Multiple vulnerabilities in Adobe Flash Player

Kaspersky Lab ID

KLA10574

CVSS

8.0

Severity

Critical

Detect Date

May 12, 2015

Description

Multiple serious vulnerabilities have been found in Adobe products. Malicious users can exploit these vulnerabilities to write local files, bypass security restrictions, execute arbitrary code or obtain sensitive information.

Below is a complete list of vulnerabilities

  1. Memory corruption, heap overflow, integer overflow, type confusion, use after free and memory leak can be exploited remotely via an unknown vectors;
  2. Race condition can be exploited remotely via vectors related to Internet Explorer;
  3. Unknown vulnerabilities can be exploited remotely via an unknown vectors.

Affected products

Adobe Flash Player versions earlier than 17.0.0.188 for OS X and Windows
Adobe Flash Player ESR versions earlier than 13.0.0.289
Adobe Flash Player versions earlier than 11.2.202.460 for Linux
Adobe AIR runtime, SDK and Compiler versions earlier than 17.0.0.172

Solution

Update to the latest version
Get Flash Player
Get AIR

Original advisories

Adobe bulletin

Impacts

SB 
[?]

OSI 
[?]

ACE 
[?]

WLF 
[?]

CVE-IDs

CVE-2015-3044
CVE-2015-3093
CVE-2015-3092
CVE-2015-3091
CVE-2015-3090
CVE-2015-3089
CVE-2015-3088
CVE-2015-3087
CVE-2015-3086
CVE-2015-3085
CVE-2015-3084
CVE-2015-3083
CVE-2015-3082
CVE-2015-3081
CVE-2015-3080
CVE-2015-3079
CVE-2015-3078
CVE-2015-3077