Adobe Flash Player Multiple Vulnerabilities

Last Update Date: 28 Jan 2015 Release Date: 23 Jan 2015 4348 Views

RISK: Extremely High Risk

Extremely High Risk

TYPE: Clients - Audio & Video

TYPE: Audio & Video

Multiple vulnerabilities ws identified in Adobe Flash Player. A remote user can bypass the memory address randomization security feature and cause arbitrary code to be executed on the target user's system. 

  1. A remote user can create specially crafted Flash content that, when loaded by the target user, will trigger a memory leak to obtain information that can be used to bypass memory address randomization. (CVE-2015-0310)
  2. A remote user can create specially crafted content that, when loaded by the target user, will trigger a double-free memory error and execute arbitrary code on the target system. The code will run with the privileges of the target user. (CVE-2015-0312)

NOTE: The vulnerabilities were currently being exploited in the wild

UPDATE: The vendor has issued a fix for vulnerability 2

Impact

  • Remote Code Execution
  • Information Disclosure

System / Technologies affected

  • Adobe Flash Player 16.0.0.257 and earlier versions
  • Adobe Flash Player 13.0.0.260 and earlier 13.x versions

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

Vulnerability Identifier

Source

Related Link

Share with

Previous

PHP Multiple Vulnerabilities

27 Jan 2015 3772 Views

Next

Apple Products (OS X, Safari, iOS and Apple TV) Multiple Vulnerabilities

29 Jan 2015 3839 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY