Lucene search

[email protected]CVE-2020-9633

HistoryJun 12, 2020 - 2:15 p.m.

CVE-2020-9633

2020-06-1214:15:11

CWE-416

[email protected]

web.nvd.nist.gov

118

cve-2020-9633

adobe flash player

use after free

arbitrary code execution

nvd

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.4 High

AI Score

Confidence

High

0.009 Low

EPSS

Percentile

83.1%

JSON

Adobe Flash Player Desktop Runtime 32.0.0.371 and earlier, Adobe Flash Player for Google Chrome 32.0.0.371 and earlier, and Adobe Flash Player for Microsoft Edge and Internet Explorer 32.0.0.330 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution.

Affected configurations

Vulners

NVD

Node

adobeflash_playerRange≤32.0.0.371

adobeflash_playerRange≤32.0.0.330

VendorProductVersionCPE
adobeflash_player*cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*
adobeflash_player*cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
adobe	flash_player	*	cpe:2.3:a:adobe:flash_player::::::::
adobe	flash_player	*	cpe:2.3:a:adobe:flash_player::::::::

CNA Affected

[
  {
    "product": "Adobe Flash Player",
    "vendor": "Adobe",
    "versions": [
      {
        "status": "affected",
        "version": "32.0.0.371 and earlier, 32.0.0.371 and earlier, and 32.0.0.330  and earlier versions"
      }
    ]
  }
]