9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.454 Medium
EPSS
Percentile
97.4%
An anonymous security researcher reported via TippingPoint’s Zero Day Initiative that insufficient checks were being performed to test whether the Flash module was properly dynamically unloaded. The researcher demonstrated that a SWF file which dynamically unloads itself from an outside JavaScript function can cause the browser to access a memory address no longer mapped to the Flash module, resulting in a crash. This crash could be used by an attacker to run arbitrary code on a victim’s computer.