desktop Runtime 21.0.0.226 Adobe Flash Player Desktop Runtime 23.0.0.162 Adobe Flash Player Desktop Runtime 26.0.0.131 Adobe Flash Player Desktop Runtime 26.0.0.137 Adobe Flash Player Desktop Runtime 26.0.0.151 Adobe Flash Player Desktop Runtime 27.0.0.130 Adobe Flash Player Desktop Runtime 27.0.0.159 Adobe Flash Player Desktop Runtime 27.0.0.170 Adobe Flash Player Desktop Runtime 27.0.0.183 Adobe Flash Player Desktop Runtime 27.0.0.187 Adobe Flash Player Desktop Runtime 28.0.0.126 Adobe Flash Player Desktop Runtime 28.0.0.137 Adobe Flash Player Desktop Runtime 28.0.0.161 Adobe Flash Player Desktop Runtime 29.0.0.113 Adobe Flash Player Desktop Runtime 29.0.0.140 Adobe Flash Player Desktop Runtime 29.0.0.171 Adobe Flash Player 18.0 Adobe Flash Player 18.0.0.203 Adobe Flash Player 18.0.0.204 Adobe Flash Player 19.0.0.245 Adobe Flash Player 20.0.0.228 Adobe Flash Player 20.0.0.306 Adobe Flash Player 21.0.0.97 Adobe Flash Player 21.0.0.216 Adobe Flash Player 21.0.0.242 Adobe Flash Player 22.0.0.192 Adobe Flash Player 22.0.0.211 Adobe Flash Player 23.0 Adobe Flash Player 23.0.0.162 Adobe Flash Player 23.0.0.185 Adobe Flash Player 23.0.0.205 Adobe Flash Player 23.0.0.207 Adobe Flash Player 23.0.0.257 Adobe Flash Player 24.0.0.186 Adobe Flash Player 24.0.0.194 Adobe Flash Player 24.0.0.221 Adobe Flash Player 25.0.0.127 Adobe Flash Player 25.0.0.148 Adobe Flash Player 25.0.0.163 Adobe Flash Player 25.0.0.171 Adobe Flash Player 26.0.0.126 Adobe Flash Player 26.0.0.131 Adobe Flash Player 26.0.0.137 Adobe Flash Player 26.0.0.151 Adobe Flash Player 27.0.0.130 Adobe Flash Player 27.0.0.159 Adobe Flash Player 27.0.0.170 Adobe Flash Player 27.0.0.183 Adobe Flash Player 27.0.0.187 Adobe Flash Player 28.0.0.126 Adobe Flash Player 28.0.0.137 Adobe Flash Player 28.0.0.161 Adobe Flash Player 29.0.0.113 Adobe Flash Player 29.0.0.140 Adobe Flash Player 29.0.0.171 Adobe Flash Player 21.0.0.241 Adobe Flash Player 26.0.0.120	108
OS	Apple Apple MAC OS X -	1
OS	Linux Linux Linux Kernel -	1
OS	Microsoft Microsoft Windows - Microsoft Windows 10 - Microsoft Windows 8.1 -	3
OS	Google Google Chrome OS -	1
OS	Redhat Redhat Enterprise Linux Desktop 6.0 Redhat Enterprise Linux Server 6.0 Redhat Enterprise Linux Workstation 6.0	3

Common Weakness Enumeration (CWE)

CWE-190 - Integer Overflow or Wraparound

Common Attack Pattern Enumeration and Classification (CAPEC)

Forced Integer Overflow
This attack forces an integer variable to go out of range. The integer variable is often used as an offset such as size of memory allocation or similarly. The attacker would typically control the value of such variable and try to get it out of range. For instance the integer in question is incremented past the maximum possible value, it may wrap to become a very small, or negative number, therefore providing a very incorrect value which can lead to unexpected behavior. At worst the attacker can execute arbitrary code.

Nessus

NASL family	MacOS X Local Security Checks
NASL id	MACOSX_FLASH_PLAYER_APSB18-19.NASL
description	The version of Adobe Flash Player installed on the remote macOS or Mac OS X host is equal or prior to version 29.0.0.171. It is therefore affected by multiple vulnerabilities.
last seen	2020-06-01
modified	2020-06-02
plugin id	110396
published	2018-06-07
reporter	This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/110396
title	Adobe Flash Player for Mac <= 29.0.0.171 (APSB18-19)

NASL family	FreeBSD Local Security Checks
NASL id	FREEBSD_PKG_2DDE5A566AB111E8B6396451062F0F7A.NASL
description	Adobe reports : - This update resolves a type confusion vulnerability that could lead to arbitrary code execution (CVE-2018-4945). - This update resolves an integer overflow vulnerability that could lead to information disclosure (CVE-2018-5000). - This update resolves an out-of-bounds read vulnerability that could lead to information disclosure (CVE-2018-5001). - This update resolves a stack-based buffer overflow vulnerability that could lead to arbitrary code execution (CVE-2018-5002).
last seen	2020-06-01
modified	2020-06-02
plugin id	110403
published	2018-06-08
reporter	This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/110403
title	FreeBSD : Flash Player -- multiple vulnerabilities (2dde5a56-6ab1-11e8-b639-6451062f0f7a)

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2018-1827.NASL
description	An update for flash-plugin is now available for Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update upgrades Flash Player to version 30.0.0.113. Security Fix(es) : * flash-plugin: Arbitrary Code Execution vulnerability (APSB18-19) (CVE-2018-4945) * flash-plugin: Arbitrary Code Execution vulnerability (APSB18-19) (CVE-2018-5002) * flash-plugin: Information Disclosure vulnerabilities (APSB18-19) (CVE-2018-5000, CVE-2018-5001) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
last seen	2020-06-01
modified	2020-06-02
plugin id	110469
published	2018-06-12
reporter	This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/110469
title	RHEL 6 : flash-plugin (RHSA-2018:1827)

NASL family	Gentoo Local Security Checks
NASL id	GENTOO_GLSA-201806-02.NASL
description	The remote host is affected by the vulnerability described in GLSA-201806-02 (Adobe Flash Player: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Adobe Flash Player. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could possibly execute arbitrary code with the privileges of the process or obtain sensitive information. Workaround : There is no known workaround at this time.
last seen	2020-06-01
modified	2020-06-02
plugin id	110523
published	2018-06-14
reporter	This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/110523
title	GLSA-201806-02 : Adobe Flash Player: Multiple vulnerabilities

NASL family	Windows
NASL id	FLASH_PLAYER_APSB18-19.NASL
description	The version of Adobe Flash Player installed on the remote Windows host is equal or prior to version 29.0.0.171. It is therefore affected by multiple vulnerabilities.
last seen	2020-06-01
modified	2020-06-02
plugin id	110397
published	2018-06-07
reporter	This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/110397
title	Adobe Flash Player <= 29.0.0.171 (APSB18-19)

NASL family	Windows : Microsoft Bulletins
NASL id	SMB_NT_MS18_JUN_4287903.NASL
description	The remote Windows host is missing security update KB4287903. It is, therefore, affected by multiple remote code execution vulnerabilities in Adobe Flash Player.
last seen	2020-06-01
modified	2020-06-02
plugin id	110414
published	2018-06-08
reporter	This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/110414
title	KB4287903: Security update for Adobe Flash Player (June 2018)

Redhat

advisories

rhsa

id	RHSA-2018:1827

rpms

flash-plugin-0:30.0.0.113-1.el6_9

The Hacker News

id	THN:A63890B8ADE3B23F098107F5CC398A2F
last seen	2018-06-07
modified	2018-06-07
published	2018-06-07
reporter	Mohit Kumar
source	https://thehackernews.com/2018/06/flash-player-zero-day-exploit.html
title	Adobe Issues Patch for Actively Exploited Flash Player Zero-Day Exploit

Summary