PT-2015-1586 · Adobe+3 · Flash Player+6
Published
2015-06-09
·
Updated
2016-12-31
·
CVE-2015-3096
CVSS v2.0
6.8
Medium
| Vector | AV:N/AC:M/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
Adobe Flash Player versions prior to 13.0.0.292
Adobe Flash Player versions 14.x through 18.x prior to 18.0.0.160
Adobe AIR versions prior to 18.0.0.144
Adobe AIR SDK versions prior to 18.0.0.144
Adobe AIR SDK & Compiler versions prior to 18.0.0.144
Description
The issue is related to a cross-site request forgery vulnerability. Exploitation of this issue may allow a remote attacker to bypass a protection mechanism. The estimated number of potentially affected devices worldwide is not specified. There is no information about real-world incidents where this issue was exploited.
Recommendations
For Adobe Flash Player versions prior to 13.0.0.292, update to version 13.0.0.292 or later.
For Adobe Flash Player versions 14.x through 18.x prior to 18.0.0.160, update to version 18.0.0.160 or later.
For Adobe AIR versions prior to 18.0.0.144, update to version 18.0.0.144 or later.
For Adobe AIR SDK versions prior to 18.0.0.144, update to version 18.0.0.144 or later.
For Adobe AIR SDK & Compiler versions prior to 18.0.0.144, update to version 18.0.0.144 or later.
Exploit
Fix
CSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Alt Linux
Air
Air Sdk
Air Sdk & Compiler
Flash Player
Red Hat
Suse