A use-after-free vulnerability was discovered in Adobe Flash Player before 28.0.0.161. This vulnerability occurs due to a dangling pointer in the Primetime SDK related to media player handling of listener objects. A successful attack can lead to arbitrary code execution. This was exploited in the wild in January and February 2018.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Tue, 04 Feb 2025 22:15:00 +0000

Type Values Removed Values Added
Metrics kev

{'dateAdded': '2021-11-03'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'active', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Wed, 14 Aug 2024 00:30:00 +0000

Type Values Removed Values Added
References

cve-icon MITRE

Status: PUBLISHED

Assigner: adobe

Published:

Updated: 2025-07-30T01:46:19.620Z

Reserved: 2018-01-03T00:00:00.000Z

Link: CVE-2018-4878

cve-icon Vulnrichment

Updated: 2024-08-05T05:18:26.723Z

cve-icon NVD

Status : Analyzed

Published: 2018-02-06T21:29:00.347

Modified: 2025-02-13T17:38:59.347

Link: CVE-2018-4878

cve-icon Redhat

Severity : Critical

Publid Date: 2018-02-01T00:00:00Z

Links: CVE-2018-4878 - Bugzilla

cve-icon OpenCVE Enrichment

No data.