https://helpx.adobe.com/security/products/flash-player/apsa18-01.html
"These attacks leverage Office documents with embedded malicious Flash content distributed via email. Adobe will address this vulnerability in a release planned for the week of February 5."
Security updates available for Adobe Flash Player (APSB18-03) http://blogs.adobe.com/psirt/?p=1522
CVE-2018-4878 (https://nvd.nist.gov/vuln/detail/CVE-2018-4878): A use-after-free vulnerability was discovered in Adobe Flash Player before 28.0.0.161. This vulnerability occurs due to a dangling pointer in the Primetime SDK related to the handling of listener objects. A successful attack can lead to arbitrary code execution. This was exploited in the wild in January and February 2018. CVE-2018-4877 (https://nvd.nist.gov/vuln/detail/CVE-2018-4877): A use-after-free vulnerability was discovered in Adobe Flash Player before 28.0.0.161. This vulnerability occurs due to a dangling pointer in the Primetime SDK related to quality of service functionality. A successful attack can lead to arbitrary code execution. CVE-2018-4871 (https://nvd.nist.gov/vuln/detail/CVE-2018-4871): An Out-of-bounds Read issue was discovered in Adobe Flash Player before 28.0.0.137. This vulnerability occurs because of computation that reads data that is past the end of the target buffer. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.
(In reply to Viktor Levin from comment #0) > https://helpx.adobe.com/security/products/flash-player/apsa18-01.html Thank you Viktor for the report. I'm adding a couple of CVEs included in this version.
New GLSA request filed.
This issue was resolved and addressed in GLSA 201803-08 at https://security.gentoo.org/glsa/201803-08 by GLSA coordinator Christopher Diaz Riveros (chrisadr).
