فا

‫ Adobe Flash Multiple Vulnerabilities

ID: IRCAD2014123672
Release Date: 2014-12-09
Criticality level: Highly critical
Software:
Adobe Flash Player 11.x
Adobe Flash Player 13.x
Description:
Some vulnerabilities have been reported in Adobe Flash Player, which can be exploited by malicious people to disclose potentially sensitive information, bypass certain security restrictions, and compromise a user's system.
1) Some unspecified errors can be exploited to corrupt memory.
2) A use-after-free error can be exploited to corrupt memory.
3) An error when the "parseFloat()" function is called on a specific datatype can be exploited to cause a stack-based buffer overflow.
Note: Reportedly, this vulnerability is currently being exploited in limited attacks.
Successful exploitation of the vulnerabilities #1 through #3 may allow execution of arbitrary code.
4) An out-of-bounds read error when handling Regular Expression Objects can be exploited to disclose certain information.
5) An unspecified error can be exploited to bypass the same-origin policy.
The vulnerabilities are reported in the following products and versions:
* Adobe Flash Player Extended Support Release versions 13.0.0.258 and prior.
* Adobe Flash Player for Linux versions 11.2.202.424 and prior.
Solution
Upgrade to a fixed version.
References:
Adobe:
ZDI:
Secunia:
 
 

نظرات

بدون نظر
شما برای نظر دادن باید وارد شوید

نوشته

 
تاریخ ایجاد: 21 آذر 1393

امتیاز

امتیاز شما
تعداد امتیازها:0