PT-2015-4575 · Adobe+3 · Flash Player+3

Published

2015-04-14

Updated

2017-01-03

CVE-2015-0357

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Adobe Flash Player versions prior to 13.0.0.281 Adobe Flash Player versions 14.x through 17.x before 17.0.0.169 Adobe Flash Player version 11.2.202.457 and earlier on Linux

Description The issue allows attackers to bypass the ASLR protection mechanism via unspecified vectors by not properly restricting discovery of memory addresses. This enables attackers to access information related to memory addresses, which can be used to exploit the system.

Recommendations For Adobe Flash Player versions prior to 13.0.0.281, update to version 13.0.0.281 or later. For Adobe Flash Player versions 14.x through 17.x, update to version 17.0.0.169 or later. For Adobe Flash Player version 11.2.202.457 and earlier on Linux, update to version 11.2.202.457 or later.

Exploit

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

ALT-PU-2015-1384

CVE-2015-0357

MGASA-2015-0155

OPENSUSE-SU-2015_0718-1

RHSA-2015:0813

RHSA-2015_0813

SUSE-SU-2015:0722-1

Affected Products

Alt Linux

Flash Player

Red Hat

Suse

PT-2015-4575 · Adobe+3 · Flash Player+3

CVE-2015-0357

Weakness Enumeration

Related Identifiers

Affected Products

References · 154