فا

‫ Adobe Flash Player / AIR Multiple Vulnerabilities

IRCAD2014023161
ID: IRCAD2014023161
Release Date: 2014-02-21
Criticality level: Highly critical
Software:

Adobe AIR 4.x

Adobe Flash Player 11.x

Adobe Flash Player 12.x

Description:

Multiple vulnerabilities have been reported in Adobe Flash Player, which can be exploited by malicious people to disclose potentially sensitive information and compromise a user's system.

1) An unspecified error can be exploited to cause a stack-based buffer overflow.

2) An unspecified error can be exploited to disclose certain memory contents.

3) A double free error can be exploited to cause memory corruption.

Successful exploitation of vulnerabilities #1 and #3 may allow execution of arbitrary code.

Note: Reportedly, the vulnerability #3 is actively exploited in the wild.

The vulnerabilities are reported in the following versions and products:

* Adobe Flash Player for Windows and Macintosh versions 12.0.0.44 and prior.

* Adobe Flash Player for Linux versions 11.2.202.336 and prior.

* Adobe AIR, AIR SDK, and AIR SDK & Compiler versions 4.0.0.1390 and prior.

Solution

Update to a fixed version.

References:
Secunia:

نظرات

بدون نظر
شما برای نظر دادن باید وارد شوید

نوشته

 
تاریخ ایجاد: 6 اسفند 1392

امتیاز

امتیاز شما
تعداد امتیازها: 0