IRONSMITHINTEL
HIGHCVSS7.8
|
Actively Exploited
|CISA KEV|CVE-2018-15982|Auth: none — unauthenticated|Reboot: required|Manual only

Adobe Flash Player Use-After-Free Vulnerability

Adobe Flash Player com.adobe.tvsdk.mediacore.metadata Use After Free Vulnerability

Published Jan 18, 2019 · Updated May 16, 2026
Why patchRisk explained in plain English
Worst-case scenarioIf unpatched

A local attacker, without authentication, can achieve full data confidentiality loss, arbitrary modification of data, complete denial of service or system unavailability. CISA has confirmed use of this vulnerability in known ransomware campaigns — treat as high priority for remediation. Federal agencies are required to remediate by 2022-08-15 under CISA BOD 22-01.

How the attack worksNo clicks needed

This is a Use After Free (CWE-416) vulnerability in Adobe Flash Player. Flash Player versions 31.0.0.153 and earlier, and 31.0.0.108 and earlier have a use after free vulnerability. Successful exploitation could lead to arbitrary code execution. Exploitation requires local access, low attack complexity, no authentication required, and user interaction required.

Am I affected?Quick check

Probably yes if any of these apply:

Endpoint Administrators
IT Security
Running flash player: v ≤ 31.0.0.153; enterprise linux desktop: 6.0; enterprise linux server: 6.0; enterprise linux workstation: 6.0; flash player installer: v ≤ 31.0.0.108
Real-world incidentsWhat we've seen

Used in known ransomware campaigns. Threat-research write-up: https://www.exploit-db.com/exploits/46051/

How to patch

Manual remediation steps

Apply the Vendor Patch

This vulnerability is in the CISA Known Exploited Vulnerabilities catalog — apply the vendor's security update as soon as possible.

CISA required action: The impacted product is end-of-life and should be disconnected if still in use.

References

    1
    Vendor advisory: https://helpx.adobe.com/security/products/flash-player/apsb18-42.html
    1
    NVD entry: https://nvd.nist.gov/vuln/detail/CVE-2018-15982
    1
    CISA KEV: https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-15982
PowerShell automationComing soon

No tested PowerShell script for this entry yet. We’re prioritising automation based on user demand.

References

CVE-2018-15982NVDVendor Advisory