CVE-2018-4878
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
A use-after-free vulnerability was discovered in Adobe Flash Player before 28.0.0.161. This vulnerability occurs due to a dangling pointer in the Primetime SDK related to media player handling of listener objects. A successful attack can lead to arbitrary code execution. This was exploited in the wild in January and February 2018.
References
Published
Community ground truth
Community verdict
3 verdictsto add your verdict.
Practitioners rate this higher than its CVSS — treat with extra caution.
Field notes & remediation
Verdicts are the quick signal — notes are the evidence and fixes behind them.
No notes yet — be the first to share what you saw or a fix that worked.
Related CVEs
Same weakness — CWE-416 · Use After Free.
- CVE-2019-0708CVSS 9.8KEVEPSS 100%
A remote code execution vulnerability exists in Remote Desktop Services formerly known as Terminal Services when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests, aka 'Remote Desktop Services Remote Code Execution Vulnerability'.
- CVE-2014-0322CVSS 8.8KEVEPSS 85%
Use-after-free vulnerability in Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code via vectors involving crafted JavaScript code, CMarkup, and the onpropertychange attribute of a script element, as exploited in the wild in January and February 2014.
- CVE-2018-15982CVSS 7.8KEVEPSS 82%
Flash Player versions 31.0.0.153 and earlier, and 31.0.0.108 and earlier have a use after free vulnerability. Successful exploitation could lead to arbitrary code execution.
- CVE-2019-1429CVSS 7.5KEVEPSS 73%
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1426, CVE-2019-1427, CVE-2019-1428.
- CVE-2021-28550CVSS 8.8KEVEPSS 52%
Acrobat Reader DC versions versions 2021.001.20150 (and earlier), 2020.001.30020 (and earlier) and 2017.011.30194 (and earlier) are affected by a Use After Free vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
- CVE-2026-5281CVSS 8.8KEVEPSS 5%
Use after free in Dawn in Google Chrome prior to 146.0.7680.178 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)