KLA10439 Multiple vulnerabilities in Adobe products

Multiple critical vulnerabilities have been found in Adobe Products. Malicious users can exploit these vulnerabilities to obtain sensitive information, execute arbitrary code, cause denial of service and other unknown impact.

Below is a complete list of vulnerabilities

1. A use-after-free vulnerability can be exploited via unknown vectors;
2. Heap-based buffer overflow vulnerability can be exploited via unknown vectors;
3. Improper file validation can be exploited via unspecified vectors;
4. Type confusion vulnerability can be exploited via unspecified vectors.

Original advisories

APSB

Related products

Adobe-Flash-Player-ActiveX

Adobe-Flash-Player-NPAPI

CVE list

CVE-2015-0308 critical

CVE-2015-0309 critical

CVE-2015-0306 critical

CVE-2015-0307 critical

CVE-2015-0304 critical

CVE-2015-0305 critical

CVE-2015-0302 critical

CVE-2015-0303 critical

CVE-2015-0301 critical

Solution

Update to latest versionGet flash player

Get adobe air

Impacts

• ACE

Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.

• OSI

Obtain sensitive information. Exploitation of vulnerabilities with this impact can lead to capturing by abuser information, critical for user or system.

• DoS

Denial of service. Exploitation of vulnerabilities with this impact can lead to loss of system availability or critical functional fault.

Affected Products

• Adobe Flash Player versions 16.0.0.235 and earlierAdobe Flash Player ESR versions 13.0.0.259 and earlierAdobe AIR desktop runtime versions 15.0.0.356 and earlierAdobe AIR SDK versions 15.0.0.356 and earlierAdobe AIR SDK and Compiler versions 15.0.0.356 and earlier