CVE-2020-9746

Summary

Adobe Flash Player version 32.0.0.433 (and earlier) are affected by an exploitable NULL pointer dereference vulnerability that could result in a crash and arbitrary code execution. Exploitation of this issue requires an attacker to insert malicious strings in an HTTP response that is by default delivered over TLS/SSL.

Affected Software

VendorProductVersion RangeStatus
AdobeFlash Playerunspecified <= 32.0.0.387affected
AdobeFlash Playerunspecified <= 32.0.0.433affected
AdobeFlash Playerunspecified <= Noneaffected

Weaknesses

  • CWE-476: NULL Pointer Dereference (CWE-476)

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References