Flash Player versions 31.0.0.122 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.

Versions of Adobe Flash Player prior to 31.0.0.148 are unpatched, and therefore affected by an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.

The remote Redhat Enterprise Linux 6 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2018:3618 advisory.

    The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in.

    This update upgrades Flash Player to version 31.0.0.148.

    Security Fix(es):

    * flash-plugin: Information Disclosure vulnerability (APSB18-39) (CVE-2018-15978)

    For more details about the security issue(s), including the impact, a CVSS score, and other related     information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Adobe reports :

- This update resolves a out-of-bounds vulnerability that could lead to information disclosure (CVE-2018-15978).

The remote Windows host is missing security update KB4467694. It is, therefore, affected by an information disclosure vulnerability in Adobe Flash Player.

The version of Adobe Flash Player installed on the remote Windows host is equal or prior to version 31.0.0.122. It is therefore affected by an information disclosure vulnerability.

The version of Adobe Flash Player installed on the remote macOS or Mac OS X host is equal or prior to version 31.0.0.122.
It is therefore affected by an information disclosure vulnerability.

ID	Name	Product	Family	Severity
700438	Flash Player < 31.0.0.148 Information Disclosure (APSB18-39)	Nessus Network Monitor	Web Clients	high
118964	RHEL 6 : flash-plugin (RHSA-2018:3618)	Nessus	Red Hat Local Security Checks	high
118942	FreeBSD : Flash Player -- information disclosure (b69292e8-e798-11e8-ae07-6451062f0f7a)	Nessus	FreeBSD Local Security Checks	high
118917	KB4467694: Security update for Adobe Flash Player (November 2018)	Nessus	Windows : Microsoft Bulletins	high
118909	Adobe Flash Player <= 31.0.0.122 (APSB18-39)	Nessus	Windows	high
118908	Adobe Flash Player for Mac <= 31.0.0.122 (APSB18-39)	Nessus	MacOS X Local Security Checks	high

Detections

Analytics

CVE-2018-15978

high

Tenable Plugins

high

high

high

high

high

high