PT-2015-2142 · Adobe+3 · Flash Player+6

Published

2015-09-21

·

Updated

2017-02-17

·

CVE-2015-5568

CVSS v2.0

10

High

VectorAV:N/AC:L/Au:N/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions Adobe Flash Player versions prior to 18.0.0.241 Adobe Flash Player versions 19.x prior to 19.0.0.185 Adobe Flash Player versions prior to 11.2.202.521 on Linux Adobe AIR versions prior to 19.0.0.190 Adobe AIR SDK versions prior to 19.0.0.190 Adobe AIR SDK & Compiler versions prior to 19.0.0.190
Description The issue is caused by insufficient input validation in the Flash Player and Adobe Integrated Runtime platforms. This allows a remote attacker to potentially cause a denial of service or have other unspecified impacts via unknown vectors.
Recommendations For Adobe Flash Player versions prior to 18.0.0.241, update to version 18.0.0.241 or later. For Adobe Flash Player versions 19.x prior to 19.0.0.185, update to version 19.0.0.185 or later. For Adobe Flash Player versions prior to 11.2.202.521 on Linux, update to version 11.2.202.521 or later. For Adobe AIR versions prior to 19.0.0.190, update to version 19.0.0.190 or later. For Adobe AIR SDK versions prior to 19.0.0.190, update to version 19.0.0.190 or later. For Adobe AIR SDK & Compiler versions prior to 19.0.0.190, update to version 19.0.0.190 or later.

Exploit

Fix

DoS

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

ALT-PU-2015-1803
BDU:2015-11488
CVE-2015-5568
MGASA-2015-0379
OPENSUSE-SU-2015_1616-1
RHSA-2015:1814
RHSA-2015_1814
SUSE-SU-2015:1614-1
SUSE-SU-2015:1618-1

Affected Products

Alt Linux
Air
Air Sdk
Air Sdk & Compiler
Flash Player
Red Hat
Suse