PT-2015-1586 · Adobe+3 · Flash Player+6
Publicado
2015-06-09
·
Atualizado
2016-12-31
·
CVE-2015-3096
CVSS v2.0
6.8
Média
| Vetor | AV:N/AC:M/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
Adobe Flash Player versions prior to 13.0.0.292
Adobe Flash Player versions 14.x through 18.x prior to 18.0.0.160
Adobe AIR versions prior to 18.0.0.144
Adobe AIR SDK versions prior to 18.0.0.144
Adobe AIR SDK & Compiler versions prior to 18.0.0.144
Description
The issue is related to a cross-site request forgery vulnerability. Exploitation of this issue may allow a remote attacker to bypass a protection mechanism. The estimated number of potentially affected devices worldwide is not specified. There is no information about real-world incidents where this issue was exploited.
Recommendations
For Adobe Flash Player versions prior to 13.0.0.292, update to version 13.0.0.292 or later.
For Adobe Flash Player versions 14.x through 18.x prior to 18.0.0.160, update to version 18.0.0.160 or later.
For Adobe AIR versions prior to 18.0.0.144, update to version 18.0.0.144 or later.
For Adobe AIR SDK versions prior to 18.0.0.144, update to version 18.0.0.144 or later.
For Adobe AIR SDK & Compiler versions prior to 18.0.0.144, update to version 18.0.0.144 or later.
Exploit
Correção
CSRF
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Alt Linux
Air
Air Sdk
Air Sdk & Compiler
Flash Player
Red Hat
Suse