‫ Adobe Flash Multiple Vulnerabilities

ID: IRCAD2014123672
Release Date: 2014-12-09
Criticality level: Highly critical
Adobe Flash Player 11.x
Adobe Flash Player 13.x
Some vulnerabilities have been reported in Adobe Flash Player, which can be exploited by malicious people to disclose potentially sensitive information, bypass certain security restrictions, and compromise a user's system.
1) Some unspecified errors can be exploited to corrupt memory.
2) A use-after-free error can be exploited to corrupt memory.
3) An error when the "parseFloat()" function is called on a specific datatype can be exploited to cause a stack-based buffer overflow.
Note: Reportedly, this vulnerability is currently being exploited in limited attacks.
Successful exploitation of the vulnerabilities #1 through #3 may allow execution of arbitrary code.
4) An out-of-bounds read error when handling Regular Expression Objects can be exploited to disclose certain information.
5) An unspecified error can be exploited to bypass the same-origin policy.
The vulnerabilities are reported in the following products and versions:
* Adobe Flash Player Extended Support Release versions and prior.
* Adobe Flash Player for Linux versions and prior.
Upgrade to a fixed version.


بدون نظر
شما برای نظر دادن باید وارد شوید


تاریخ ایجاد: 21 آذر 1393


امتیاز شما
تعداد امتیازها:0