PT-2015-6071 · Adobe+3 · Flash Player+6

Publicado

2015-05-12

·

Atualizado

2017-01-03

·

CVE-2015-3091

CVSS v2.0

5.0

Média

VetorAV:N/AC:L/Au:N/C:P/I:N/A:N
Name of the Vulnerable Software and Affected Versions Adobe Flash Player versions prior to 13.0.0.289 Adobe Flash Player versions 14.x through 17.x before 17.0.0.188 Adobe Flash Player version prior to 11.2.202.460 on Linux Adobe AIR versions prior to 17.0.0.172 Adobe AIR SDK versions prior to 17.0.0.172 Adobe AIR SDK & Compiler versions prior to 17.0.0.172
Description The issue allows attackers to bypass the ASLR protection mechanism via unspecified vectors, due to the software not properly restricting discovery of memory addresses. This enables an attacker to exploit the vulnerability and gain unauthorized access to sensitive information.
Recommendations For Adobe Flash Player versions prior to 13.0.0.289, update to version 13.0.0.289 or later. For Adobe Flash Player versions 14.x through 17.x before 17.0.0.188, update to version 17.0.0.188 or later. For Adobe Flash Player version prior to 11.2.202.460 on Linux, update to version 11.2.202.460 or later. For Adobe AIR versions prior to 17.0.0.172, update to version 17.0.0.172 or later. For Adobe AIR SDK versions prior to 17.0.0.172, update to version 17.0.0.172 or later. For Adobe AIR SDK & Compiler versions prior to 17.0.0.172, update to version 17.0.0.172 or later.

Exploit

Correção

Information Disclosure

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-200

Identificadores relacionados

ALT-PU-2015-1438
CVE-2015-3091
MGASA-2015-0218
OPENSUSE-SU-2015_0914-1
RHSA-2015:1005
RHSA-2015_1005
SUSE-SU-2015:0878-1

Produtos afetados

Alt Linux
Air
Air Sdk
Air Sdk & Compiler
Flash Player
Red Hat
Suse