Microsoft update for Adobe Flash

Published: 2019-04-10 03:18:16
Severity High
Patch available YES
Number of vulnerabilities 2
CVE ID CVE-2019-7096
CVE-2019-7108
CVSSv3 7.7 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
5.7 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CWE ID CWE-416
CWE-125
Exploitation vector Network
Public exploit N/A
Vulnerable software Adobe Flash Player
Vulnerable software versions Adobe Flash Player on Windows Server 2019
Adobe Flash Player on Windows 10 Version 1803 for ARM64-based Systems
Adobe Flash Player on Windows 10 Version 1809 for ARM64-based Systems

Show more

Vendor URL Microsoft

Security Advisory

1) Use-after-free

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when processing .swf content. A remote attacker can trick the victim into visiting a specially crafted webpage or into opening a document with embedded malicious .swf file, trigger use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Remediation

Install updates from Microsoft website.

External links

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV190011

2) Out-of-bounds read

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition when processing .swf files. A remote attacker can create a specially crafted .swf file, trick the victim into opening it while visiting a website or when viewing a document, trigger out-of-bounds read error and read contents of memory on the system.

Remediation

Install updates from Microsoft website.

External links

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV190011

Back to List