PT-2015-2658 · Adobe+3 · Flash Player+6

Published

2015-11-11

·

Updated

2017-07-01

·

CVE-2015-7662

CVSS v2.0

7.8

High

VectorAV:N/AC:L/Au:N/C:N/I:C/A:N
Name of the Vulnerable Software and Affected Versions Adobe Flash Player versions prior to 18.0.0.261 Adobe Flash Player versions 19.x prior to 19.0.0.245 Adobe Flash Player versions prior to 11.2.202.548 on Linux Adobe AIR versions prior to 19.0.0.241 Adobe AIR SDK versions prior to 19.0.0.241 Adobe AIR SDK & Compiler versions prior to 19.0.0.241
Description The issue is related to insufficient access restrictions, allowing remote attackers to bypass intended access restrictions and write to files. This can be exploited by a remote attacker to bypass access restrictions on file writing.
Recommendations For Adobe Flash Player versions prior to 18.0.0.261, update to version 18.0.0.261 or later. For Adobe Flash Player versions 19.x prior to 19.0.0.245, update to version 19.0.0.245 or later. For Adobe Flash Player versions prior to 11.2.202.548 on Linux, update to version 11.2.202.548 or later. For Adobe AIR versions prior to 19.0.0.241, update to version 19.0.0.241 or later. For Adobe AIR SDK versions prior to 19.0.0.241, update to version 19.0.0.241 or later. For Adobe AIR SDK & Compiler versions prior to 19.0.0.241, update to version 19.0.0.241 or later.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

ALT-PU-2015-1976
BDU:2015-12023
CVE-2015-7662
MGASA-2015-0444
RHSA-2015:2023
RHSA-2015:2024
RHSA-2015_2023
SUSE-SU-2015:1958-1
SUSE-SU-2015:1960-1

Affected Products

Alt Linux
Air
Air Sdk
Air Sdk & Compiler
Flash Player
Red Hat
Suse