10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.816 High
EPSS
Percentile
98.3%
Adobe Flash Player 11.2.202.521 contains fixes to critical security vulnerabilities found in earlier versions that could potentially allow an attacker to take control of the affected system. This update resolves a type confusion vulnerability that could lead to code execution (CVE-2015-5573). This update resolves use-after-free vulnerabilities that could lead to code execution (CVE-2015-5570, CVE-2015-5574, CVE-2015-5581, CVE-2015-5584, CVE-2015-6682). This update resolves buffer overflow vulnerabilities that could lead to code execution (CVE-2015-6676, CVE-2015-6678). This update resolves memory corruption vulnerabilities that could lead to code execution (CVE-2015-5575, CVE-2015-5577, CVE-2015-5578, CVE-2015-5580, CVE-2015-5582, CVE-2015-5588, CVE-2015-6677). This update includes additional validation checks to ensure that Flash Player rejects malicious content from vulnerable JSONP callback APIs (CVE-2015-5571). This update resolves a memory leak vulnerability (CVE-2015-5576). This update includes further hardening to a mitigation to defend against vector length corruptions (CVE-2015-5568). This update resolves stack corruption vulnerabilities that could lead to code execution (CVE-2015-5567, CVE-2015-5579). This update resolves a stack overflow vulnerability that could lead to code execution (CVE-2015-5587). This update resolves a security bypass vulnerability that could lead to information disclosure (CVE-2015-5572). This update resolves a vulnerability that could be exploited to bypass the same-origin-policy and lead to information disclosure (CVE-2015-6679).
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Mageia | 5 | noarch | flash-player-plugin | < 11.2.202.521-1 | flash-player-plugin-11.2.202.521-1.mga5.nonfree |