Adobe Clears Critical Holes

Friday, June 14, 2019 @ 12:06 PM gHale

While Microsoft released its fixes for June, as always Adobe also joined in with its Patch Tuesday offering which brought fixes for holes such as critical arbitrary code execution flaws in Flash Player, Campaign, and ColdFusion.

ColdFusion patched three arbitrary code execution vulnerabilities, file extension blacklist bypass (CVE-2019-7838), command injection (CVE-2019-7839) and deserialization of untrusted data (CVE-2019-7840), for versions 2018, 2016 and 11.

Adobe Releases May Security Fixes
Open Source Analysis Tool for Flash
Adobe Patch Tuesday Fixes Multi Product Holes
Zero Days Fixed in April’s Patch Tuesday

CVE-2019-7838 is only exploitable if the file uploads directory is web accessible, while CVE-2019-7839 does not impact ColdFusion 11.

The Flash Player vulnerability, CVE-2019-7845, if exploited could lead to arbitrary code execution.

Adobe Campaign Classic for Windows and Linux suffered from a critical arbritrary code execution flaw, CVE-2019-7850.

There were three rated important, CVE-2019-7843, CVE-2019-7847 and CVE-2019-7849, that if exploited could lead to information disclosure or arbitrary read access to the file system.

Leave a Reply

You must be logged in to post a comment.