PT-2015-2915 · Adobe+1 · Flash Player+4

Published

2015-12-09

·

Updated

2017-02-17

·

CVE-2015-8456

CVSS v2.0

9.3

High

VectorAV:N/AC:M/Au:N/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions Adobe Flash Player versions prior to 18.0.0.268 Adobe Flash Player versions 19.x Adobe Flash Player versions 20.x prior to 20.0.0.228 Adobe Flash Player version 11.2.202.554 and earlier on Linux Adobe AIR versions prior to 20.0.0.204 Adobe AIR SDK versions prior to 20.0.0.204 Adobe AIR SDK & Compiler versions prior to 20.0.0.204
Description The issue is related to errors in the code of Flash Player and Adobe Integrated Runtime platforms, allowing attackers to execute arbitrary code by leveraging an unspecified "type confusion". This can be exploited by a remote attacker to execute arbitrary code.
Recommendations For Adobe Flash Player versions prior to 18.0.0.268, update to version 18.0.0.268 or later. For Adobe Flash Player versions 19.x, update to version 20.0.0.228 or later. For Adobe Flash Player versions 20.x prior to 20.0.0.228, update to version 20.0.0.228 or later. For Adobe Flash Player version 11.2.202.554 and earlier on Linux, update to version 11.2.202.554 or later. For Adobe AIR versions prior to 20.0.0.204, update to version 20.0.0.204 or later. For Adobe AIR SDK versions prior to 20.0.0.204, update to version 20.0.0.204 or later. For Adobe AIR SDK & Compiler versions prior to 20.0.0.204, update to version 20.0.0.204 or later.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-17

Related Identifiers

BDU:2016-00012
CVE-2015-8456
RHSA-2015:2593
RHSA-2015_2593

Affected Products

Air
Air Sdk
Air Sdk & Compiler
Flash Player
Red Hat