فا

‫ Adobe Flash Player / AIR Multiple Vulnerabilities

ID: IRCAD2014113617
Release Date: 2014-11-11
Criticality level: Highly critical
Software:
Adobe AIR 15.x
Adobe Flash Player 11.x
Adobe Flash Player 13.x
Adobe Flash Player 15.x
Description:
Multiple vulnerabilities have been reported in Adobe Flash Player and Adobe AIR, which can be exploited by malicious people to disclose potentially sensitive information, bypass certain security restrictions, and compromise a user's system.
1) An unspecified error can be exploited to corrupt memory.
2) Another unspecified error can be exploited to corrupt memory.
3) Another unspecified error can be exploited to corrupt memory.
4) Another unspecified error can be exploited to corrupt memory.
5) A use-after-free error can be exploited to corrupt memory.
6) Another use-after-free error can be exploited to corrupt memory.
7) Another use-after-free error can be exploited to corrupt memory.
8) A double free error can be exploited to corrupt memory.
9) A type confusion error can be exploited to corrupt memory.
10) Multiple type confusion errors can be exploited to corrupt memory.
11) An unspecified error can be exploited to cause a heap-based buffer overflow.
12) Another unspecified error can be exploited to cause a heap-based buffer overflow.
Successful exploitation of the vulnerabilities #1 through #‫12 may allow execution of arbitrary code.
13) An unspecified error can be exploited to disclose session tokens.
14) An unspecified error can be exploited to cause a heap-based buffer overflow and subsequently bypass certain security restrictions.
15) An error related to a permission issue can be exploited to bypass certain security restrictions.
The vulnerabilities are reported in the following products and versions:
* Adobe Flash Player versions 15.0.0.189 and prior.
* Adobe Flash Player Extended Support Release versions 13.0.0.250 and prior.
* Adobe Flash Player for Linux versions 11.2.202.411 and prior.
* Adobe AIR Desktop Runtime and Adobe AIR for Android versions 15.0.0.293 and prior.
* AIR SDK and AIR SDK & Compiler versions 15.0.0.302 and prior.
Solution
Update to a fixed version.
References:
Secunia:
 
 
 

نظرات

بدون نظر
شما برای نظر دادن باید وارد شوید

نوشته

 
تاریخ ایجاد: 26 آبان 1393

امتیاز

امتیاز شما
تعداد امتیازها:0