Kaspersky LabKLA10650KLA10650 Multiple vulnerabilities in Adobe products
10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
8.4 High
AI Score
Confidence
High
0.949 High
EPSS
Percentile
99.3%
Multiple serious vulnerabilities have been found in Adobe products. Malicious users can exploit these vulnerabilities to cause denial of service or execute arbitrary code.
Below is a complete list of vulnerabilities
- Type confusion, use-after-free, multiple overflows and memory corruption could be exploited remotely via an unknown vectors to cause denial of service or execute arbitrary code;
- Lack of restrictions introduced at previous version can be exploited remotely via an unknown vectors to cause denial of service or execute arbitrary code.
Original advisories
Exploitation
Public exploits exist for this vulnerability.
Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.
Related products
CVE list
CVE-2015-5124 critical
CVE-2015-5544 critical
CVE-2015-5545 critical
CVE-2015-5540 critical
CVE-2015-5541 critical
CVE-2015-5548 critical
CVE-2015-5549 critical
CVE-2015-5546 critical
CVE-2015-5547 critical
CVE-2015-5539 critical
CVE-2015-5561 critical
CVE-2015-5565 critical
CVE-2015-5564 critical
CVE-2015-5563 critical
CVE-2015-5562 critical
CVE-2015-5555 critical
CVE-2015-5566 critical
CVE-2015-5125 critical
CVE-2015-5127 critical
CVE-2015-5129 critical
CVE-2015-5560 critical
CVE-2015-5130 critical
CVE-2015-5131 critical
CVE-2015-5551 critical
CVE-2015-5550 critical
CVE-2015-5557 critical
CVE-2015-5556 critical
CVE-2015-5559 critical
CVE-2015-5558 critical
CVE-2015-5553 critical
CVE-2015-5552 critical
CVE-2015-5134 critical
CVE-2015-5554 critical
CVE-2015-5133 critical
CVE-2015-5132 critical
Solution
Update to the latest versionGet AIR
Impacts
- ACE
Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.
- OSI
Obtain sensitive information. Exploitation of vulnerabilities with this impact can lead to capturing by abuser information, critical for user or system.
- DoS
Denial of service. Exploitation of vulnerabilities with this impact can lead to loss of system availability or critical functional fault.
- SB
Security bypass. Exploitation of vulnerabilities with this impact can lead to performing actions restricted by current security settings.
Affected Products
- Adobe Flash Player for Windows and OS X versions earlier than 18.0.0.232Adobe Flash Player ESR versions earlier than 18.0.0.232Adobe Flash Player for Linux versions earlier than 11.2.202.508Adobe flash player at Google Chrome for Linux and Chrome OS versions earlier than 18.0.0.233Adobe AIR versions earlier than 18.0.0.199
References
helpx.adobe.com/security/products/flash-player/apsb15-19.html
statistics.securelist.com/
threats.kaspersky.com/en/class/Exploit/
threats.kaspersky.com/en/product/Adobe-AIR/
threats.kaspersky.com/en/product/Adobe-Flash-Player-ActiveX/
threats.kaspersky.com/en/product/Adobe-Flash-Player-NPAPI/
threats.kaspersky.com/en/product/Adobe-Flash-Player-PPAPI/
Related
10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
8.4 High
AI Score
Confidence
High
0.949 High
EPSS
Percentile
99.3%