PT-2015-2421 · Adobe+3 · Flash Player+6

Published

2015-10-13

·

Updated

2017-07-01

·

CVE-2015-7632

CVSS v2.0

9.3

High

VectorAV:N/AC:M/Au:N/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions Adobe Flash Player versions prior to 18.0.0.252 Adobe Flash Player versions 19.x prior to 19.0.0.207 Adobe Flash Player version prior to 11.2.202.535 on Linux Adobe AIR versions prior to 19.0.0.213 Adobe AIR SDK versions prior to 19.0.0.213 Adobe AIR SDK & Compiler versions prior to 19.0.0.213
Description The issue is caused by a buffer overflow in the Loader object when the loaderBytes property is crafted. This allows attackers to execute arbitrary code. The vulnerability can be exploited by a remote attacker using a specially formed Loader object.
Recommendations For Adobe Flash Player versions prior to 18.0.0.252, update to version 18.0.0.252 or later. For Adobe Flash Player versions 19.x prior to 19.0.0.207, update to version 19.0.0.207 or later. For Adobe Flash Player version prior to 11.2.202.535 on Linux, update to version 11.2.202.535 or later. For Adobe AIR versions prior to 19.0.0.213, update to version 19.0.0.213 or later. For Adobe AIR SDK versions prior to 19.0.0.213, update to version 19.0.0.213 or later. For Adobe AIR SDK & Compiler versions prior to 19.0.0.213, update to version 19.0.0.213 or later. As a temporary workaround, consider disabling the loaderBytes property in the Loader object until a patch is available.

Fix

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

ALT-PU-2015-1873
BDU:2015-11786
CVE-2015-7632
MGASA-2015-0399
OPENSUSE-SU-2015_1744-1
RHSA-2015:1893
RHSA-2015:2024
RHSA-2015_1893
SUSE-SU-2015:1740-1
SUSE-SU-2015:1742-1
ZDI-15-512

Affected Products

Alt Linux
Air
Air Sdk
Air Sdk & Compiler
Flash Player
Red Hat
Suse