PT-2015-1243 · Adobe+3 · Air Sdk & Compiler+6

Published

2015-05-12

·

Updated

2017-01-03

·

CVE-2015-3090

CVSS v2.0

10

High

VectorAV:N/AC:L/Au:N/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions Adobe Flash Player (affected versions not specified) Adobe AIR (affected versions not specified) Adobe AIR SDK (affected versions not specified) Adobe AIR SDK & Compiler (affected versions not specified)
Description The issue is related to a memory corruption problem. Exploitation of this issue may allow a remote attacker to execute arbitrary code or cause a denial of service.
Recommendations For Adobe Flash Player, update to a version that addresses the memory corruption issue. For Adobe AIR, consider disabling features that may be related to the memory corruption issue until a patch is available. For Adobe AIR SDK, restrict access to components that may be vulnerable to memory corruption attacks. For Adobe AIR SDK & Compiler, avoid using functions or parameters that may be related to the memory corruption issue until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

ALT-PU-2015-1438
BDU:2015-10222
BDU:2015-10223
BDU:2015-10224
CVE-2015-3090
MGASA-2015-0218
OPENSUSE-SU-2015_0914-1
RHSA-2015:1005
RHSA-2015_1005
SUSE-SU-2015:0878-1

Affected Products

Alt Linux
Air
Air Sdk
Air Sdk & Compiler
Flash Player
Red Hat
Suse