CVE-2016-1015

Name of the Vulnerable Software and Affected Versions Adobe Flash Player versions prior to 18.0.0.343 Adobe Flash Player versions 19.x through 21.x prior to 21.0.0.213 on Windows and OS X Adobe Flash Player versions prior to 11.2.202.616 on Linux

Description The issue allows attackers to execute arbitrary code by leveraging an unspecified "type confusion" in the NetConnection object properties. This can be exploited by overriding these properties. The estimated number of potentially affected devices worldwide is not provided. There is no information about real-world incidents where this issue was exploited.

Recommendations For Adobe Flash Player versions prior to 18.0.0.343, update to version 18.0.0.343 or later. For Adobe Flash Player versions 19.x through 21.x prior to 21.0.0.213 on Windows and OS X, update to version 21.0.0.213 or later. For Adobe Flash Player versions prior to 11.2.202.616 on Linux, update to version 11.2.202.616 or later. As a temporary workaround, consider restricting the use of the NetConnection object until a patch is available.