PT-2015-6071 · Adobe+3 · Flash Player+6

Published

2015-05-12

·

Updated

2017-01-03

·

CVE-2015-3091

CVSS v2.0

5.0

Medium

VectorAV:N/AC:L/Au:N/C:P/I:N/A:N
Name of the Vulnerable Software and Affected Versions Adobe Flash Player versions prior to 13.0.0.289 Adobe Flash Player versions 14.x through 17.x before 17.0.0.188 Adobe Flash Player version prior to 11.2.202.460 on Linux Adobe AIR versions prior to 17.0.0.172 Adobe AIR SDK versions prior to 17.0.0.172 Adobe AIR SDK & Compiler versions prior to 17.0.0.172
Description The issue allows attackers to bypass the ASLR protection mechanism via unspecified vectors, due to the software not properly restricting discovery of memory addresses. This enables an attacker to exploit the vulnerability and gain unauthorized access to sensitive information.
Recommendations For Adobe Flash Player versions prior to 13.0.0.289, update to version 13.0.0.289 or later. For Adobe Flash Player versions 14.x through 17.x before 17.0.0.188, update to version 17.0.0.188 or later. For Adobe Flash Player version prior to 11.2.202.460 on Linux, update to version 11.2.202.460 or later. For Adobe AIR versions prior to 17.0.0.172, update to version 17.0.0.172 or later. For Adobe AIR SDK versions prior to 17.0.0.172, update to version 17.0.0.172 or later. For Adobe AIR SDK & Compiler versions prior to 17.0.0.172, update to version 17.0.0.172 or later.

Exploit

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

ALT-PU-2015-1438
CVE-2015-3091
MGASA-2015-0218
OPENSUSE-SU-2015_0914-1
RHSA-2015:1005
RHSA-2015_1005
SUSE-SU-2015:0878-1

Affected Products

Alt Linux
Air
Air Sdk
Air Sdk & Compiler
Flash Player
Red Hat
Suse