Adobe Flash Player versions 29.0.0.113 and earlier have an exploitable Use-After-Free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.

Versions of Adobe Flash Player prior to 29.0.0.140 are unpatched, and therefore affected by multiple vulnerabilities :

 - A Use-After-Free vulnerability exists that could lead to arbitrary code execution. (CVE-2018-4932)
 - Multiple out-of-bounds read vulnerabilities exist that could lead to information disclosure. (CVE-2018-4933, CVE-2018-4934, CVE-2018-4935, CVE-2018-4937)
 - A heap overflow vulnerability exists that could lead to information disclosure. (CVE-2018-4936) 

The remote Redhat Enterprise Linux 6 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2018:1119 advisory.

  - flash-plugin: Remote Code Execution vulnerabilities (APSB18-08) (CVE-2018-4932, CVE-2018-4935,     CVE-2018-4937)

  - flash-plugin: Information Disclosure vulnerabilities (APSB18-08) (CVE-2018-4933, CVE-2018-4934,     CVE-2018-4936)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote host is affected by the vulnerability described in GLSA-201804-11 (Adobe Flash Player: Multiple vulnerabilities)

    Multiple vulnerabilities have been discovered in Adobe Flash Player.
      Please review the CVE identifiers referenced below for details.
  Impact :

    A remote attacker could possibly execute arbitrary code with the       privileges of the process, disclose sensitive information or bypass       security restrictions.
  Workaround :

    There is no known workaround at this time.

Adobe reports :

- This update resolves a use-after-free vulnerability that could lead to remote code execution (CVE-2018-4932).

- This update resolves out-of-bounds read vulnerabilities that could lead to information disclosure (CVE-2018-4933, CVE-2018-4934).

- This update resolves out-of-bounds write vulnerabilities that could lead to remote code execution (CVE-2018-4935, CVE-2018-4937).

- This update resolves a heap overflow vulnerability that could lead to information disclosure (CVE-2018-4936).

The remote Windows host is missing security update KB4093110. It is, therefore, affected by multiple remote code execution vulnerabilities in Adobe Flash Player.

The version of Adobe Flash Player installed on the remote macOS or Mac OS X host is equal or prior to version 29.0.0.113.
It is therefore affected by multiple vulnerabilities.

The version of Adobe Flash Player installed on the remote Windows host is equal or prior to version 29.0.0.113. It is therefore affected by multiple vulnerabilities.

ID	Name	Product	Family	Severity
700432	Flash Player < 29.0.0.140 Multiple Vulnerabilities (APSB18-08)	Nessus Network Monitor	Web Clients	critical
109009	RHEL 6 : flash-plugin (RHSA-2018:1119)	Nessus	Red Hat Local Security Checks	high
109007	GLSA-201804-11 : Adobe Flash Player: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	high
108979	FreeBSD : Flash Player -- multiple vulnerabilities (5c6f7482-3ced-11e8-b157-6451062f0f7a)	Nessus	FreeBSD Local Security Checks	high
108962	KB4093110: Security update for Adobe Flash Player (April 2018)	Nessus	Windows : Microsoft Bulletins	high
108959	Adobe Flash Player for Mac <= 29.0.0.113 (APSB18-08)	Nessus	MacOS X Local Security Checks	high
108958	Adobe Flash Player <= 29.0.0.113 (APSB18-08)	Nessus	Windows	high

Detections

Analytics

CVE-2018-4932

high

Tenable Plugins

critical

high

high

high

high

high

high