en

Adobe Flash Player Multiple Vulnerabilities

ID: IRCAD2015043877
Release Date: 2015-04-14
Criticality level: Highly critical
Software:
Adobe Flash Player 11.x
Adobe Flash Player 13.x
Adobe Flash Player 17.x
Description:
Multiple vulnerabilities have been reported in Adobe Flash Player, which can be exploited by malicious people to bypass certain security restrictions and compromise a user's system.
1) An unspecified error can be exploited to corrupt memory.
Successful exploitation of this vulnerability allows execution of arbitrary code.
Note: Reportedly, this vulnerability is currently being exploited in targeted attacks.
2) Another unspecified error can be exploited to corrupt memory.
3) Another unspecified error can be exploited to corrupt memory.
4) Another unspecified error can be exploited to corrupt memory.
5) Another unspecified error can be exploited to corrupt memory.
6) Another unspecified error can be exploited to corrupt memory.
7) Another unspecified error can be exploited to corrupt memory.
8) Another unspecified error can be exploited to corrupt memory.
9) Another unspecified error can be exploited to corrupt memory.
10) Another unspecified error can be exploited to corrupt memory.
11) Another unspecified error can be exploited to corrupt memory.
12) A type confusion error can be exploited to corrupt memory.
13) An unspecified error can be exploited to cause a buffer overflow.
14) A use-after-free error can be exploited to corrupt memory.
15) Another use-after-free error can be exploited to corrupt memory.
16) Another use-after-free error can be exploited to corrupt memory.
17) Another use-after-free error can be exploited to corrupt memory.
18) A double-free error can be exploited to corrupt memory.
19) Another double-free error can be exploited to corrupt memory.
Successful exploitation of the vulnerabilities #2 through #‫19 may allow execution of arbitrary code.
20) An error can be exploited to bypass unspecified restrictions and subsequently disclose certain information.
The vulnerabilities are reported in the following products and versions:
* Adobe Flash Player versions 17.x through 17.0.0.134.
* Adobe Flash Player Extended Support Release versions 13.x through 13.0.0.277.
* Adobe Flash Player for Linux versions 11.2.202.451 and prior.
Solution
Update to a fixed version.
References:
Adobe:
Secunia:

The Wall

No comments
You need to sign in to comment