PT-2015-1582 · Adobe+2 · Air Sdk+5
Published
2015-06-09
·
Updated
2016-12-31
·
CVE-2015-3101
CVSS v2.0
4.3
Medium
| Vector | AV:N/AC:M/Au:N/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
Adobe AIR versions prior to 18.0.0.144
Adobe AIR SDK versions prior to 18.0.0.144
Adobe AIR SDK & Compiler versions prior to 18.0.0.144
Adobe Flash Player versions prior to 13.0.0.292 and 14.x through 18.x before 18.0.0.160
Description
The issue is related to insufficient access control to certain functions in Adobe AIR and Flash Player, allowing a remote attacker to elevate the execution priority of a process from low to medium. This can be achieved via unspecified vectors when Internet Explorer is used.
Recommendations
For Adobe AIR versions prior to 18.0.0.144, update to version 18.0.0.144 or later.
For Adobe AIR SDK versions prior to 18.0.0.144, update to version 18.0.0.144 or later.
For Adobe AIR SDK & Compiler versions prior to 18.0.0.144, update to version 18.0.0.144 or later.
For Adobe Flash Player versions prior to 13.0.0.292 and 14.x through 18.x before 18.0.0.160, update to version 13.0.0.292 or 18.0.0.160 or later.
Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Alt Linux
Air
Air Sdk
Air Sdk & Compiler
Flash Player
Internet Explorer