Adobe Flash Player is prone to an unspecified remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the user running the affected applications. Failed exploit attempts will likely cause a denial-of-service condition. The following versions are affected: Adobe Flash Player 19.0.0.207 and prior. Adobe Flash Player 11.2.202.535 and prior 11.x versions. Adobe Flash Player 18.0.0.252 and prior 18.x versions. Note: This issue was previously titled ‘Adobe Flash Player CVE-2015-7645 Unspecified Remote Code Execution Vulnerability’. The title and technical details have been changed to better reflect the underlying component affected.
Block external access at the network boundary, unless external parties require service.
Filter access to the affected computer at the network boundary if global access isn’t needed. Restricting access to only trusted computers and networks might greatly reduce the likelihood of a successful exploit.
Deploy network intrusion detection systems to monitor network traffic for malicious activity.
Deploy NIDS to detect and block attacks and anomalous activity such as requests containing suspicious URI sequences. Since the webserver may log such requests, review its logs regularly.
Set web browser security to disable the execution of script code or active content.
Since a successful exploit of this issue allows malicious code to execute in web clients, consider disabling support for script code and active content within the client browser. Note that this mitigation tactic might adversely affect legitimate websites that rely on the execution of browser-based script code.
Currently, we are not aware of any vendor-supplied patches. If you feel we are in error or are aware of more recent information, please mail us at: http://.