PT-2015-1237 · Adobe+3 · Flash Player+6

Published

2015-05-12

·

Updated

2017-09-17

·

CVE-2015-3080

CVSS v2.0

10

High

VectorAV:N/AC:L/Au:N/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions Adobe Flash Player versions prior to 13.0.0.289 Adobe Flash Player versions 14.x through 17.x before 17.0.0.188 Adobe Flash Player version prior to 11.2.202.460 on Linux Adobe AIR versions prior to 17.0.0.172 Adobe AIR SDK versions prior to 17.0.0.172 Adobe AIR SDK & Compiler versions prior to 17.0.0.172
Description The issue is a use-after-free vulnerability that allows attackers to execute arbitrary code via unspecified vectors. This can be exploited by a remote attacker to execute arbitrary code. The vulnerability is caused by a use-after-free error in the software platform.
Recommendations For Adobe Flash Player versions prior to 13.0.0.289, update to version 13.0.0.289 or later. For Adobe Flash Player versions 14.x through 17.x, update to version 17.0.0.188 or later. For Adobe Flash Player version prior to 11.2.202.460 on Linux, update to version 11.2.202.460 or later. For Adobe AIR versions prior to 17.0.0.172, update to version 17.0.0.172 or later. For Adobe AIR SDK versions prior to 17.0.0.172, update to version 17.0.0.172 or later. For Adobe AIR SDK & Compiler versions prior to 17.0.0.172, update to version 17.0.0.172 or later.

Exploit

Fix

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

ALT-PU-2015-1438
BDU:2015-10204
BDU:2015-10205
BDU:2015-10206
CVE-2015-3080
MGASA-2015-0218
OPENSUSE-SU-2015_0914-1
RHSA-2015:1005
RHSA-2015_1005
SUSE-SU-2015:0878-1

Affected Products

Alt Linux
Air
Air Sdk
Air Sdk & Compiler
Flash Player
Red Hat
Suse