CVE-2015-7659

Name of the Vulnerable Software and Affected Versions Adobe Flash Player versions prior to 18.0.0.261 Adobe Flash Player versions 19.x prior to 19.0.0.245 Adobe AIR versions prior to 19.0.0.241 Adobe AIR SDK versions prior to 19.0.0.241 Adobe AIR SDK & Compiler versions prior to 19.0.0.241

Description The issue is related to errors in data type mixing in Adobe Integrated Runtime and Flash Player, allowing a remote attacker to execute arbitrary code by leveraging an unspecified "type confusion" in the NetConnection object implementation.

Recommendations For Adobe Flash Player versions prior to 18.0.0.261, update to version 18.0.0.261 or later. For Adobe Flash Player versions 19.x prior to 19.0.0.245, update to version 19.0.0.245 or later. For Adobe AIR versions prior to 19.0.0.241, update to version 19.0.0.241 or later. For Adobe AIR SDK versions prior to 19.0.0.241, update to version 19.0.0.241 or later. For Adobe AIR SDK & Compiler versions prior to 19.0.0.241, update to version 19.0.0.241 or later. As a temporary workaround, consider restricting access to the NetConnection object until a patch is available.