Vulnerability Description
Adobe Flash Player version 32.0.0.433 (and earlier) are affected by an exploitable NULL pointer dereference vulnerability that could result in a crash and arbitrary code execution. Exploitation of this issue requires an attacker to insert malicious strings in an HTTP response that is by default delivered over TLS/SSL.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Adobe | Flash Player | <= 32.0.0.433 |
| Apple | Macos | - |
| Linux | Linux Kernel | - |
| Microsoft | Windows | - |
| Chrome Os | - | |
| Microsoft | Windows 10 | - |
| Microsoft | Windows 8.1 | - |
Related Weaknesses (CWE)
References
- https://helpx.adobe.com/security/products/flash-player/apsb20-58.htmlVendor Advisory
- https://helpx.adobe.com/security/products/flash-player/apsb20-58.htmlVendor Advisory
FAQ
What is CVE-2020-9746?
CVE-2020-9746 is a vulnerability with a CVSS score of 7.0 (HIGH). Adobe Flash Player version 32.0.0.433 (and earlier) are affected by an exploitable NULL pointer dereference vulnerability that could result in a crash and arbitrary code execution. Exploitation of thi...
How severe is CVE-2020-9746?
CVE-2020-9746 has been rated HIGH with a CVSS base score of 7.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-9746?
Check the references section above for vendor advisories and patch information. Affected products include: Adobe Flash Player, Apple Macos, Linux Linux Kernel, Microsoft Windows, Google Chrome Os.