Adobe Flash Player CVE-2015-3113 Unspecified Heap Buffer Overflow Vulnerability

Description

Adobe Flash Player is prone to an unspecified heap-based buffer-overflow vulnerability. Attackers can exploit this issue to execute arbitrary code within the context of the application. Failed attempts will likely cause a denial-of-service condition; this can result in the attacker gaining complete control of the affected system.

Technologies Affected

• Adobe Flash Player 11
• Adobe Flash Player 11.0.1.129
• Adobe Flash Player 11.0.1.152
• Adobe Flash Player 11.0.1.153
• Adobe Flash Player 11.0.1.60
• Adobe Flash Player 11.0.1.98
• Adobe Flash Player 11.1
• Adobe Flash Player 11.1.102.228
• Adobe Flash Player 11.1.102.55
• Adobe Flash Player 11.1.102.59
• Adobe Flash Player 11.1.102.62
• Adobe Flash Player 11.1.102.63
• Adobe Flash Player 11.1.111.10
• Adobe Flash Player 11.1.111.44
• Adobe Flash Player 11.1.111.5
• Adobe Flash Player 11.1.111.50
• Adobe Flash Player 11.1.111.54
• Adobe Flash Player 11.1.111.6
• Adobe Flash Player 11.1.111.64
• Adobe Flash Player 11.1.111.7
• Adobe Flash Player 11.1.111.73
• Adobe Flash Player 11.1.111.8
• Adobe Flash Player 11.1.111.9
• Adobe Flash Player 11.1.112.61
• Adobe Flash Player 11.1.115.11
• Adobe Flash Player 11.1.115.34
• Adobe Flash Player 11.1.115.48
• Adobe Flash Player 11.1.115.54
• Adobe Flash Player 11.1.115.58
• Adobe Flash Player 11.1.115.59
• Adobe Flash Player 11.1.115.6
• Adobe Flash Player 11.1.115.63
• Adobe Flash Player 11.1.115.69
• Adobe Flash Player 11.1.115.7
• Adobe Flash Player 11.1.115.8
• Adobe Flash Player 11.1.115.81
• Adobe Flash Player 11.2.202 236
• Adobe Flash Player 11.2.202 238
• Adobe Flash Player 11.2.202.160
• Adobe Flash Player 11.2.202.197
• Adobe Flash Player 11.2.202.221
• Adobe Flash Player 11.2.202.223
• Adobe Flash Player 11.2.202.228
• Adobe Flash Player 11.2.202.229
• Adobe Flash Player 11.2.202.233
• Adobe Flash Player 11.2.202.235
• Adobe Flash Player 11.2.202.236
• Adobe Flash Player 11.2.202.238
• Adobe Flash Player 11.2.202.243
• Adobe Flash Player 11.2.202.251
• Adobe Flash Player 11.2.202.258
• Adobe Flash Player 11.2.202.261
• Adobe Flash Player 11.2.202.262
• Adobe Flash Player 11.2.202.270
• Adobe Flash Player 11.2.202.273
• Adobe Flash Player 11.2.202.275
• Adobe Flash Player 11.2.202.280
• Adobe Flash Player 11.2.202.285
• Adobe Flash Player 11.2.202.291
• Adobe Flash Player 11.2.202.297
• Adobe Flash Player 11.2.202.310
• Adobe Flash Player 11.2.202.327
• Adobe Flash Player 11.2.202.332
• Adobe Flash Player 11.2.202.335
• Adobe Flash Player 11.2.202.336
• Adobe Flash Player 11.2.202.341
• Adobe Flash Player 11.2.202.346
• Adobe Flash Player 11.2.202.350
• Adobe Flash Player 11.2.202.356
• Adobe Flash Player 11.2.202.359
• Adobe Flash Player 11.2.202.378
• Adobe Flash Player 11.2.202.394
• Adobe Flash Player 11.2.202.400
• Adobe Flash Player 11.2.202.406
• Adobe Flash Player 11.2.202.411
• Adobe Flash Player 11.2.202.418
• Adobe Flash Player 11.2.202.424
• Adobe Flash Player 11.2.202.425
• Adobe Flash Player 11.2.202.429
• Adobe Flash Player 11.2.202.438
• Adobe Flash Player 11.2.202.440
• Adobe Flash Player 11.2.202.442
• Adobe Flash Player 11.2.202.451
• Adobe Flash Player 11.2.202.457
• Adobe Flash Player 11.2.202.460
• Adobe Flash Player 11.2.202.466
• Adobe Flash Player 11.2.202.95
• Adobe Flash Player 11.3.300.214
• Adobe Flash Player 11.3.300.231
• Adobe Flash Player 11.3.300.250
• Adobe Flash Player 11.3.300.257
• Adobe Flash Player 11.3.300.262
• Adobe Flash Player 11.3.300.265
• Adobe Flash Player 11.3.300.268
• Adobe Flash Player 11.3.300.270
• Adobe Flash Player 11.3.300.271
• Adobe Flash Player 11.3.300.273
• Adobe Flash Player 11.3.31.230
• Adobe Flash Player 11.3.378.5
• Adobe Flash Player 11.4.400.231
• Adobe Flash Player 11.4.402.265
• Adobe Flash Player 11.4.402.278
• Adobe Flash Player 11.4.402.287
• Adobe Flash Player 11.5.500.80
• Adobe Flash Player 11.5.502.110
• Adobe Flash Player 11.5.502.118
• Adobe Flash Player 11.5.502.124
• Adobe Flash Player 11.5.502.131
• Adobe Flash Player 11.5.502.135
• Adobe Flash Player 11.5.502.136
• Adobe Flash Player 11.5.502.146
• Adobe Flash Player 11.5.502.149
• Adobe Flash Player 11.6.602.105
• Adobe Flash Player 11.6.602.167
• Adobe Flash Player 11.6.602.168
• Adobe Flash Player 11.6.602.171
• Adobe Flash Player 11.6.602.180
• Adobe Flash Player 11.7.700.169
• Adobe Flash Player 11.7.700.202
• Adobe Flash Player 11.7.700.203
• Adobe Flash Player 11.7.700.225
• Adobe Flash Player 11.7.700.232
• Adobe Flash Player 11.7.700.242
• Adobe Flash Player 11.7.700.252
• Adobe Flash Player 11.7.700.257
• Adobe Flash Player 11.7.700.260
• Adobe Flash Player 11.7.700.261
• Adobe Flash Player 11.7.700.269
• Adobe Flash Player 11.7.700.272
• Adobe Flash Player 11.7.700.275
• Adobe Flash Player 11.7.700.279
• Adobe Flash Player 11.8.800.168
• Adobe Flash Player 11.8.800.170
• Adobe Flash Player 11.8.800.94
• Adobe Flash Player 11.8.800.97
• Adobe Flash Player 11.9.900.117
• Adobe Flash Player 11.9.900.152
• Adobe Flash Player 11.9.900.170
• Adobe Flash Player 13.0.0.182
• Adobe Flash Player 13.0.0.201
• Adobe Flash Player 13.0.0.206
• Adobe Flash Player 13.0.0.214
• Adobe Flash Player 13.0.0.223
• Adobe Flash Player 13.0.0.231
• Adobe Flash Player 13.0.0.241
• Adobe Flash Player 13.0.0.244
• Adobe Flash Player 13.0.0.250
• Adobe Flash Player 13.0.0.252
• Adobe Flash Player 13.0.0.258
• Adobe Flash Player 13.0.0.259
• Adobe Flash Player 13.0.0.260
• Adobe Flash Player 13.0.0.262
• Adobe Flash Player 13.0.0.264
• Adobe Flash Player 13.0.0.269
• Adobe Flash Player 13.0.0.277
• Adobe Flash Player 13.0.0.281
• Adobe Flash Player 13.0.0.289
• Adobe Flash Player 13.0.0.292
• Adobe Flash Player 14.0.0.125
• Adobe Flash Player 14.0.0.145
• Adobe Flash Player 14.0.0.176
• Adobe Flash Player 14.0.0.177
• Adobe Flash Player 14.0.0.179
• Adobe Flash Player 15.0.0.152
• Adobe Flash Player 15.0.0.189
• Adobe Flash Player 15.0.0.223
• Adobe Flash Player 15.0.0.239
• Adobe Flash Player 15.0.0.242
• Adobe Flash Player 15.0.0.246
• Adobe Flash Player 16.0.0.234
• Adobe Flash Player 16.0.0.235
• Adobe Flash Player 16.0.0.257
• Adobe Flash Player 16.0.0.287
• Adobe Flash Player 16.0.0.291
• Adobe Flash Player 16.0.0.296
• Adobe Flash Player 16.0.0.305
• Adobe Flash Player 17.0.0.134
• Adobe Flash Player 17.0.0.169
• Adobe Flash Player 17.0.0.188
• Adobe Flash Player 18.0.0.143
• Adobe Flash Player 18.0.0.160
• Adobe Flash Player 18.0.0.161
• HP Insight Orchestration 6.0
• HP Insight Orchestration 6.1
• HP Insight Orchestration 6.2
• HP System Management Homepage 2.0.0
• HP System Management Homepage 2.0.1
• HP System Management Homepage 2.0.2
• HP System Management Homepage 2.1.0
• HP System Management Homepage 2.1.1
• HP System Management Homepage 2.1.10
• HP System Management Homepage 2.1.11
• HP System Management Homepage 2.1.12
• HP System Management Homepage 2.1.15
• HP System Management Homepage 2.1.2
• HP System Management Homepage 2.1.3
• HP System Management Homepage 2.1.4
• HP System Management Homepage 2.1.5
• HP System Management Homepage 2.1.6
• HP System Management Homepage 2.1.7
• HP System Management Homepage 2.1.8
• HP System Management Homepage 2.1.9
• HP System Management Homepage 2.2.6
• HP System Management Homepage 2.2.8
• HP System Management Homepage 2.2.9.1
• HP System Management Homepage 3.0.0.64
• HP System Management Homepage 3.0.0.68
• HP System Management Homepage 3.0.1
• HP System Management Homepage 3.0.2.77
• HP System Management Homepage 3.2.2
• HP System Management Homepage 3.2.7
• HP System Management Homepage 6.0
• HP System Management Homepage 6.2
• HP System Management Homepage 6.2.0
• HP System Management Homepage 6.2.2.7
• HP System Management Homepage 6.3
• HP System Management Homepage 6.3.0
• HP System Management Homepage 7.0
• HP System Management Homepage 7.1
• HP System Management Homepage 7.1.1
• HP System Management Homepage 7.1.2
• HP System Management Homepage 7.2
• HP System Management Homepage 7.2.0
• HP System Management Homepage 7.2.1
• HP System Management Homepage 7.2.2
• HP System Management Homepage 7.2.3
• HP System Management Homepage 7.2.4.1
• HP System Management Homepage 7.3
• HP System Management Homepage 7.3.1
• HP System Management Homepage 7.3.2
• HP System Management Homepage 7.3.3.1
• HP System Management Homepage 7.4
• HP Systems Insight Manager 4.2
• HP Systems Insight Manager 5.0
• HP Systems Insight Manager 5.3
• HP Systems Insight Manager 6.0
• HP Systems Insight Manager 6.1
• HP Systems Insight Manager 6.2
• HP Systems Insight Manager 6.3
• HP Systems Insight Manager 7.0
• HP Systems Insight Manager 7.1.1
• HP Systems Insight Manager 7.2
• HP Systems Insight Manager 7.2.1
• HP Systems Insight Manager 7.2.2
• HP Systems Insight Manager 7.3
• HP Systems Insight Manager 7.3.1
• HP Systems Insight Manager 7.3.2
• HP Systems Insight Manager 7.4
• HP Version Control Agent 2.1.5
• HP Version Control Agent 7.2.0
• HP Version Control Agent 7.2.1
• HP Version Control Agent 7.2.2
• HP Version Control Agent 7.3.0
• HP Version Control Agent 7.3.1
• HP Version Control Agent 7.3.2
• HP Version Control Agent 7.3.3
• HP Version Control Agent 7.3.4
• HP Version Control Agent 7.3.5
• HP Version Control Repository Manager 7.2.0
• HP Version Control Repository Manager 7.2.1
• HP Version Control Repository Manager 7.2.2
• HP Version Control Repository Manager 7.3.0
• HP Version Control Repository Manager 7.3.1
• HP Version Control Repository Manager 7.3.2
• HP Version Control Repository Manager 7.3.3
• HP Version Control Repository Manager 7.3.4
• HP Version Control Repository Manager 7.4.0
• HP Version Control Repository Manager 7.4.0a
• HP Version Control Repository Manager 7.4.1
• HP Virtual Connect Enterprise Manager 6.0
• HP Virtual Connect Enterprise Manager 6.1
• HP Virtual Connect Enterprise Manager 6.2
• HP iMC PLAT 7.0
• HP iMC PLAT 7.1 E0303P06
• HP iMC SHM
• Microsoft Internet Explorer 10
• Microsoft Internet Explorer 11
• Redhat Enterprise Linux Desktop Supplementary 5 Client
• Redhat Enterprise Linux Desktop Supplementary 6
• Redhat Enterprise Linux Server Supplementary 6
• Redhat Enterprise Linux Supplementary 5 Server
• Redhat Enterprise Linux Workstation Supplementary 6
• SuSE openSUSE Evergreen 11.4

Recommendations

Run all software as a nonprivileged user with minimal access rights.
To reduce the impact of latent vulnerabilities, run the application with the minimal amount of privileges required for functionality.

Deploy network intrusion detection systems to monitor network traffic for malicious activity.
Deploy NIDS to monitor network traffic for signs of anomalous or suspicious activity including unexplained incoming and outgoing traffic. This may indicate exploit attempts or activity that results from successful exploits.

Do not accept or execute files from untrusted or unknown sources.
To reduce the likelihood of successful exploits, never handle files that originate from unfamiliar or untrusted sources.

Do not follow links provided by unknown or untrusted sources.
To reduce the likelihood of attacks, never visit sites of questionable integrity or follow links provided by unfamiliar or untrusted sources.

Implement multiple redundant layers of security.
Various memory-protection schemes (such as nonexecutable and randomly mapped memory segments) may hinder an attacker’s ability to exploit this vulnerability to execute arbitrary code.

Updates are available. Please see the references or vendor advisory for more information.