CVE-2018-15982

7.8

CVSS
High

PUBLISHED

Flash Player versions 31.0.0.153 and earlier, and 31.0.0.108 and earlier have a use after free vulnerability. Successful exploitation could lead to...

Exploited in the wild Used in malware Low complexity

Vendor: Adobe
Product: Flash Player
Published: Jan 18, 2019
EPSS: —

Description

Flash Player versions 31.0.0.153 and earlier, and 31.0.0.108 and earlier have a use after free vulnerability. Successful exploitation could lead to arbitrary code execution.

cisa malware ransomware

CVSS scores

CVSS v3.1 7.8 High

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS v2.0 10.0

AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitation status

Exploited in the wild

Recorded 2022-02-15 00:00:00 UTC · Source

Used in malware

Recorded 2022-02-15 00:00:00 UTC · Source

SSVC decision points

Exploitation: active
Automatable: No
Technical impact: total

References

Known exploited vulnerability sources

Catalogues that list this CVE as a known exploited vulnerability.

Source	Added
CISA	Feb 15, 2022

Potential proof of concepts

These PoCs are unverified and could contain malware. Use at your own risk.

create12138/CVE-2018-15982

github · Created 2019-11-06 09:08:04 UTC · 0 stars

SyFi/CVE-2018-15982

github · Created 2018-12-20 02:40:22 UTC · 5 stars

Flash 2018-15982 UAF

scanfsec/CVE-2018-15982

github · Created 2018-12-12 04:07:08 UTC · 28 stars

Aggressor Script to launch IE driveby for CVE-2018-15982.

jas502n/CVE-2018-15982_EXP_IE

github · Created 2018-12-12 02:41:31 UTC · 11 stars

CVE-2018-15982_EXP_IE

Ridter/CVE-2018-15982_EXP

github · Created 2018-12-10 04:53:31 UTC · 181 stars

exp of CVE-2018-15982

Ormicron/CVE-2018-15982_PoC

github · Created 2018-12-06 09:24:47 UTC · 14 stars

CVE-2018-15982_PoC

FlatL1neAPT/CVE-2018-15982

github · Created 2018-12-05 23:41:37 UTC · 0 stars

Flash sources for CVE-2018-15982 used by NK

Vulnerability detail