CVE-2019-7090

Published May 24, 2019

Last updated 3 years ago

Overview

Description: Flash Player Desktop Runtime versions 32.0.0.114 and earlier, Flash Player for Google Chrome versions 32.0.0.114 and earlier, and Flash Player for Microsoft Edge and Internet Explorer 11 versions 32.0.0.114 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
Source: psirt@adobe.com
NVD status: Analyzed

Hype score: Not currently trending

Risk scores

CVSS 3.0

Type: Primary
Base score: 6.5
Impact score: 3.6
Exploitability score: 2.8
Vector string: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Severity: MEDIUM

CVSS 2.0

Type: Primary
Base score: 4.3
Impact score: 2.9
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:P/I:N/A:N

Weaknesses

nvd@nist.gov: CWE-125

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:adobe:flash_player_desktop_runtime:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5767326A-B865-469F-A42F-CC921C1E1C3B",
            "versionEndIncluding": "32.0.0.114"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E"
          },
          {
            "criteria": "cpe:2.3:o:google:chrome_os:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "D32ACF6F-5FF7-4815-8EAD-4719F5FC9B79"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:chrome:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BA4B75F3-7BF8-44D4-87F9-274C4A65DB77",
            "versionEndIncluding": "32.0.0.114"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:edge:*:*",
            "vulnerable": true,
            "matchCriteriaId": "62310714-0959-4175-8D6D-B260543E9B93",
            "versionEndIncluding": "32.0.0.114"
          },
          {
            "criteria": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:internet_explorer_11:*:*",
            "vulnerable": true,
            "matchCriteriaId": "07502A5D-5764-4859-9B6B-E3E9D36BDF6A",
            "versionEndIncluding": "32.0.0.114"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:microsoft:windows_10:*:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "FBC814B4-7DEC-4EFC-ABFF-08FFD9FD16AA"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_8.1:*:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "A7F51B5F-AA19-4D31-89FA-6DFAC4BA8F0F"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Social media

Risk scores

CVSS 3.0

CVSS 2.0

Weaknesses

Configurations

References