Vulnerability Name:
CVE-2019-7845 (CCN-162240)
Assigned:
2019-06-11
Published:
2019-06-11
Updated:
2022-04-18
Summary:
Adobe Flash Player versions 32.0.0.192 and earlier, 32.0.0.192 and earlier, and 32.0.0.192 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution.
CVSS v3 Severity:
8.8 High
(CVSS v3.1 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
)
7.7 High
(Temporal CVSS v3.1 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
)
Exploitability Metrics:
Attack Vector (AV):
Network
Attack Complexity (AC):
Low
Privileges Required (PR):
None
User Interaction (UI):
Required
Scope:
Scope (S):
Unchanged
Impact Metrics:
Confidentiality (C):
High
Integrity (I):
High
Availibility (A):
High
8.8 High
(CCN CVSS v3.1 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
)
7.7 High
(CCN Temporal CVSS v3.1 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
)
Exploitability Metrics:
Attack Vector (AV):
Network
Attack Complexity (AC):
Low
Privileges Required (PR):
None
User Interaction (UI):
Required
Scope:
Scope (S):
Unchanged
Impact Metrics:
Confidentiality (C):
High
Integrity (I):
High
Availibility (A):
High
CVSS v2 Severity:
6.8 Medium
(CVSS v2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
)
Exploitability Metrics:
Access Vector (AV):
Network
Access Complexity (AC):
Medium
Authentication (Au):
None
Impact Metrics:
Confidentiality (C):
Partial
Integrity (I):
Partial
Availibility (A):
Partial
9.0 High
(CCN CVSS v2 Vector:
AV:N/AC:L/Au:S/C:C/I:C/A:C
)
Exploitability Metrics:
Access Vector (AV):
Network
Access Complexity (AC):
Low
Athentication (Au):
Single_Instance
Impact Metrics:
Confidentiality (C):
Complete
Integrity (I):
Complete
Availibility (A):
Complete
Vulnerability Type:
CWE-416
Vulnerability Consequences:
Gain Access
References:
Source: MITRE
Type: CNA
CVE-2019-7845
Source: REDHAT
Type: Third Party Advisory
RHSA-2019:1476
Source: XF
Type: UNKNOWN
adobe-flash-cve20197845-code-exec(162240)
Source: CCN
Type: Adobe Security Bulletin APSB19-30
Security updates available for Adobe Flash Player
Source: CONFIRM
Type: Vendor Advisory
https://helpx.adobe.com/security/products/flash-player/apsb19-30.html
Source: GENTOO
Type: Third Party Advisory
GLSA-201908-21
Source: CCN
Type: ZDI-19-564
Adobe Flash Player LocalConnection Use-After-Free Remote Code Execution Vulnerability
Source: CCN
Type: ZDI-19-564
Adobe Flash Player LocalConnection Use-After-Free Remote Code Execution Vulnerability
Vulnerable Configuration:
Configuration 1
:
cpe:/a:adobe:flash_player:*:*:*:*:*:*:*:*
(Version <= 32.0.0.192)
AND
cpe:/o:linux:linux_kernel:-:*:*:*:*:*:*:*
OR
cpe:/o:apple:macos:-:*:*:*:*:*:*:*
OR
cpe:/o:microsoft:windows:-:*:*:*:*:*:*:*
Configuration 2
:
cpe:/a:adobe:flash_player:*:*:*:*:*:chrome:*:*
(Version <= 32.0.0.192)
AND
cpe:/o:apple:macos:-:*:*:*:*:*:*:*
OR
cpe:/o:microsoft:windows:-:*:*:*:*:*:*:*
OR
cpe:/o:google:chrome_os:-:*:*:*:*:*:*:*
OR
cpe:/o:linux:linux_kernel:-:*:*:*:*:*:*:*
Configuration 3
:
cpe:/a:adobe:flash_player:*:*:*:*:*:edge:*:*
(Version <= 32.0.0.192)
AND
cpe:/o:microsoft:windows_10:-:*:*:*:*:*:*:*
OR
cpe:/o:microsoft:windows_8.1:-:*:*:*:*:*:*:*
Configuration 4
:
cpe:/a:adobe:flash_player:*:*:*:*:*:internet_explorer:*:*
(Version <= 32.0.0.192)
AND
cpe:/o:microsoft:windows_8.1:-:*:*:*:*:*:*:*
OR
cpe:/o:microsoft:windows_10:-:*:*:*:*:*:*:*
Configuration 5
:
cpe:/o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
OR
cpe:/o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
OR
cpe:/o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
Configuration CCN 1
:
cpe:/a:adobe:flash_player:32.0.0.192:*:*:*:*:chrome:*:*
OR
cpe:/a:adobe:flash_player:32.0.0.192:*:*:*:*:*:*:*
OR
cpe:/a:adobe:flash_player:32.0.0.192:*:*:*:*:*:*:*
OR
cpe:/a:adobe:flash_player:32.0.0.192:*:*:*:*:*:*:*
OR
cpe:/a:adobe:flash_player:32.0.0.192:*:*:*:*:*:*:*
AND
cpe:/o:microsoft:windows_8:-:-:-:*:-:-:x32:*
OR
cpe:/o:microsoft:windows_8:*:*:*:*:*:*:x64:*
OR
cpe:/o:microsoft:windows_server_2012:*:*:*:*:*:*:*:*
OR
cpe:/o:microsoft:windows_rt:-:*:*:*:*:*:*:*
OR
cpe:/o:microsoft:windows_8.1:-:-:-:*:-:-:x32:*
OR
cpe:/o:microsoft:windows_8.1:*:*:*:*:*:*:x64:*
OR
cpe:/o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*
OR
cpe:/o:microsoft:windows_rt_8.1:*:*:*:*:*:*:*:*
Denotes that component is vulnerable
BACK
adobe
flash player *
linux
linux kernel -
apple
macos -
microsoft
windows -
adobe
flash player *
apple
macos -
microsoft
windows -
google
chrome os -
linux
linux kernel -
adobe
flash player *
microsoft
windows 10 -
microsoft
windows 8.1 -
adobe
flash player *
microsoft
windows 8.1 -
microsoft
windows 10 -
redhat
enterprise linux desktop 6.0
redhat
enterprise linux server 6.0
redhat
enterprise linux workstation 6.0
adobe
flash player 32.0.0.192
adobe
flash player 32.0.0.192
adobe
flash player 32.0.0.192
adobe
flash player 32.0.0.192
adobe
flash player 32.0.0.192
microsoft
windows 8 - -
microsoft
windows 8 *
microsoft
windows server 2012
microsoft
windows rt -
microsoft
windows 8.1 - -
microsoft
windows 8.1 *
microsoft
windows server 2012 r2
microsoft
windows rt 8.1 *