CVE-2019-7090

EPSS 1.23%
Veröffentlicht 24.05.2019 19:29:02
Zuletzt bearbeitet 21.11.2024 04:47:32
Quelle psirt@adobe.com
Teams Watchlist Login
Unerledigt Login

Flash Player Desktop Runtime versions 32.0.0.114 and earlier, Flash Player for Google Chrome versions 32.0.0.114 and earlier, and Flash Player for Microsoft Edge and Internet Explorer 11 versions 32.0.0.114 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Adobe ≫ Flash Player Desktop Runtime Version <= 32.0.0.114

   Apple ≫ macOS Version-
   Google ≫ Chrome Os Version-
   Linux ≫ Linux Kernel Version-
   Microsoft ≫ Windows Version-

Adobe ≫ Flash Player SwPlatformchrome Version <= 32.0.0.114

   Apple ≫ macOS Version-
   Linux ≫ Linux Kernel Version-
   Microsoft ≫ Windows Version-

Adobe ≫ Flash Player SwPlatformedge Version <= 32.0.0.114

Microsoft ≫ Windows 10
Microsoft ≫ Windows 8.1

Adobe ≫ Flash Player SwPlatforminternet_explorer_11 Version <= 32.0.0.114

Microsoft ≫ Windows 10
Microsoft ≫ Windows 8.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.23%	0.773

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:P/I:N/A:N

CWE-125 Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

https://helpx.adobe.com/security/products/flash-player/apsb19-06.html

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2019-7090

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2019-7090

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2019-7090

EUVD