PT-2015-1294 · Adobe+3 · Air+5

Published

2015-06-09

·

Updated

2016-12-31

·

CVE-2015-3104

CVSS v2.0

10

High

VectorAV:N/AC:L/Au:N/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions Adobe Flash Player versions prior to 13.0.0.292 and 14.x through 18.x before 18.0.0.160 Adobe AIR versions prior to 18.0.0.144 on Windows and prior to 18.0.0.143 on OS X and Android Adobe AIR SDK versions prior to 18.0.0.144 on Windows and prior to 18.0.0.143 on OS X
Description The issue is related to an integer overflow in Adobe Flash Player and Adobe AIR, which can allow a remote attacker to execute arbitrary code. This can be achieved via unspecified vectors. The vulnerability is associated with the ability of an attacker to bypass a protection mechanism.
Recommendations For Adobe Flash Player versions prior to 13.0.0.292 and 14.x through 18.x before 18.0.0.160, update to a version that is 13.0.0.292 or later, or 18.0.0.160 or later. For Adobe AIR versions prior to 18.0.0.144 on Windows and prior to 18.0.0.143 on OS X and Android, update to version 18.0.0.144 or later on Windows, or version 18.0.0.143 or later on OS X and Android. For Adobe AIR SDK versions prior to 18.0.0.144 on Windows and prior to 18.0.0.143 on OS X, update to version 18.0.0.144 or later on Windows, or version 18.0.0.143 or later on OS X.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-189

Related Identifiers

ALT-PU-2015-1526
BDU:2015-10337
BDU:2015-10338
BDU:2015-10339
BDU:2015-10340
CVE-2015-3104
MGASA-2015-0248
OPENSUSE-SU-2015_1047-1
RHSA-2015:1086
RHSA-2015_1086
SUSE-SU-2015:1043-1

Affected Products

Alt Linux
Air
Air Sdk
Flash Player
Red Hat
Suse