CVE-2019-8075
flash-plugin: Same origin policy bypass leading to information disclosure
Severity Score
7.5
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Adobe Flash Player version 32.0.0.192 and earlier versions have a Same Origin Policy Bypass vulnerability. Successful exploitation could lead to Information Disclosure in the context of the current user.
Adobe Flash Player versión 32.0.0.192 y versiones anteriores, presentan una vulnerabilidad de Omisión de la Política del Mismo Origen. Su explotación con éxito podría conllevar a una divulgación de información en el contexto del usuario actual.
An update that fixes 23 vulnerabilities is now available. This update for chromium fixes the following issues. Use after free in payments. Inappropriate implementation in filesystem. Inappropriate implementation in cryptohome. Race in ImageBurner. Insufficient policy enforcement in networking. Insufficient data validation in WASM. R Use after free in PPAPI. Use after free in WebCodecs. Heap buffer overflow in UI. Heap buffer overflow in clipboard. Use after free in WebRTC. Insufficient policy enforcement in developer tools. R Heap buffer overflow in WebRTC. Inappropriate implementation in PDFium. Insufficient data validation in Blink. Insufficient data validation in Flash. Incorrect security UI in tab preview. Incorrect security UI in sharing. Incorrect security UI in WebUSB. Inappropriate implementation in WebRTC. Insufficient data validation in cros-disks. Side-channel information leakage in graphics. Inappropriate implementation in cookies. This update was imported from the openSUSE:Leap:15.2:Update update project.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2019-02-12 CVE Reserved
- 2019-09-27 CVE Published
- 2024-08-04 CVE Updated
- 2025-04-21 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (8)
| URL | Tag | Source |
|---|---|---|
| https://chromereleases.googleblog.com/2020/11/stable-channel-update-for-desktop_17.html | Release Notes | |
| https://crbug.com/945997 | Mailing List |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://helpx.adobe.com/security/products/flash-player/apsb19-30.html | 2023-11-07 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Adobe Search vendor "Adobe" | Flash Player Desktop Runtime Search vendor "Adobe" for product "Flash Player Desktop Runtime" | <= 32.0.0.207 Search vendor "Adobe" for product "Flash Player Desktop Runtime" and version " <= 32.0.0.207" | - |
Affected
| in | Apple Search vendor "Apple" | Macos Search vendor "Apple" for product "Macos" | - | - |
Safe
|
| Adobe Search vendor "Adobe" | Flash Player Desktop Runtime Search vendor "Adobe" for product "Flash Player Desktop Runtime" | <= 32.0.0.207 Search vendor "Adobe" for product "Flash Player Desktop Runtime" and version " <= 32.0.0.207" | - |
Affected
| in | Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | - | - |
Safe
|
| Adobe Search vendor "Adobe" | Flash Player Desktop Runtime Search vendor "Adobe" for product "Flash Player Desktop Runtime" | <= 32.0.0.207 Search vendor "Adobe" for product "Flash Player Desktop Runtime" and version " <= 32.0.0.207" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | - | - |
Safe
|
| Adobe Search vendor "Adobe" | Flash Player Search vendor "Adobe" for product "Flash Player" | <= 32.0.0.207 Search vendor "Adobe" for product "Flash Player" and version " <= 32.0.0.207" | chrome |
Affected
| in | Apple Search vendor "Apple" | Macos Search vendor "Apple" for product "Macos" | - | - |
Safe
|
| Adobe Search vendor "Adobe" | Flash Player Search vendor "Adobe" for product "Flash Player" | <= 32.0.0.207 Search vendor "Adobe" for product "Flash Player" and version " <= 32.0.0.207" | chrome |
Affected
| in | Google Search vendor "Google" | Chrome Os Search vendor "Google" for product "Chrome Os" | - | - |
Safe
|
| Adobe Search vendor "Adobe" | Flash Player Search vendor "Adobe" for product "Flash Player" | <= 32.0.0.207 Search vendor "Adobe" for product "Flash Player" and version " <= 32.0.0.207" | chrome |
Affected
| in | Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | - | - |
Safe
|
| Adobe Search vendor "Adobe" | Flash Player Search vendor "Adobe" for product "Flash Player" | <= 32.0.0.207 Search vendor "Adobe" for product "Flash Player" and version " <= 32.0.0.207" | chrome |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | - | - |
Safe
|
| Adobe Search vendor "Adobe" | Flash Player Search vendor "Adobe" for product "Flash Player" | <= 32.0.0.207 Search vendor "Adobe" for product "Flash Player" and version " <= 32.0.0.207" | edge |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows 10 Search vendor "Microsoft" for product "Windows 10" | - | - |
Safe
|
| Adobe Search vendor "Adobe" | Flash Player Search vendor "Adobe" for product "Flash Player" | <= 32.0.0.207 Search vendor "Adobe" for product "Flash Player" and version " <= 32.0.0.207" | edge |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows 8.1 Search vendor "Microsoft" for product "Windows 8.1" | - | - |
Safe
|
| Adobe Search vendor "Adobe" | Flash Player Search vendor "Adobe" for product "Flash Player" | <= 32.0.0.207 Search vendor "Adobe" for product "Flash Player" and version " <= 32.0.0.207" | internet_explorer_11 |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows 10 Search vendor "Microsoft" for product "Windows 10" | - | - |
Safe
|
| Adobe Search vendor "Adobe" | Flash Player Search vendor "Adobe" for product "Flash Player" | <= 32.0.0.207 Search vendor "Adobe" for product "Flash Player" and version " <= 32.0.0.207" | internet_explorer_11 |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows 8.1 Search vendor "Microsoft" for product "Windows 8.1" | - | - |
Safe
|
| Google Search vendor "Google" | Chrome Search vendor "Google" for product "Chrome" | < 87.0.4280.66 Search vendor "Google" for product "Chrome" and version " < 87.0.4280.66" | - |
Affected
| in | Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | - | - |
Safe
|
| Google Search vendor "Google" | Chrome Search vendor "Google" for product "Chrome" | < 87.0.4280.66 Search vendor "Google" for product "Chrome" and version " < 87.0.4280.66" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | - | - |
Safe
|
| Google Search vendor "Google" | Chrome Search vendor "Google" for product "Chrome" | < 87.0.4280.67 Search vendor "Google" for product "Chrome" and version " < 87.0.4280.67" | - |
Affected
| in | Apple Search vendor "Apple" | Macos Search vendor "Apple" for product "Macos" | - | - |
Safe
|
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 10.0 Search vendor "Debian" for product "Debian Linux" and version "10.0" | - |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 32 Search vendor "Fedoraproject" for product "Fedora" and version "32" | - |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 33 Search vendor "Fedoraproject" for product "Fedora" and version "33" | - |
Affected
| ||||||