20.5

CVSS 9.3 - CRITICAL

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

network

adobe

CWE-415

critical

NVD

Published: 2020-10-21

Updated: 2020-10-23

Summary

Adobe Animate version 20.5 (and earlier) is affected by a double free vulnerability when parsing a crafted .fla file, which could result in arbitrary code execution in the context of the current user. This vulnerability requires user interaction to exploit.

Vulnerable Configurations

Part	Description	Count
Application	Adobe Adobe Animate 15.2.1.95 Adobe Animate 20.5	2
OS	Microsoft Microsoft Windows -	1

Common Weakness Enumeration (CWE)

CWE-415 - Double Free

References

https://helpx.adobe.com/security/products/animate/apsb20-61.html