Vulnerable component: Adobe Flash Player
CVSSv3 score: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:H/RL:O/RC:C
CWE-ID: CWE-121 - Stack-based Buffer Overflow
The vulnerability allows a remote attacker to compromise target system.
The vulnerability exists due to a stack-based buffer overflow when processing .swf files. A remote attacker can create a specially crafted .swf file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of the vulnerability may allow the attacker to compromise vulnerable system.
Note: this vulnerability is being actively exploited in the wild.
Latest references in media:
- Exploit kits: Spring 2018 review [2018-06-19 05:41:20]
- Adobe Flash Player 0-Day (CVE-2018-5002) [2018-06-15 04:21:03]
- Patch Tuesday, June 2018 [2018-06-15 04:20:57]
- Analysis of the evolution of exploit kits in the threat landscape [2018-06-14 09:10:09]
- Exploit Kits Target Recent Flash, Internet Explorer Zero-Days [2018-06-13 18:00:09]
- Overview: Microsoft June 2018 Patch Tuesday [2018-06-13 14:41:32]
- Overview: Microsoft June 2018 Patch Tuesday [2018-06-13 14:40:13]
- Patch Tuesday Brings Fixes for Adobe, Spectre [2018-06-13 13:30:07]
- Emergency update: Zero-day attack takes over Adobe Flash [2018-06-13 06:11:19]
- Microsoft security updates for June 2018 - Patch for 50 Vulnerabilities [2018-06-13 06:10:58]
- Adobe Flash Player 0-Day (CVE-2018-5002) [2018-06-13 03:31:02]
- Patch Tuesday, June 2018 [2018-06-13 03:30:56]
- Microsoft June 2018 Patch Tuesday Fixes 50 Security Issues [2018-06-12 20:00:22]
- Weekly Threat Intelligence Brief: June 12, 2018 [2018-06-12 16:11:15]
- Patch management is not just IT’s responsibility, get your whole team on board [2018-06-11 08:03:35]
- Week in review: Zip Slip, GDPR and the US, why creativity is key to security [2018-06-10 20:09:32]
- Security Affairs newsletter Round 166 тАУ News of the week [2018-06-10 07:01:32]
- Adobe Patched Zero-Day Vulnerability [2018-06-09 22:11:12]
- Flash zero-day shows up in Qatar amid geopolitical struggles [2018-06-09 01:12:54]
- Emergency Update: Zero-Day Exploit in Adobe Flash [2018-06-08 18:54:01]
- Windows users attacked via critical Flash zero-day: Patch now, urges Adobe | ZDNet [2018-06-08 14:14:31]
- Adobe releases fix for actively exploited Flash Player zero-day [2018-06-08 12:56:28]
- Zero-Day Flash Exploit Targeting Middle East [2018-06-08 12:27:43]
- Stop us if you've heard this one: Adobe Flash gets emergency patch for zero-day exploit [2018-06-08 12:02:01]
- Adobe patches critical zero-day vuln in Flash Player, again | TheINQUIRER [2018-06-08 11:50:26]
- Adobe Flash Zero-day - Exploited in Wild by Attackers [2018-06-08 08:55:02]
- Adobe Issues Emergency Patch for Flash Zero-Day [2018-06-07 21:16:57]
- Flash zero-day exploit. Act now! [2018-06-07 20:32:06]
- Adobe Patches Zero-Day Flash Flaw [2018-06-07 19:11:58]
- Adobe fixed the CVE-2018-5002 Flash Zero-Day exploited in targeted attacks in the Middle East [2018-06-07 16:18:26]
- Adobe Patches Flash Zero-Day [2018-06-07 15:25:25]
- Adobe Patches Flash Zero-Day Exploited in Targeted Attacks [2018-06-07 14:36:24]
Vulnerability scanning SaaS service is online 3-rd generation vulnerability scanner with scheduled assessments and vulnerability subscription. You can use service to check security of your network perimeter.