PT-2015-2182 · Adobe+3 · Flash Player+6
Published
2015-09-21
·
Updated
2017-02-17
·
CVE-2015-5572
CVSS v2.0
5.0
Medium
| Vector | AV:N/AC:L/Au:N/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Adobe Flash Player versions prior to 18.0.0.241
Adobe Flash Player versions 19.x prior to 19.0.0.185
Adobe Flash Player versions prior to 11.2.202.521 on Linux
Adobe AIR versions prior to 19.0.0.190
Adobe AIR SDK versions prior to 19.0.0.190
Adobe AIR SDK & Compiler versions prior to 19.0.0.190
Description
The issue allows attackers to bypass intended access restrictions and obtain sensitive information. It is related to the lack of protection for service data, which can be exploited by a remote attacker to bypass existing access rules and gain access to protected information.
Recommendations
For Adobe Flash Player versions prior to 18.0.0.241, update to version 18.0.0.241 or later.
For Adobe Flash Player versions 19.x prior to 19.0.0.185, update to version 19.0.0.185 or later.
For Adobe Flash Player versions prior to 11.2.202.521 on Linux, update to version 11.2.202.521 or later.
For Adobe AIR versions prior to 19.0.0.190, update to version 19.0.0.190 or later.
For Adobe AIR SDK versions prior to 19.0.0.190, update to version 19.0.0.190 or later.
For Adobe AIR SDK & Compiler versions prior to 19.0.0.190, update to version 19.0.0.190 or later.
Fix
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Alt Linux
Air
Air Sdk
Air Sdk & Compiler
Flash Player
Red Hat
Suse