CVE-2018-15982

CVE Database · CVE-2018-15982

CVE-2018-15982

· HIGHAnalyzed

CVSS v3.1

7.8

EPSS

81.84%

Published

Jan 18, 2019

Modified

Nov 17, 2025

CISA Known Exploited Vulnerability

Added: 2022-02-15 · Due: 2022-08-15

The impacted product is end-of-life and should be disconnected if still in use.

Public PoC / Exploit (10)

All weaponized →

Exploit-DBAdobe Flash ActiveX Plugin 28.0.0.137 - Remote Code Execution (PoC)TrickestTrickest PoC index GitHub PoCRidter/CVE-2018-15982_EXP★179 GitHub PoCscanfsec/CVE-2018-15982★29 GitHub PoCOrmicron/CVE-2018-15982_PoC★13 GitHub PoCjas502n/CVE-2018-15982_EXP_IE★12 GitHub PoCkphongagsorn/adobe-flash-cve2018-15982★11 GitHub PoCSyFi/CVE-2018-15982★5 GitHub PoCFlatL1neAPT/CVE-2018-15982★0 GitHub PoCcreate12138/CVE-2018-15982★0

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Flash Player versions 31.0.0.153 and earlier, and 31.0.0.108 and earlier have a use after free vulnerability. Successful exploitation could lead to arbitrary code execution.

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Weaknesses (CWE)

CWE-416CWE-416

Affected Products (18)

adobe · flash_playervulnerable

apple · mac_os_x

linux · linux_kernel

microsoft · windows

adobe · flash_playervulnerable

apple · mac_os_x

google · chrome_os

linux · linux_kernel

microsoft · windows

adobe · flash_playervulnerable

microsoft · windows_10

· windows_8.1

References (10)

http://www.securityfocus.com/bid/106116

Broken LinkThird Party AdvisoryVDB Entry

https://access.redhat.com/errata/RHSA-2018:3795

Third Party Advisory

https://helpx.adobe.com/security/products/flash-player/apsb18-42.html

PatchVendor Advisory

https://www.exploit-db.com/exploits/46051/

ExploitThird Party AdvisoryVDB Entry

http://www.securityfocus.com/bid/106116

Broken LinkThird Party AdvisoryVDB Entry

KEV Catalog EPSS Scores Vendors All CVEs