Detections
Analytics
Adobe Flash Player < 32.0.0.171 Multiple Vulnerabilities (APSB19-19)
critical Nessus Network Monitor Plugin ID 700611
Synopsis
The remote host is running an outdated version of Adobe Flash Player that is affected by multiple attack vectors.Description
Versions of Adobe Flash Player prior to 32.0.0.171 are unpatched, and therefore affected by multiple vulnerabilities :- A use-after-free vulnerability exists in Adobe Flash. An unauthenticated, remote attacker could exploit this to execute arbitrary code. (CVE-2019-7096)
- An information disclosure vulnerability exists in Adobe Flash due to an out-of-bounds read. An unauthenticated, remote attacker can exploit this to disclose potentially sensitive information. (CVE-2019-7108)
Solution
Upgrade to Adobe Flash Player version 32.0.0.171 or later.See Also
http://www.nessus.org/u?0cb17c10
https://helpx.adobe.com/security/products/flash-player/apsb19-19.html
Plugin Details
Severity: Critical
ID: 700611
Family: Web Clients
Published: 4/22/2019
Updated: 4/22/2019
Nessus ID: 123938
Risk Information
VPR
Risk Factor: Medium
Score: 5.9
CVSS v2
Risk Factor: High
Base Score: 7.5
Temporal Score: 5.5
Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS v3
Risk Factor: Critical
Base Score: 9.8
Temporal Score: 8.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
Vulnerability Information
CPE: cpe:/a:adobe:flash_player
Patch Publication Date: 4/9/2019
Vulnerability Publication Date: 4/9/2019
Reference Information
CVE: CVE-2019-7096, CVE-2019-7108