Out-of-Bounds Read Vulnerability in Adobe Flash Player
CVE-2019-7090

6.5MEDIUM

Key Information:

Vendor: Adobe
Status: Flash Player Desktop Runtime; Flash Player For Google Chrome; Flash Player For Microsoft Edge And Internet Explorer 11
Vendor: CVE Published:; 24 May 2019

What is CVE-2019-7090?

An out-of-bounds read vulnerability exists in Adobe Flash Player, affecting specific versions of its Desktop Runtime as well as Flash Player for Google Chrome and Microsoft Edge/IE11. Exploitation of this vulnerability can allow an attacker to access sensitive information without proper authorization, posing a significant risk to user privacy and data integrity.

Affected Version(s)

Flash Player Desktop Runtime 32.0.0.114 and earlier

Flash Player for Google Chrome 32.0.0.114 and earlier

Flash Player for Microsoft Edge and Internet Explorer 11 32.0.0.114 and earlier

References

https://helpx.adobe.com/security/products/flash-player/ap...

x_refsource_CONFIRM

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 24, 2019
Vulnerability Reserved
Jan 28, 2019