TTCSIRT-127.060818: TT-CSIRT Advisory – Adobe Security Updates
Adobe has released a security update stating that Adobe Flash Player is prone to the following vulnerabilities:
a) A stack-based buffer overflow that could allow for arbitrary code execution – (CVE-2018-5002).
b) A type confusion that could allow for arbitrary code execution – (CVE-2018-4945).
c) An integer overflow that could lead to information disclosure – (CVE-2018-5000).
d) An out-of-bounds read that could lead to information disclosure – (CVE-2018-5001).
Successful exploitation of the most severe of these vulnerabilities could result in the attacker gaining control of the affected system and depending on the privileges associated with this application, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
|Further information on these vulnerabilities and how they can be mitigated can be found on the Adobe Website at https://helpx.adobe.com/security/products/flash-player/apsb18-19.html