製品・ソフトウェアに関する情報

JVN脆弱性詳細

Adobe Flash Player における境界外読み取りの脆弱性

Title	Adobe Flash Player における境界外読み取りの脆弱性
Summary	Adobe Flash Player には、境界外読み取りの脆弱性が存在します。
Possible impacts	情報を公開される可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	Aug. 14, 2018, midnight
Registration Date	Nov. 21, 2018, 11:53 a.m.
Last Update	Nov. 21, 2018, 11:53 a.m.

Affected System

レッドハット

Red Hat Enterprise Linux Desktop

Red Hat Enterprise Linux Server

Red Hat Enterprise Linux Workstation

アドビシステムズ

Adobe Flash Player 30.0.0.154 未満 (Windows 10/8.1 版の Microsoft Edge/Internet Explorer 11)

Adobe Flash Player 30.0.0.154 未満 (Windows/Macintosh/Linux/Chrome OS 版の Chrome)

Adobe Flash Player デスクトップランタイム 30.0.0.154 未満 (Linux)

Adobe Flash Player デスクトップランタイム 30.0.0.154 未満 (Windows/Macintosh)

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2018-12827	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12827
National Vulnerability Database (NVD)
2	CVE-2018-12827	https://nvd.nist.gov/vuln/detail/CVE-2018-12827

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-125	https://cwe.mitre.org/data/definitions/125.html

ベンダー情報

No	Name	URL
Adobe Security Bulletin
1	APSB18-25	https://helpx.adobe.com/security/products/flash-player/apsb18-25.html
Adobe セキュリティ情報
2	APSB18-25	https://helpx.adobe.com/jp/security/products/flash-player/apsb18-25.html
Red Hat Security Advisory
3	RHSA-2018:2435	https://access.redhat.com/errata/RHSA-2018:2435

その他

No	Name	URL
IPA 重要なセキュリティ情報
1	Adobe Flash Player の脆弱性対策について(APSB18-25)(CVE-2018-12827等)	https://www.ipa.go.jp/security/ciadr/vul/20180815-adobeflashplayer.html
JPCERT 注意喚起
2	JPCERT-AT-2018-0033	http://www.jpcert.or.jp/at/2018/at180033.html

Change Log

No	Changed Details	Date of change
1	[2018年11月21日] 掲載	Nov. 21, 2018, 11:53 a.m.

NVD Vulnerability Information

CVE-2018-12827

Summary	Adobe Flash Player 30.0.0.134 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
Publication Date	Aug. 29, 2018, 10:29 p.m.
Registration Date	March 1, 2021, 6:51 p.m.
Last Update	Nov. 21, 2024, 12:45 p.m.

Affected software configurations

Configuration2		or higher	or less	more than	less than
cpe:2.3:a:adobe:flash_player::::::chrome::*			30.0.0.154
execution environment
1	cpe:2.3:o:apple:mac_os_x:-:::::::*
2	cpe:2.3:o:google:chrome_os:-:::::::*
3	cpe:2.3:o:linux:linux_kernel:-:::::::*
4	cpe:2.3:o:microsoft:windows:-:::::::*

Configuration3		or higher	or less	more than	less than
cpe:2.3:a:adobe:flash_player::::::edge::*			30.0.0.154
cpe:2.3:a:adobe:flash_player::::::internet_explorer_11::*			30.0.0.154
execution environment
1	cpe:2.3:o:microsoft:windows_10:-:::::::*
2	cpe:2.3:o:microsoft:windows_8.1:-:::::::*

Configuration4	or higher	or less	more than	less than
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*
cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*

Related information, measures and tools

No	URL	タグ
1	http://www.securityfocus.com/bid/105066	Third Party Advisory VDB Entry
2	http://www.securityfocus.com/bid/105066	Third Party Advisory VDB Entry
3	http://www.securitytracker.com/id/1041448	Third Party Advisory VDB Entry
4	http://www.securitytracker.com/id/1041448	Third Party Advisory VDB Entry
5	https://access.redhat.com/errata/RHSA-2018:2435	Third Party Advisory
6	https://access.redhat.com/errata/RHSA-2018:2435	Third Party Advisory
7	https://helpx.adobe.com/security/products/flash-player/apsb18-25.html	Patch Vendor Advisory
8	https://helpx.adobe.com/security/products/flash-player/apsb18-25.html	Patch Vendor Advisory
9	https://www.exploit-db.com/exploits/45268/	Exploit Third Party Advisory VDB Entry
10	https://www.exploit-db.com/exploits/45268/	Exploit Third Party Advisory VDB Entry

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-125	境界外読み取り	https://cwe.mitre.org/data/definitions/125.html