Vulnerabilities > CVE-2019-7837 - Use After Free vulnerability in multiple products

047910
CVSS 8.8 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
network
low complexity
adobe
redhat
CWE-416
nessus

Summary

Adobe Flash Player versions 32.0.0.171 and earlier, 32.0.0.171 and earlier, and 32.0.0.171 and earlier have a use after free vulnerability. Successful exploitation could lead to arbitrary code execution.

Vulnerable Configurations

Part Description Count
Application
Adobe
158
OS
Apple
1
OS
Linux
1
OS
Microsoft
3
OS
Google
1
OS
Redhat
3

Common Weakness Enumeration (CWE)

Nessus

  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_FLASH_PLAYER_APSB19-26.NASL
    descriptionThe version of Adobe Flash Player installed on the remote macOS or Mac OS X host is equal or prior to version 32.0.0.171. It is therefore affected by an arbitrary code execution vulnerability.
    last seen2020-06-01
    modified2020-06-02
    plugin id125055
    published2019-05-14
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125055
    titleAdobe Flash Player for Mac <= 32.0.0.171 (APSB19-26)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(125055);
      script_version("1.4");
      script_cvs_date("Date: 2019/10/30 13:24:46");
    
      script_cve_id("CVE-2019-7837");
    
      script_name(english:"Adobe Flash Player for Mac <= 32.0.0.171 (APSB19-26)");
      script_summary(english:"Checks the version of the ActiveX control.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote macOS or Mac OSX host has a browser plugin installed that is
    affected by an arbitrary code execution vulnerability.");
      script_set_attribute(attribute:"description", value:
    "The version of Adobe Flash Player installed on the remote macOS or Mac
    OS X host is equal or prior to version 32.0.0.171.
    It is therefore affected by an arbitrary code execution vulnerability.");
      script_set_attribute(attribute:"see_also", value:"https://helpx.adobe.com/security/products/flash-player/apsb19-26.html");
      # http://helpx.adobe.com/flash-player/kb/archived-flash-player-versions.html
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?0cb17c10");
      script_set_attribute(attribute:"solution", value:"Upgrade to Adobe Flash Player version 32.0.0.192 or later.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-7837");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/05/14");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/05/14");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/05/14");
    
      script_set_attribute(attribute:"plugin_type",value:"local");
      script_set_attribute(attribute:"cpe",value:"cpe:/a:adobe:flash_player");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"MacOS X Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("macosx_flash_player_installed.nasl");
      script_require_keys("MacOSX/Flash_Player/Version");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    
    version = get_kb_item_or_exit("MacOSX/Flash_Player/Version");
    path = get_kb_item_or_exit("MacOSX/Flash_Player/Path");
    
    cutoff_version = "32.0.0.171";
    fix = "32.0.0.192";
    # We're checking for versions less than or equal to the cutoff!
    if (ver_compare(ver:version, fix:cutoff_version, strict:FALSE) <= 0)
    {
      if (report_verbosity > 0)
      {
        report =
          '\n  Path              : ' + path +
          '\n  Installed version : ' + version +
          '\n  Fixed version     : ' + fix +
          '\n';
        security_hole(port:0, extra:report);
      }
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_INST_PATH_NOT_VULN, "Flash Player for Mac", version, path);
    
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_A99923A9768C11E9885A6451062F0F7A.NASL
    descriptionAdobe reports : - This update resolves a use-after-free vulnerability that could lead to arbitrary code execution (CVE-2019-7837).
    last seen2020-06-01
    modified2020-06-02
    plugin id125099
    published2019-05-15
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125099
    titleFreeBSD : Flash Player -- arbitrary code execution (a99923a9-768c-11e9-885a-6451062f0f7a)
  • NASL familyWindows : Microsoft Bulletins
    NASL idSMB_NT_MS19_MAY_FLASH.NASL
    descriptionThe remote Windows host is missing security update KB4497932. It is, therefore, affected by an arbitrary code execution vulnerability in Adobe Flash Player.
    last seen2020-06-01
    modified2020-06-02
    plugin id125068
    published2019-05-14
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125068
    titleKB4497932: Security update for Adobe Flash Player (May 2019)
  • NASL familyWindows
    NASL idFLASH_PLAYER_APSB19-26.NASL
    descriptionThe version of Adobe Flash Player installed on the remote Windows host is equal or prior to version 32.0.0.171. It is therefore affected by an arbitrary code execution vulnerability.
    last seen2020-06-01
    modified2020-06-02
    plugin id125056
    published2019-05-14
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125056
    titleAdobe Flash Player <= 32.0.0.171 (APSB19-26)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2019-1234.NASL
    descriptionAn update for flash-plugin is now available for Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update upgrades Flash Player to version 32.0.0.192. Security Fix(es) : * flash-plugin: Arbitrary Code Execution vulnerability (APSB19-26) (CVE-2019-7837) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id125200
    published2019-05-16
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125200
    titleRHEL 6 : flash-plugin (RHSA-2019:1234)

Redhat

advisories
rhsa
idRHSA-2019:1234
rpmsflash-plugin-0:32.0.0.192-1.el6_10

The Hacker News

idTHN:C6E2D4237719C5648E0D7F78D0674F1D
last seen2019-05-14
modified2019-05-14
published2019-05-14
reporterThe Hacker News
sourcehttps://thehackernews.com/2019/05/adobe-software-updates.html
titleAdobe Releases Critical Patches for Flash, Acrobat Reader, and Media Encoder