PT-2015-2802 · Adobe+1 · Air Sdk & Compiler+4

S3Tm3M

Published

2015-12-09

Updated

2017-02-17

CVE-2015-8457

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Adobe Flash Player versions prior to 18.0.0.268 Adobe Flash Player versions 19.x Adobe Flash Player versions 20.x prior to 20.0.0.228 Adobe AIR versions prior to 20.0.0.204 Adobe AIR SDK versions prior to 20.0.0.204 Adobe AIR SDK & Compiler versions prior to 20.0.0.204 Adobe Flash Player versions prior to 11.2.202.554 on Linux

Description The issue is caused by a stack-based buffer overflow, allowing attackers to execute arbitrary code via unspecified vectors. This can be exploited by a remote attacker to execute arbitrary code.

Recommendations For Adobe Flash Player versions prior to 18.0.0.268, update to version 18.0.0.268 or later. For Adobe Flash Player versions 19.x, update to a version that is not affected by this issue. For Adobe Flash Player versions 20.x prior to 20.0.0.228, update to version 20.0.0.228 or later. For Adobe AIR versions prior to 20.0.0.204, update to version 20.0.0.204 or later. For Adobe AIR SDK versions prior to 20.0.0.204, update to version 20.0.0.204 or later. For Adobe AIR SDK & Compiler versions prior to 20.0.0.204, update to version 20.0.0.204 or later. For Adobe Flash Player versions prior to 11.2.202.554 on Linux, update to version 11.2.202.554 or later.

Fix

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

BDU:2015-12168

CVE-2015-8457

RHSA-2015:2593

RHSA-2015_2593

ZDI-15-636

Affected Products

Air

Air Sdk

Air Sdk & Compiler

Flash Player

Red Hat

PT-2015-2802 · Adobe+1 · Air Sdk & Compiler+4

CVE-2015-8457

Weakness Enumeration

Related Identifiers

Affected Products

References · 194