فا

‫ Adobe Flash Player / AIR Multiple Vulnerabilities

ID: IRCAD2015104110

Release Date: 2015-10-13

Software:

Adobe AIR 19.x

Adobe Flash Player 11.x

Adobe Flash Player 18.x

Adobe Flash Player 19.x

Description:

Multiple vulnerabilities have been reported in Adobe Flash Player and Adobe Air, which can be exploited by malicious people to bypass certain security restrictions and compromise a user's system.

1) An unspecified error can be exploited to bypass the same-origin policy.

2) A use-after-free error when handling the tabStops property of a TextFormat object can be exploited to corrupt memory.

3) A use-after-free error when handling the validity property of a TextLine object can be exploited to corrupt the memory via crafted validity property.

4) An error when handling the deblocking property of a Video object can be exploited to corrupt memory.

5) Another use-after-free error can be exploited to corrupt memory.

6) An error when handling the loaderBytes property of a Loader object can be exploited to cause a buffer overflow.

7) An unspecified error can be exploited to cause memory corruption.

8) Another unspecified error can be exploited to cause memory corruption.

9) Another unspecified error can be exploited to cause memory corruption.

10) Another unspecified error can be exploited to cause memory corruption.

11) Another unspecified error can be exploited to cause memory corruption.

12) Another unspecified error can be exploited to cause memory corruption.

Successful exploitation of the vulnerabilities #2 through #‫12 may allow execution of arbitrary code.

The vulnerabilities are reported in the following products and versions:

* Adobe Flash Player Desktop Runtime versions 19.0.0.185 and prior running on Windows and Macintosh.

* Adobe Flash Player Extended Support Release versions 18.0.0.241 and prior running on Windows and Macintosh.

* Adobe Flash Player versions 11.2.202.521 and prior running on Linux.

* AIR Desktop Runtime versions 19.0.0.190 and prior running on Windows and Macintosh.

* AIR SDK versions 19.0.0.190 and prior running on Windows, Macintosh, Android, and iOS.

* AIR SDK & Compiler versions 19.0.0.190 and prior running on Windows, Macintosh, Android, and iOS.

Solution

Update to a fixed version.

References:

Adobe:

https://helpx.adobe.com/security/products/flash-player/apsb15-25.html

ZDI:

http://www.zerodayinitiative.com/advisories/ZDI-15-511/

http://www.zerodayinitiative.com/advisories/ZDI-15-512/

http://www.zerodayinitiative.com/advisories/ZDI-15-513/

http://www.zerodayinitiative.com/advisories/ZDI-15-514/

Secunia:

https://secunia.com/advisories/66839/


نظرات

بدون نظر
شما برای نظر دادن باید وارد شوید

نوشته

 
تاریخ ایجاد: 27 مهر 1394

امتیاز

امتیاز شما
تعداد امتیازها: 0