CVE-2018-5002
Published: 09 July 2018
Summary
CVE-2018-5002 is a high-severity Out-of-bounds Write (CWE-787) vulnerability in Adobe Flash Player. Its CVSS base score is 7.8 (High).
Operationally, ranked in the top 2.2% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.
The strongest mitigations our analysis identified are NIST 800-53 CM-7 (Least Functionality) and SI-2 (Flaw Remediation).
Deeper analysis
Adobe Flash Player versions 29.0.0.171 and earlier contain a stack-based buffer overflow vulnerability, tracked as CVE-2018-5002 and assigned CWE-787 and CWE-121. The flaw resides in the Flash Player component and carries a CVSS 3.1 base score of 7.8, reflecting high impact on confidentiality, integrity, and availability when triggered.
An attacker with the ability to supply a malicious Flash file can exploit the issue when the file is opened locally by a user. Successful exploitation grants arbitrary code execution in the context of the current user without requiring elevated privileges, although user interaction is necessary to initiate the attack.
Adobe addressed the vulnerability in security bulletin APSB18-19, and corresponding updates are available through vendor channels such as Red Hat RHSA-2018:1827 and Gentoo GLSA-201806-02. Practitioners should apply the latest Flash Player patches and remove or disable the plugin where it is no longer required.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2018-16788
Vulnerability details
Adobe Flash Player versions 29.0.0.171 and earlier have a Stack-based buffer overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
- CWE(s)
- KEV Date Added
- 23 May 2022
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires timely installation of vendor patches (APSB18-19) that eliminate the stack buffer overflow in Flash Player.
Enforces removal or disabling of the Flash Player plugin when it is no longer required, eliminating the vulnerable attack surface.
Restricts execution of untrusted mobile code (Flash SWF files) that an attacker supplies to trigger the buffer overflow.