PT-2015-3156 · Adobe+3 · Air Sdk & Compiler+7

Published

2015-12-28

·

Updated

2025-02-14

·

CVE-2015-8651

CVSS v2.0

9.3

High

VectorAV:N/AC:M/Au:N/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions Adobe Flash Player versions prior to 18.0.0.324 Adobe Flash Player versions 19.x Adobe Flash Player versions 20.x prior to 20.0.0.267 Adobe AIR versions prior to 20.0.0.233 Adobe AIR SDK versions prior to 20.0.0.233 Adobe AIR SDK & Compiler versions prior to 20.0.0.233 Adobe Flash Player for Linux versions prior to 11.2.202.559
Description The issue is caused by an integer overflow in Adobe Flash Player and Adobe Integrated Runtime, which can allow a remote attacker to execute arbitrary code. The exploitation of this issue can lead to the execution of unspecified vectors, resulting in arbitrary code execution.
Recommendations For Adobe Flash Player versions prior to 18.0.0.324, update to version 18.0.0.324 or later. For Adobe Flash Player versions 19.x, update to version 20.0.0.267 or later. For Adobe Flash Player versions 20.x prior to 20.0.0.267, update to version 20.0.0.267 or later. For Adobe AIR versions prior to 20.0.0.233, update to version 20.0.0.233 or later. For Adobe AIR SDK versions prior to 20.0.0.233, update to version 20.0.0.233 or later. For Adobe AIR SDK & Compiler versions prior to 20.0.0.233, update to version 20.0.0.233 or later. For Adobe Flash Player for Linux versions prior to 11.2.202.559, update to version 11.2.202.559 or later.

Fix

Integer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-189CWE-190

Related Identifiers

ALT-PU-2015-2208
BDU:2016-00372
CVE-2015-8651
MGASA-2015-0493
OPENSUSE-SU-2015_2400-1
RHSA-2015:2697
RHSA-2015_2697
SUSE-SU-2015:2401-1
SUSE-SU-2015:2402-1

Affected Products

Alt Linux
Air
Air Sdk
Air Sdk & Compiler
Flash Player
Flash Player For Linux
Red Hat
Suse