Advisories ยป MGASA-2018-0120

Updated flash-player-plugin packages fix security vulnerability

Publication date: 07 Feb 2018
Type: security
Affected Mageia releases : 6
CVE: CVE-2018-4877 , CVE-2018-4878


Adobe Flash Player addresses critical use-after-free
vulnerabilities that could lead to remote code execution (CVE-2018-4877,
CVE-2018-4878). Successful exploitation could potentially allow an
attacker to take control of the affected system.

Adobe is aware of a report that an exploit for CVE-2018-4878 exists in the
wild, and is being used in limited, targeted attacks against Windows users.
These attacks leverage Office documents with embedded malicious Flash
content distributed via email.