Adobe June’s Patch Tuesday included patches for critical-rated arbitrary code execution flaws in Flash Player, ColdFusion and Campaign.
The Flash Player vulnerability, CVE-2019-7845, affects Windows, macOS, Linux and Chrome OS and if exploited could lead to arbitrary code execution in the context of the current user. The issue can be fixed by updating to the latest version of Flash for each operating system.
ColdFusion had three issued patched, CVE-2019-7838, CVE-2019-7839 and CVE-2019-7840, for versions 2018, 2016 and 11.
CVE-2019-7838 is only exploitable if the file uploads directory is web accessible, while CVE-2019-7839 does not impact ColdFusion 11.
Adobe Campaign Classic for Windows and Linux had several vulnerabilities patched with only CVE-2019-7850 covering a command injection flaw that can lead to arbitrary code execution being rated rated critical.
Additionally, there were three rated important, CVE-2019-7843, CVE-2019-7847 and CVE-2019-7849, that if exploited could lead to information disclosure or arbitrary read access to the file system. Three others were rated moderate problems, CVE-2019-7941, CVE-2019-7846 and CVE-2019-7848 that can also lead to information disclosure.
