Red Hat Bugzilla – Bug 1541981
CVE-2018-4877 CVE-2018-4878 flash-plugin: use-after-free causing remote code execution (APSB18-03)
Last modified: 2018-02-07 13:30:33 EST
Adobe Security Advisory APSA18-01 for Adobe Flash Player describes an use-after-free flaw that can possibly lead to code exeucution when Flash Player is used to play a specially crafted SWF file.
Quoting from the APSA18-01:
Use-after-free Remote Code Execution Critical CVE-2018-4878
Fixed Flash Player version is not yet available. Quoting from the Adobe Security Bulletin:
Adobe will address this vulnerability in a release planned for the week of February 5.
Updated Flash Player version 220.127.116.11 was released today to correct this issue. The update is documented in the Adobe Security Bulletin APSB18-03, which describes one additional use-after-free flaw corrected in the same update:
Use After Free Remote Code Execution Critical CVE-2018-4877
This issue has been addressed in the following products:
Red Hat Enterprise Linux 6 Supplementary
Via RHSA-2018:0285 https://access.redhat.com/errata/RHSA-2018:0285