CVE-2020-3757

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Adobe Flash Player versions 32.0.0.321 and earlier, 32.0.0.314 and earlier, 32.0.0.321 and earlier, and 32.0.0.255 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution.

References

https://helpx.adobe.com/security/products/flash-player/apsb20-06.html

https://access.redhat.com/errata/RHSA-2020:0513

https://security.gentoo.org/glsa/202003-61

Details

Source: MITRE

Published: 2020-02-13

Updated: 2021-09-16

Type: CWE-843

Risk Information

CVSS v2

Base Score: 9.3

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 8.6

Severity: HIGH

CVSS v3

Base Score: 8.8

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 2.8

Severity: HIGH

Tenable Plugins

View all (6 total)

IDNameProductFamilySeverity
134969GLSA-202003-61 : Adobe Flash Player: Remote execution of arbitrary codeNessusGentoo Local Security Checks
high
133748RHEL 6 : flash-plugin (RHSA-2020:0513)NessusRed Hat Local Security Checks
high
133630FreeBSD : Flash Player -- arbitrary code execution (d460b640-4cdf-11ea-a59e-6451062f0f7a)NessusFreeBSD Local Security Checks
high
133618KB4537759: Security update for Adobe Flash Player (February 2020)NessusWindows : Microsoft Bulletins
high
133607Adobe Flash Player <= 32.0.0.321 (APSB20-06)NessusWindows
high
133606Adobe Flash Player for Mac <= 32.0.0.321 (APSB20-06)NessusMacOS X Local Security Checks
high