PT-2015-1135 · Adobe+3 · Flash Player+6

Published

2015-01-13

·

Updated

2017-09-08

·

CVE-2015-0301

CVSS v2.0

10

High

VectorAV:N/AC:L/Au:N/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions Adobe Flash Player versions prior to 13.0.0.260 Adobe Flash Player versions 14.x through 16.x before 16.0.0.257 Adobe Flash Player versions prior to 11.2.202.429 on Linux Adobe AIR versions prior to 16.0.0.245 on Windows and OS X Adobe AIR versions prior to 16.0.0.272 on Android Adobe AIR SDK versions prior to 16.0.0.272 Adobe AIR SDK & Compiler versions prior to 16.0.0.272
Description The issue exists due to incorrect file validation. Exploitation of this issue may allow a remote attacker to cause a denial of service or execute arbitrary code.
Recommendations For Adobe Flash Player versions prior to 13.0.0.260, update to version 13.0.0.260 or later. For Adobe Flash Player versions 14.x through 16.x, update to version 16.0.0.257 or later. For Adobe Flash Player versions prior to 11.2.202.429 on Linux, update to version 11.2.202.429 or later. For Adobe AIR versions prior to 16.0.0.245 on Windows and OS X, update to version 16.0.0.245 or later. For Adobe AIR versions prior to 16.0.0.272 on Android, update to version 16.0.0.272 or later. For Adobe AIR SDK versions prior to 16.0.0.272, update to version 16.0.0.272 or later. For Adobe AIR SDK & Compiler versions prior to 16.0.0.272, update to version 16.0.0.272 or later.

Exploit

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

ALT-PU-2015-1037
BDU:2015-10008
BDU:2015-10009
BDU:2015-10020
CVE-2015-0301
MGASA-2015-0024
OPENSUSE-SU-2015_0059-1
OPENSUSE-SU-2015_0174-1
RHSA-2015:0052
RHSA-2015_0052
SUSE-SU-2015_0052-1
SUSE-SU-2015_0062-1

Affected Products

Alt Linux
Air
Air Sdk
Air Sdk & Compiler
Flash Player
Red Hat
Suse