PT-2015-1007 · Adobe+3 · Flash Player+3

Kafeine

Publicado

2015-01-22

Atualizado

2025-11-17

CVE-2015-0311

CVSS v3.1

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Adobe Flash Player versions prior to 13.0.0.263 Adobe Flash Player versions 14.x through 16.x prior to 16.0.0.288 Adobe Flash Player version 11.2.202.438 and earlier on Linux

Description The issue is related to a use-after-free vulnerability in the ByteArray::UncompressViaZlibVariant() function, allowing a remote attacker to execute arbitrary code or cause a denial of service via a specially crafted swf file. This vulnerability has been exploited in the wild, with reports of its use in January 2015.

Recommendations For Adobe Flash Player versions prior to 13.0.0.263, update to version 13.0.0.263 or later. For Adobe Flash Player versions 14.x through 16.x prior to 16.0.0.288, update to version 16.0.0.288 or later. For Adobe Flash Player version 11.2.202.438 and earlier on Linux, update to a version later than 11.2.202.438.

Exploit

Correção

Use After Free

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-17CWE-416

Identificadores relacionados

ALT-PU-2015-1076

ALT-PU-2015-1103

BDU:2015-09810

BDU:2015-09811

BDU:2015-10322

CVE-2015-0311

MGASA-2015-0043

OPENSUSE-SU-2015_0150-1

OPENSUSE-SU-2015_0174-1

RHSA-2015:0094

RHSA-2015_0094

SUSE-SU-2015_0151-1

SUSE-SU-2015_0163-1

Produtos afetados

Alt Linux

Flash Player

Red Hat

Suse

PT-2015-1007 · Adobe+3 · Flash Player+3

CVE-2015-0311

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 35