Versions of Adobe Flash player prior to 17.0 are outdated and thus unpatched for the following vulnerabilities :
Multiple memory corruption vulnerabilities exist due to improper input validation. A remote attacker could exploit these to execute arbitrary code. (CVE-2015-0332, CVE-2015-0333, CVE-2015-0335, CVE-2015-0339)
Multiple type confusion flaws exist, which an attacker could exploit to execute arbitrary code. (CVE-2015-0334, CVE-2015-0336)
An unspecified flaw exists that allows an attacker to bypass cross-domain policy. (CVE-2015-0337)
An integer overflow vulnerability exists due to improper input validation, which an attacker can exploit to execute arbitrary code. (CVE-2015-0338)
An unspecified flaw exists that allows an attacker to bypass restrictions and upload arbitrary files. (CVE-2015-0340)
Multiple use-after-free vulnerabilities exist that can allow an attacker to dereference memory which has already been freed and execute arbitrary code. (CVE-2015-0341, CVE-2015-0342)
Binary data 8654.prm
Vendor | Product | Version | CPE |
---|---|---|---|
adobe | flash_player | cpe:/a:adobe:flash_player |
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0332
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0333
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0334
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0335
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0336
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0337
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0338
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0339
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0340
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0341
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0342
helpx.adobe.com/security/products/flash-player/apsb15-05.html
www.nessus.org/u?0cb17c10