CVE-2020-9633 — Use After Free in Adobe Flash Player

CWE-416 — Use After Free6 documents6 sources

Severity

9.8CRITICALNVD

EPSS

8.3%

top 7.70%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Adobe Flash Player Adobe Flash Player Desktop Runtime Adobe Flash Player

Timeline

PublishedJun 12

Latest updateMay 24

Description

Adobe Flash Player Desktop Runtime 32.0.0.371 and earlier, Adobe Flash Player for Google Chrome 32.0.0.371 and earlier, and Adobe Flash Player for Microsoft Edge and Internet Explorer 32.0.0.330 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages3 packages

▶NVDadobe/flash_player_desktop_runtime32.0.0.371

▶NVDadobe/flash_player32.0.0.371+1

▶CVEListV5adobe/adobe_flash_player32.0.0.371 and earlier, 32.0.0.371 and earlier, and 32.0.0.330 and earlier versions

🔴Vulnerability Details

GHSA

GHSA-hfp4-4377-7cc7: Adobe Flash Player versions 32↗2022-05-24

▶

OSV

CVE-2020-9633: Adobe Flash Player Desktop Runtime 32↗2020-06-12

▶

CVEList

CVE-2020-9633: Adobe Flash Player Desktop Runtime 32↗2020-06-12

▶

📋Vendor Advisories

Red Hat

flash-plugin: Arbitrary Code Execution vulnerability (APSB20-30)↗2020-06-09

▶

💬Community

Bugzilla

CVE-2020-9633 flash-plugin: Arbitrary Code Execution vulnerability (APSB20-30)↗2020-06-09

▶