CVE-2019-7090

EPSS 1.23%
Published 24.05.2019 19:29:02
Last modified 21.11.2024 04:47:32
Source psirt@adobe.com
Teams watchlist Login
Open Login

Flash Player Desktop Runtime versions 32.0.0.114 and earlier, Flash Player for Google Chrome versions 32.0.0.114 and earlier, and Flash Player for Microsoft Edge and Internet Explorer 11 versions 32.0.0.114 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.

Affected products Warnungen 0 Metrics 3 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Adobe ≫ Flash Player Desktop Runtime Version <= 32.0.0.114

   Apple ≫ macOS Version-
   Google ≫ Chrome Os Version-
   Linux ≫ Linux Kernel Version-
   Microsoft ≫ Windows Version-

Adobe ≫ Flash Player SwPlatformchrome Version <= 32.0.0.114

   Apple ≫ macOS Version-
   Linux ≫ Linux Kernel Version-
   Microsoft ≫ Windows Version-

Adobe ≫ Flash Player SwPlatformedge Version <= 32.0.0.114

Microsoft ≫ Windows 10
Microsoft ≫ Windows 8.1

Adobe ≫ Flash Player SwPlatforminternet_explorer_11 Version <= 32.0.0.114

Microsoft ≫ Windows 10
Microsoft ≫ Windows 8.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	1.23%	0.773

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:P/I:N/A:N

CWE-125 Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

https://helpx.adobe.com/security/products/flash-player/apsb19-06.html

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2019-7090

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2019-7090

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2019-7090

EUVD