CVE-2018-5002

ENISA EUVD: EUVD-2018-16788 ↗
Exploited in the Wild ✓ Confirmed 0-Day ★ Google Project Zero
Triaged: March 5, 2026 1 article Published: 2018-07-09
VulnLookup ↗ NVD ↗ EUVD ↗ MITRE ↗ Advisory ↗ P0 Sheet ↗ CISA KEV ↗

EPSS Score

Source: FIRST.org · 2026-05-23
47.14%
probability
This CVE has a 47.14% probability of being exploited in the next 30 days.
0% Top 97.7th percentile of all CVEs 100%

CVSS v3.1

Source: VulnerabilityLookup (CIRCL)
7.8
HIGH
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS v2 (legacy)

10.0
HIGH
Access Vector
Network
Access Complexity
Low
Authentication
None
Confidentiality
Complete
Integrity
Complete
Availability
Complete
AV:N/AC:L/Au:N/C:C/I:C/A:C

Description

VulnerabilityLookup (CNA)
Adobe Flash Player versions 29.0.0.171 and earlier have a Stack-based buffer overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.

Affected Products

n/a
Adobe Flash Player 29.0.0.171 and earlier versions
Adobe Flash Player 29.0.0.171 and earlier versions

Attack Intelligence

Google Project Zero

Patched
June 7, 2018
Reported by
Chenming Xu and Jason Jones of ICEBRG, Bai Haowen, Zeng Haitao and Huang Chaowen of 360 Threat Intelligence Center of 360 Enterprise Security Group, and Yang Kang, Hu Jiang, Zhang Qing, and Jin Quan of Qihoo 360 Core Security (@360CoreSec), Tencent PC Manager (http://guanjia.qq.com/)
Root Cause Analysis
???

Signal Intelligence

Confidence
95%
EPSS 47.14%
CVSS v3.1 7.8
Mentions 1
Last Seen Jun 07, 2018

CNA Information

CNA Assigner
adobe

Analyst Note

Auto-imported from Google Project Zero — confirmed zero-day by definition.

Triage Info

Decided atMar 05, 2026
Published DateJul 09, 2018