Adobe Flash CVE-2018-4935 – Arbitrary Code Execution

Authors:Google Security Research   Risk:High 

CVE:CVE-2018-4935                 0day:Arbitrary Code Execution

0day -id:0DAY-4935                 Date:2018-04-25


Adobe has released security updates for Adobe Flash Player for Windows, Macintosh, Linux and Chrome OS. These updates address critical vulnerabilities where a successful exploitation could lead to arbitrary code execution in the context of the current user.


The attached fuzzed swf file causes heap or stack corruption (depending on platform) when rendering a slab.

This PoC crashes a little bit unreliably, it is the most reliable in the standalone Flash player and Microsoft Edge.


Leave a Reply