CVE-2020-9748 - Adobe Animate version 20.5 (and earlier) is affected by a stack overflow vulnerability, which could

CVE-2020-9748

Summary

Adobe Animate version 20.5 (and earlier) is affected by a stack overflow vulnerability, which could lead to arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted .fla file in Animate.

References

https://helpx.adobe.com/security/products/animate/apsb20-61.html

Vulnerable Configurations

cpe:2.3:a:adobe:animate:15.2.1.95:*:*:*:*:*:*:*
cpe:2.3:a:adobe:animate:15.2.1.95:*:*:*:*:*:*:*
cpe:2.3:a:adobe:animate:20.5:*:*:*:*:*:*:*
cpe:2.3:a:adobe:animate:20.5:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

CVSS

Base:	9.3 (as of 14-09-2021 - 17:37)
Impact:
Exploitability:

CWE

CWE-787

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:N/AC:M/Au:N/C:C/I:C/A:C

refmap via4

misc

https://helpx.adobe.com/security/products/animate/apsb20-61.html

Last major update

14-09-2021 - 17:37

Published

21-10-2020 - 20:15

Last modified

14-09-2021 - 17:37