Vulnerabilities > CVE-2019-8070 - Use After Free vulnerability in Adobe Flash Player and Flash Player Desktop Runtime
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
Adobe Flash Player 32.0.0.238 and earlier versions, 32.0.0.207 and earlier versions have a Use after free vulnerability. Successful exploitation could lead to Arbitrary Code Execution in the context of the current user.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2019-2756.NASL description An update for flash-plugin is now available for Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update upgrades Flash Player to version 32.0.0.255. Security Fix(es) : * flash-plugin: Arbitrary Code Execution vulnerabilities (APSB19-46) (CVE-2019-8069, CVE-2019-8070) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. last seen 2020-06-01 modified 2020-06-02 plugin id 128860 published 2019-09-16 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/128860 title RHEL 6 : flash-plugin (RHSA-2019:2756) NASL family Windows NASL id FLASH_PLAYER_APSB19-46.NASL description The version of Adobe Flash Player installed on the remote Windows host is equal or prior to version 32.0.0.238. It is therefore affected by multiple arbitrary code execution vulnerabilities. last seen 2020-06-01 modified 2020-06-02 plugin id 128633 published 2019-09-10 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/128633 title Adobe Flash Player <= 32.0.0.238 (APSB19-46) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201911-05.NASL description The remote host is affected by the vulnerability described in GLSA-201911-05 (Adobe Flash Player: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Adobe Flash Player. Please review the CVE identifiers referenced below for details. Impact : Please review the referenced CVE identifiers for details. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 131265 published 2019-11-25 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/131265 title GLSA-201911-05 : Adobe Flash Player: Multiple vulnerabilities NASL family MacOS X Local Security Checks NASL id MACOSX_FLASH_PLAYER_APSB19-46.NASL description The version of Adobe Flash Player installed on the remote macOS or Mac OS X host is equal or prior to version 32.0.0.238. It is therefore affected by multiple arbitrary code execution vulnerabilities. last seen 2020-06-01 modified 2020-06-02 plugin id 128632 published 2019-09-10 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/128632 title Adobe Flash Player for Mac <= 32.0.0.238 (APSB19-46) NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_C6F19FE6D42A11E9B4F96451062F0F7A.NASL description Adobe reports : - This update resolves a same origin method execution vulnerability that could lead to arbitrary code execution (CVE-2019-8069). - This update resolves a use-after-free vulnerability that could lead to arbitrary code execution (CVE-2019-8070). last seen 2020-06-01 modified 2020-06-02 plugin id 128654 published 2019-09-11 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/128654 title FreeBSD : Flash Player -- multiple vulnerabilities (c6f19fe6-d42a-11e9-b4f9-6451062f0f7a) NASL family Windows : Microsoft Bulletins NASL id SMB_NT_MS19_SEP_FLASH.NASL description The remote Windows host is missing security update KB4516115. It is, therefore, affected by multiple arbitrary code execution vulnerabilities in Adobe Flash Player. last seen 2020-06-01 modified 2020-06-02 plugin id 128646 published 2019-09-10 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/128646 title KB4516115: Security update for Adobe Flash Player (September 2019)
Redhat
| rpms | flash-plugin-0:32.0.0.255-1.el6_10 |
The Hacker News
| id | THN:720C8F7F5211ABA35D5955E6805FFB78 |
| last seen | 2019-09-10 |
| modified | 2019-09-10 |
| published | 2019-09-10 |
| reporter | The Hacker News |
| source | https://thehackernews.com/2019/09/adobe-security-updates.html |
| title | Adobe Releases Security Patches For Critical Flash Player Vulnerabilities |