10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.975 High
EPSS
Percentile
99.9%
The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash
Player web browser plug-in.
This update fixes multiple vulnerabilities in Adobe Flash Player. These
vulnerabilities are detailed in the Adobe Security Bulletin APSB15-09
listed in the References section.
Multiple flaws were found in the way flash-plugin displayed certain SWF
content. An attacker could use these flaws to create a specially crafted
SWF file that would cause flash-plugin to crash or, potentially, execute
arbitrary code when the victim loaded a page containing the malicious SWF
content. (CVE-2015-3077, CVE-2015-3078, CVE-2015-3080, CVE-2015-3082,
CVE-2015-3083, CVE-2015-3084, CVE-2015-3085, CVE-2015-3086, CVE-2015-3087,
CVE-2015-3088, CVE-2015-3089, CVE-2015-3090, CVE-2015-3093)
A security bypass flaw was found in flash-plugin that could lead to the
disclosure of sensitive information. (CVE-2015-3079)
Two memory information leak flaws were found in flash-plugin that could
allow an attacker to potentially bypass ASLR (Address Space Layout
Randomization) protection, and make it easier to exploit other flaws.
(CVE-2015-3091, CVE-2015-3092)
All users of Adobe Flash Player should install this updated package, which
upgrades Flash Player to version 11.2.202.460.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | 6 | i686 | flash-plugin | < 11.2.202.460-1.el6_6 | flash-plugin-11.2.202.460-1.el6_6.i686.rpm |
RedHat | 5 | i386 | flash-plugin | < 11.2.202.460-1.el5 | flash-plugin-11.2.202.460-1.el5.i386.rpm |