SB2015070701 - Remote code execution in Adobe Flash Player

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2015070701

SB2015070701 - Remote code execution in Adobe Flash Player

Published: July 7, 2015 Updated: January 31, 2017

Security Bulletin ID SB2015070701
Severity
Critical
Patch available
YES
Number of vulnerabilities 4
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

Critical 25% High 75%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 4 secuirty vulnerabilities.


1) Use-after-free error (CVE-ID: CVE-2015-5119)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to use-after-free error when processing .swf files. A remote attacker can create a specially crafted Web-site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of  the vulnerability results in arbitrary code execution on the vulnerable system.

Note: the vulnerability was being actively exploited.


2) Use-after-free error (CVE-ID: CVE-2015-4430)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to use-after-free error when processing .swf files. A remote attacker can create a specially crafted Web-site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of  the vulnerability results in arbitrary code execution on the vulnerable system.


3) Use-after-free error (CVE-ID: CVE-2015-4428)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to use-after-free error when processing .swf files. A remote attacker can create a specially crafted Web-site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of  the vulnerability results in arbitrary code execution on the vulnerable system.


4) Use-after-free error (CVE-ID: CVE-2015-3137)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to use-after-free error when processing .swf files. A remote attacker can create a specially crafted Web-site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation of  the vulnerability results in arbitrary code execution on the vulnerable system.


Remediation

Install update from vendor's website.

References