Adobe Flash Player versions 32.0.0.321 and earlier, 32.0.0.314 and earlier, 32.0.0.321 and earlier, and 32.0.0.255 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution.

The remote CentOS Linux 6 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2020:0513 advisory.

  - Adobe Flash Player versions 32.0.0.321 and earlier, 32.0.0.314 and earlier, 32.0.0.321 and earlier, and     32.0.0.255 and earlier have a type confusion vulnerability. Successful exploitation could lead to     arbitrary code execution. (CVE-2020-3757)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote host is affected by the vulnerability described in GLSA-202003-61 (Adobe Flash Player: Remote execution of arbitrary code)

    A critical type confusion vulnerability was discovered in Adobe Flash       Player.
  Impact :

    A remote attacker could possibly execute arbitrary code with the       privileges of the process or cause a Denial of Service condition.
  Workaround :

    There is no known workaround at this time.

The remote Redhat Enterprise Linux 6 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2020:0513 advisory.

    The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in.

    This update upgrades Flash Player to version 32.0.0.330.

    Security Fix(es):

    * flash-plugin: Arbitrary Code Execution vulnerability (APSB20-06) (CVE-2020-3757)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Adobe reports :

- This update resolves a type confusion vulnerability that could lead to arbitrary code execution (CVE-2020-3757).

The remote Windows host is missing security update KB4537759. It is, therefore, affected by multiple remote code execution vulnerabilities in Adobe Flash Player.

The version of Adobe Flash Player installed on the remote Windows host is equal or prior to version 32.0.0.321. It is therefore affected by an arbitrary code execution vulnerability.

The version of Adobe Flash Player installed on the remote macOS or Mac OS X host is equal or prior to version 32.0.0.321.
It is therefore affected by multiple vulnerabilities.

ID	Name	Product	Family	Severity
208469	CentOS 6 : flash-plugin (RHSA-2020:0513)	Nessus	CentOS Local Security Checks	high
134969	GLSA-202003-61 : Adobe Flash Player: Remote execution of arbitrary code	Nessus	Gentoo Local Security Checks	high
133748	RHEL 6 : flash-plugin (RHSA-2020:0513)	Nessus	Red Hat Local Security Checks	high
133630	FreeBSD : Flash Player -- arbitrary code execution (d460b640-4cdf-11ea-a59e-6451062f0f7a)	Nessus	FreeBSD Local Security Checks	high
133618	KB4537759: Security update for Adobe Flash Player (February 2020)	Nessus	Windows : Microsoft Bulletins	high
133607	Adobe Flash Player <= 32.0.0.321 (APSB20-06)	Nessus	Windows	high
133606	Adobe Flash Player for Mac <= 32.0.0.321 (APSB20-06)	Nessus	MacOS X Local Security Checks	high

Detections

Analytics

CVE-2020-3757

high

Tenable Plugins

high

high

high

high

high

high

high