flashplugin: arbitrary code execution

2015-10-18T00:00:00
ID ASA-201510-12
Type archlinux
Reporter Arch Linux
Modified 2015-10-18T00:00:00

Description

Several critical type confusion vulnerabilities (CVE-2015-7645, CVE-2015-7647, CVE-2015-7648) have been identified in Adobe Flash Player 11.2.202.535 and earlier 11.x versions for Linux. Successful exploitation could cause a crash and potentially allow an attacker to take control of the affected system.

Adobe is aware of a report that an exploit for the CVE-2015-7645 vulnerability is being used in limited, targeted attacks.