CVE-2019-7096

Adobe Flash Player versions 32.0.0.156 and earlier, 32.0.0.156 and earlier, and 32.0.0.156 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution.

CVSS v3 9.8 CRITICAL
CVSS v2.0 10.0 HIGH

9.8^/10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

10.0^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
https://helpx.adobe.com/security/products/flash-player/apsb19-19.html	Vendor Advisory
https://security.gentoo.org/glsa/201908-21	Third Party Advisory
https://helpx.adobe.com/security/products/flash-player/apsb19-19.html	Vendor Advisory
https://security.gentoo.org/glsa/201908-21	Third Party Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:a:adobe:flash_player_desktop_runtime:*:*:*:*:*:*:*:*

OR	cpe:2.3:o:apple:mac_os_x:-:::::::*
	cpe:2.3:o:linux:linux_kernel:-:::::::*
	cpe:2.3:o:microsoft:windows:-:::::::*

Configuration 2 (hide)

AND

cpe:2.3:a:adobe:flash_player:*:*:*:*:*:chrome:*:*

OR	cpe:2.3:o:apple:mac_os_x:-:::::::*
	cpe:2.3:o:google:chrome_os:-:::::::*
	cpe:2.3:o:linux:linux_kernel:-:::::::*
	cpe:2.3:o:microsoft:windows:-:::::::*

Configuration 3 (hide)

AND

OR	cpe:2.3:a:adobe:flash_player::::::edge::*
	cpe:2.3:a:adobe:flash_player::::::internet_explorer_11::*

OR	cpe:2.3:o:microsoft:windows_10:-:::::::*
	cpe:2.3:o:microsoft:windows_8.1:-:::::::*

History

21 Nov 2024, 04:47

Type	Values Removed	Values Added
References	~~() https://helpx.adobe.com/security/products/flash-player/apsb19-19.html - Vendor Advisory~~	() https://helpx.adobe.com/security/products/flash-player/apsb19-19.html - Vendor Advisory
References	~~() https://security.gentoo.org/glsa/201908-21 - Third Party Advisory~~	() https://security.gentoo.org/glsa/201908-21 - Third Party Advisory

Information

Published : 2019-05-23 17:29

Updated : 2024-11-21 04:47

NVD link : CVE-2019-7096

Mitre link : CVE-2019-7096

CVE.ORG link : CVE-2019-7096

JSON object : View

Products Affected

adobe

flash_player_desktop_runtime
flash_player

google

chrome_os

microsoft

windows
windows_10
windows_8.1

apple

mac_os_x

linux

linux_kernel

CWE

CWE-416

Use After Free

{"id": "CVE-2019-7096", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2019-05-23T17:29:00.283", "references": [{"url": "https://helpx.adobe.com/security/products/flash-player/apsb19-19.html", "tags": ["Vendor Advisory"], "source": "psirt@adobe.com"}, {"url": "https://security.gentoo.org/glsa/201908-21", "tags": ["Third Party Advisory"], "source": "psirt@adobe.com"}, {"url": "https://helpx.adobe.com/security/products/flash-player/apsb19-19.html", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://security.gentoo.org/glsa/201908-21", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-416"}]}], "descriptions": [{"lang": "en", "value": "Adobe Flash Player versions 32.0.0.156 and earlier, 32.0.0.156 and earlier, and 32.0.0.156 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution."}, {"lang": "es", "value": "Las versiones de Adobe Flash Player 32.0.0.156 y anteriores, 32.0.0.156 y anteriores, y 32.0.0.156 y anteriores, tienen una vulnerabilidad de uso de memoria previamente liberada (use-after-free). Su explotaci\u00f3n con \u00e9xito conllevar\u00eda a la ejecuci\u00f3n de c\u00f3digo arbitrario."}], "lastModified": "2024-11-21T04:47:33.310", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:adobe:flash_player_desktop_runtime:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FF0495B7-A006-49D1-B86F-36EEB469ED09", "versionEndIncluding": "32.0.0.156"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "4781BF1E-8A4E-4AFF-9540-23D523EE30DD"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"}, {"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:chrome:*:*", "vulnerable": true, "matchCriteriaId": "7D203B13-BBC0-4FF6-BE7D-D910D4CB80D7", "versionEndIncluding": "32.0.0.156"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "4781BF1E-8A4E-4AFF-9540-23D523EE30DD"}, {"criteria": "cpe:2.3:o:google:chrome_os:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "D32ACF6F-5FF7-4815-8EAD-4719F5FC9B79"}, {"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"}, {"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:edge:*:*", "vulnerable": true, "matchCriteriaId": "E04D5ACF-703C-43B4-AFE2-04DFCF91B11C", "versionEndIncluding": "32.0.0.156"}, {"criteria": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:internet_explorer_11:*:*", "vulnerable": true, "matchCriteriaId": "BDBAFC30-28E6-40F2-AAFE-07C640A47D5A", "versionEndIncluding": "32.0.0.156"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "21540673-614A-4D40-8BD7-3F07723803B0"}, {"criteria": "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "E93068DB-549B-45AB-8E5C-00EB5D8B5CF8"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "psirt@adobe.com"}

9.8 /10