CVE-2015-3108

Name of the Vulnerable Software and Affected Versions Adobe Flash Player versions prior to 13.0.0.292 Adobe Flash Player versions 14.x through 18.x prior to 18.0.0.160 Adobe AIR versions prior to 18.0.0.144 on Windows Adobe AIR versions prior to 18.0.0.143 on OS X and Android Adobe AIR SDK versions prior to 18.0.0.144 on Windows Adobe AIR SDK versions prior to 18.0.0.143 on OS X Adobe AIR SDK & Compiler versions prior to 18.0.0.144 on Windows Adobe AIR SDK & Compiler versions prior to 18.0.0.143 on OS X

Description The issue is related to the lack of protection for service data, which can be exploited by a remote attacker to bypass the ASLR protection mechanism. This can be achieved via unspecified vectors, allowing attackers to discover memory addresses.

Recommendations For Adobe Flash Player versions prior to 13.0.0.292, update to version 13.0.0.292 or later. For Adobe Flash Player versions 14.x through 18.x prior to 18.0.0.160, update to version 18.0.0.160 or later. For Adobe AIR versions prior to 18.0.0.144 on Windows, update to version 18.0.0.144 or later. For Adobe AIR versions prior to 18.0.0.143 on OS X and Android, update to version 18.0.0.143 or later. For Adobe AIR SDK versions prior to 18.0.0.144 on Windows, update to version 18.0.0.144 or later. For Adobe AIR SDK versions prior to 18.0.0.143 on OS X, update to version 18.0.0.143 or later. For Adobe AIR SDK & Compiler versions prior to 18.0.0.144 on Windows, update to version 18.0.0.144 or later. For Adobe AIR SDK & Compiler versions prior to 18.0.0.143 on OS X, update to version 18.0.0.143 or later.