Published: 12/09/2019 Updated: 25/11/2019
CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Summary

Adobe Flash Player and previous versions versions, and previous versions versions have a Use after free vulnerability. Successful exploitation could lead to Arbitrary Code Execution in the context of the current user.

Vulnerability Trend

Affected Products

Vendor Product Versions
AdobeFlash Player32.0.0.207,
AdobeFlash Player Desktop Runtime32.0.0.238

Vendor Advisories

Synopsis Critical: flash-plugin security update Type/Severity Security Advisory: Critical Topic An update for flash-plugin is now available for Red Hat Enterprise Linux 6 SupplementaryRed Hat Product Security has rated this update as having a security impact of Critical A Common Vulnerability Scoring Syst ...
Adobe has released security updates for Adobe Flash Player for Windows, macOS, Linux and Chrome OS These updates address critical vulnerabilities in Adobe Flash Player Successful exploitation could lead to arbitrary code execution in the context of the current user ...

Recent Articles

It's 2019, and Windows PCs can be pwned via a shortcut file, a webpage, an evil RDP server...
The Register • Shaun Nichols in San Francisco • 10 Sep 2019

Microsoft joins Adobe and SAP in cleaning up security bugs, two of which are under active attack

Patch Tuesday Microsoft, Adobe, and SAP today delivered a load of security updates for this month's Patch Tuesday.
It will be a busy day for admins and users of Windows PCs and servers, as Microsoft has released updates for a total of 80 CVE-listed bugs.
Among the more serious issues addressed this month are CVE-2019-1215 and CVE-2019-1214, a pair of elevation-of-privilege vulnerabilities that have been under active attack in the wild.
In both cases, experts say, miscreants are...

Adobe Fixes Critical Flash Player Code Execution Flaws
Threatpost • Lindsey O'Donnell • 10 Sep 2019

Adobe has issued patches for critical vulnerabilities in Flash Player which, if exploited, could lead to arbitrary code execution.
Overall, as part of its September Security Bulletin, Adobe patched three vulnerabilities, including two critical-severity flaws in Flash Player and one “important” glitch in Adobe Application Manager. At this point, Adobe said that it is not aware of any exploits in the wild for any of the patched vulnerabilities.
Adobe’s Flash Player flaws are th...