flashplugin: multiple issues

2015-01-23T00:00:00
ID ASA-201501-22
Type archlinux
Reporter Arch Linux
Modified 2015-01-23T00:00:00

Description

  • CVE-2015-0311 (remote code execution)

Unspecified vulnerability allows remote attackers to execute arbitrary code via unknown vectors, as exploited in the wild in January 2015.

  • CVE-2015-0309 (remote code execution)

Heap-based buffer overflow allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-0304.

  • CVE-2015-0308 (remote code execution)

Use-after-free vulnerability allows attackers to execute arbitrary code via unspecified vectors.

  • CVE-2015-0307 (memory leaks, denial of service)

A vulnerability allows remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via unspecified vectors.

  • CVE-2015-0306 (remote code execution, denial of service)

A vulnerability allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-0303.

  • CVE-2015-0305 (remote code execution)

A vulnerability allows attackers to execute arbitrary code by leveraging an unspecified "type confusion".

  • CVE-2015-0304 (remote code execution)

Heap-based buffer overflow allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-0309.

  • CVE-2015-0303 (remote code execution, denial of service)

A vulnerability allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-0306.

  • CVE-2015-0302 (keylogging)

A vulnerability allows attackers to obtain sensitive keystroke information via unspecified vectors.

  • CVE-2015-0301 (file validation)

The flashplugin does not properly validate files, which has unspecified impact and attack vectors.