PT-2015-1137 · Adobe+3 · Flash Player+6

Published

2015-01-13

·

Updated

2017-09-08

·

CVE-2015-0304

CVSS v2.0

10

High

VectorAV:N/AC:L/Au:N/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions Adobe AIR versions prior to 16.0.0.245 on Windows and OS X and prior to 16.0.0.272 on Android Adobe AIR SDK versions prior to 16.0.0.272 Adobe AIR SDK & Compiler versions prior to 16.0.0.272 Adobe Flash Player versions prior to 13.0.0.260 and 14.x through 16.x prior to 16.0.0.257 on Windows and OS X and prior to 11.2.202.429 on Linux
Description The issue exists due to a heap-based buffer overflow in dynamic memory. Exploitation of this issue may allow a remote attacker to cause a denial of service or execute arbitrary code.
Recommendations For Adobe AIR versions prior to 16.0.0.245 on Windows and OS X and prior to 16.0.0.272 on Android, update to version 16.0.0.245 or later on Windows and OS X and version 16.0.0.272 or later on Android. For Adobe AIR SDK versions prior to 16.0.0.272, update to version 16.0.0.272 or later. For Adobe AIR SDK & Compiler versions prior to 16.0.0.272, update to version 16.0.0.272 or later. For Adobe Flash Player versions prior to 13.0.0.260 and 14.x through 16.x prior to 16.0.0.257 on Windows and OS X and prior to 11.2.202.429 on Linux, update to version 13.0.0.260 or later and version 16.0.0.257 or later on Windows and OS X and version 11.2.202.429 or later on Linux.

Exploit

Fix

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

ALT-PU-2015-1037
BDU:2015-10012
BDU:2015-10013
BDU:2015-10022
CVE-2015-0304
MGASA-2015-0024
OPENSUSE-SU-2015_0059-1
OPENSUSE-SU-2015_0174-1
RHSA-2015:0052
RHSA-2015_0052

Affected Products

Alt Linux
Air
Air Sdk
Air Sdk & Compiler
Flash Player
Red Hat
Suse