KLA10727Code execution vulnerabilities in Adobe Flash Player and AIR

2015-12-28T00:00:00
ID KLA10727
Type kaspersky
Reporter Kaspersky Lab
Modified 2019-03-07T00:00:00

Description

Detect date:

12/28/2015

Severity:

Critical

Description:

Type confusion, integer overflow, use-after-free and memory corruption vulnerabilities were found in Adobe products. By exploiting these vulnerabilities malicious users can cause denial of service or execute arbitrary code. These vulnerabilities can be exploited remotely via an unknown vectors.

Affected products:

Adobe Flash Player versions earlier than 20.0.0.267
Adobe Flash Player Extended Support Release versions earlier than 18.0.0.324
Adobe Flash Player for Linux versions earlier than 11.2.202.559
Adobe AIR versions earlier than 20.0.0.233

Solution:

Update to the latest version
Get Flash Player
Get AIR

Original advisories:

Adobe Security bulletin

Impacts:

ACE

Related products:

Adobe Flash Player ActiveX

CVE-IDS:

CVE-2015-86349.3Critical
CVE-2015-84609.3Critical
CVE-2015-86419.3Critical
CVE-2015-86409.3Critical
CVE-2015-86439.3Critical
CVE-2015-86429.3Critical
CVE-2015-86369.3Critical
CVE-2015-86359.3Critical
CVE-2015-86399.3Critical
CVE-2015-86389.3Critical
CVE-2015-86449.3Critical
CVE-2015-86459.3Critical
CVE-2015-845910.0Critical
CVE-2015-86509.3Critical
CVE-2015-86519.3Critical
CVE-2015-86469.3Critical
CVE-2015-86479.3Critical
CVE-2015-86489.3Critical
CVE-2015-86499.3Critical