SB2018120603 - Microsoft update for Flash Player 

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2018120603

SB2018120603 - Microsoft update for Flash Player

Published: December 6, 2018

Security Bulletin ID SB2018120603
Severity
Critical
Patch available
YES
Number of vulnerabilities 2
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

Critical 50% High 50%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 2 secuirty vulnerabilities.


1) Use-after-free (CVE-ID: CVE-2018-15982)

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when processing SWF files. A remote attacker can create a specially crafted .swf file, trick the victim to open it and execute arbitrary code on system with privileges of the current user.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Note: this vulnerability is being exploited in the wild.


2) Insecure DLL loading (CVE-ID: CVE-2018-15983)

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to the application loads DLL libraries in an insecure manner. A remote attacker can place a specially crafted .dll file on a remote SMB fileshare, trick the victim into opening a file, associated with the vulnerable application, and execute arbitrary code on victim's system.


Remediation

Install update from vendor's website.

References