CVE-2018-15982
CVE-2018-15982 is a high-severity vulnerability in Adobe Flash Player with a CVSS 3.x base score of 7.8. It is listed in CISA's Known Exploited Vulnerabilities (KEV) catalog, confirming it has been exploited in the wild (added 2022-02-15). The underlying weakness is classified as CWE-416.
Key facts
- Severity: High (CVSS 3.x base score 7.8)
- CVSS v2: 10.0
- EPSS exploit prediction: 82% (100th percentile)
- Actively exploited: Yes — listed in CISA KEV (added 2022-02-15)
- EU (EUVD) id: EUVD-2018-7838
- EU exploitation: Flagged exploited in the ENISA EU Vulnerability Database (since 2022-02-15)
- Weakness: CWE-416
- Affected product: Adobe Flash Player
- Published:
- Last modified:
Description
Flash Player versions 31.0.0.153 and earlier, and 31.0.0.108 and earlier have a use after free vulnerability. Successful exploitation could lead to arbitrary code execution.
CVE-2018-15982: Adobe Flash Player Use-After-Free Vulnerability
AI-generated analysis based on the vulnerability data on this page.
| Attribute | Value |
|---|---|
| CVE ID | CVE-2018-15982 |
| CWE | CWE-416 (Use After Free) |
| CVSS v2 | 10.0 Critical — AV:N/AC:L/Au:N/C:C/I:C/A:C |
| CVSS v3 | 7.8 High — CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
| EPSS | 81.97% (99.61st percentile) |
| KEV | Yes — added 2022-02-15 |
| EU Exploited | Yes — since 2022-02-15 |
Summary
Adobe Flash Player versions 31.0.0.153 and earlier, and versions 31.0.0.108 and earlier, contain a use-after-free vulnerability. Successful exploitation can result in arbitrary code execution. This flaw has been confirmed as actively exploited in the wild and is listed in the CISA Known Exploited Vulnerabilities catalog.
Background
Adobe Flash Player was a widely deployed browser plugin and standalone runtime for multimedia and Rich Internet Applications. Despite declining usage and Adobe's end-of-life announcement, Flash Player remained present on many enterprise and consumer systems in late 2018. This vulnerability belongs to the class of memory-safety issues that historically plagued Flash Player throughout its lifecycle.
Root Cause
This vulnerability is classified as CWE-416: Use After Free. The issue arises when Flash Player continues to use a pointer after the referenced memory has been freed. An attacker can trigger this condition by manipulating ActionScript objects in a manner that causes the runtime to free an object while a reference to it remains active. When the dangling pointer is later dereferenced, the program may execute attacker-controlled code or crash unpredictably.
Impact
The CVSS v2 base score of 10.0 reflects maximum severity: the vulnerability is network-exploitable (AV:N), requires no authentication (Au:N), and grants complete compromise of confidentiality, integrity, and availability (C:C/I:C/A:C). The CVSS v3 base score of 7.8 adjusts the attack vector to local (AV:L) with required user interaction (UI:R), reflecting a more realistic scenario in which a victim must open a malicious document or visit a compromised website. Successful exploitation yields high-impact arbitrary code execution with the privileges of the current user.
Exploitation Walkthrough (Defensive Perspective)
This vulnerability has been observed in targeted attacks delivered via malicious Office documents and compromised websites. A representative attack chain proceeds as follows:
- The victim receives a lure document or visits a malicious page embedding a specially crafted Flash object.
- The Flash Player plugin parses the malicious content, triggering the use-after-free condition.
- Attacker-controlled code executes within the Flash process context, potentially establishing persistence or delivering additional payloads.
Important: This description is provided for defensive awareness only. No exploit code or step-by-step weaponization instructions are included. Organizations should treat this vulnerability as readily exploitable by moderately skilled adversaries given its presence in the CISA KEV catalog and its high EPSS score.
Affected and Patched Versions
- Affected: Adobe Flash Player versions 31.0.0.153 and earlier; Adobe Flash Player versions 31.0.0.108 and earlier (other distribution branches)
- Affected Platforms: Windows, macOS, Linux, Chrome OS (via Google Chrome, Microsoft Edge, and Internet Explorer 11 integrations); Red Hat Enterprise Linux 6 Desktop, Server, and Workstation
- Patched Version: The exact patched version is not specified in the available source data. Refer to Adobe Security Bulletin APSB18-42 for the definitive patched version and download links.
Remediation
- Apply patches immediately: Install the updated Adobe Flash Player version as specified in Adobe Security Bulletin APSB18-42.
- Uninstall Flash Player: Adobe Flash Player reached end-of-life in December 2020. Organizations should strongly consider complete removal of Flash Player from all systems rather than continued patching.
- Disable browser plugins: Remove or disable Flash Player plugins in all web browsers.
- Application control: Use application whitelisting to prevent execution of Flash content.
- Network segmentation: Isolate any systems that must run Flash to restricted network segments with minimal access.
Detection
- Monitor endpoint execution of Flash Player processes (e.g.,
flashplayer.exe,FlashPlayerPlugin_*.exe,FlashPlayer-10.6) on systems where Flash is not expected. - Inspect network traffic for SWF file downloads from untrusted or unexpected domains.
- Leverage EDR tools to detect anomalous child processes spawned by browsers or Office applications.
- Review proxy and DNS logs for connections to known exploit-kit infrastructure.
Assessment
This vulnerability carries an EPSS score of 81.97%, placing it in the 99.61st percentile of all CVEs — indicating an extremely high probability of exploitation in the wild. Its inclusion in the CISA Known Exploited Vulnerabilities catalog (added 2022-02-15) confirms sustained, real-world exploitation. The EU vulnerability database likewise records this as exploited since February 2022.
Key lessons:
- Memory-unsafe codebases carry compounding risk: Flash Player's long history of critical memory-corruption vulnerabilities illustrates why Adobe ultimately ended support.
- EPSS and KEV together sharpen prioritization: A CVSS v3 score of 7.8 (High) might not trigger emergency patching in all organizations, but the combination of a near-maximum EPSS and confirmed KEV status makes this an unambiguous "patch or remove now" candidate.
References
- https://helpx.adobe.com/security/products/flash-player/apsb18-42.html
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-15982
- https://access.redhat.com/errata/RHSA-2018:3795
- https://www.exploit-db.com/exploits/46051/
- https://github.com/cisagov/vulnrichment/issues/195
- http://www.securityfocus.com/bid/106116
Frequently asked questions
- What is CVE-2018-15982?
- Flash Player versions 31.0.0.153 and earlier, and 31.0.0.108 and earlier have a use after free vulnerability. Successful exploitation could lead to arbitrary code execution.
- How severe is CVE-2018-15982?
- CVE-2018-15982 has a CVSS 3.x base score of 7.8, rated high severity. It is exploitable over local access with low attack complexity, requires no privileges and user interaction. Impact on confidentiality is high, integrity high, and availability high.
- Is CVE-2018-15982 being actively exploited?
- Yes. CVE-2018-15982 is on CISA's Known Exploited Vulnerabilities (KEV) catalog, added on 2022-02-15, which means active exploitation has been confirmed. It should be prioritised for remediation.
- What products are affected by CVE-2018-15982?
- CVE-2018-15982 primarily affects Adobe Flash Player. In total, 8 product configurations (CPEs) are listed as vulnerable; see the affected-products list for the exact versions.
- How do I fix CVE-2018-15982?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround. Because this CVE is known to be actively exploited, treat remediation as urgent — CISA KEV typically sets a short remediation deadline.
- Does CVE-2018-15982 have an EU (EUVD) identifier?
- Yes. CVE-2018-15982 is tracked in the ENISA EU Vulnerability Database (EUVD) as EUVD-2018-7838. It is also flagged as exploited in the EUVD (since 2022-02-15).
- When was CVE-2018-15982 published?
- CVE-2018-15982 was published on 2019-01-18 and last updated on 2026-06-17.
References
- http://www.securityfocus.com/bid/106116
- https://access.redhat.com/errata/RHSA-2018:3795
- https://helpx.adobe.com/security/products/flash-player/apsb18-42.html
- https://www.exploit-db.com/exploits/46051/
- https://github.com/cisagov/vulnrichment/issues/195
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-15982
Affected products (8)
- cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:*:*:*:*:*:chrome:*:*
- cpe:2.3:a:adobe:flash_player:*:*:*:*:*:edge:*:*
- cpe:2.3:a:adobe:flash_player:*:*:*:*:*:internet_explorer_11:*:*
- cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player_installer:*:*:*:*:*:*:*:*
More vulnerabilities in Adobe Flash Player
- CVE-2015-8459 — Critical (CVSS 10.0): Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on…
- CVE-2015-8457 — Critical (CVSS 10.0): Stack-based buffer overflow in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and…
- CVE-2015-8455 — Critical (CVSS 10.0): Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on…
- CVE-2015-8454 — Critical (CVSS 10.0): Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and…
- CVE-2015-8452 — Critical (CVSS 10.0): Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and…
- CVE-2015-8451 — Critical (CVSS 10.0): Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on…
All CVEs affecting Adobe Flash Player →
Other CWE-416 (Use After Free) vulnerabilities
- CVE-2026-13782 — Critical (CVSS 10.0): Use after free in Browser in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the…
- CVE-2026-4725 — Critical (CVSS 10.0): Sandbox escape due to use-after-free in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 149…
- CVE-2026-4688 — Critical (CVSS 10.0): Sandbox escape due to use-after-free in the Disability Access APIs component. This vulnerability was fixed in Firefox…
- CVE-2025-24085 — Critical (CVSS 10.0): A use after free issue was addressed with improved memory management. This issue is fixed in iOS 18.3 and iPadOS 18.3,…
- CVE-2024-43102 — Critical (CVSS 10.0): Concurrent removals of certain anonymous shared memory mappings by using the UMTX_SHM_DESTROY sub-request of…
- CVE-2021-32495 — Critical (CVSS 10.0): Radare2 has a use-after-free vulnerability in pyc parser's get_none_object function. Attacker can read freed memory…