Kaspersky Threats

Detect date

?

07/08/2015

Severity

?

Critical

Description

Multiple critical vulnerabilities have been found in Adobe products. Malicious users can exploit these vulnerabilities to bypass security restrictions, cause denial of service, execute arbitrary code or obtain sensitive information.

Below is a complete list of vulnerabilities

Improper memory randomization can be exploited remotely via an unknown vectors related to Windows 7 x64 system;
Heap based buffer overflow, null pointer dereference, type confusion and use-after-free vulnerabilities can be exploited remotely via an unknown vectors.

Affected products

Adobe Flash Player versions earlier than 18.0.0.203
Adobe Flash Player ESR versions earlier than 13.0.0.302
Adobe Flash Player for Linux versions earlier than 11.2.202.481
Adobe AIR 18.0.0.180

Solution

Update to the latest version
Get Adobe Flash Player
Get Adobe AIR

Original advisories

Adobe bulletin

Impacts

?

ACE

[?]

OSI

[?]

DoS

[?]

SB

[?]

PE

[?]

Related products

Adobe Flash Player ActiveX
Adobe AIR
Adobe Flash Player NPAPI
Adobe Flash Player PPAPI

CVE-IDS

?

Exploitation

The following public exploits exists for this vulnerability:

https://www.exploit-db.com/exploits/37848

https://www.exploit-db.com/exploits/37851

https://www.exploit-db.com/exploits/37849

https://www.exploit-db.com/exploits/37862

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Detect date ?	07/08/2015
Severity ?	Critical
Description	Multiple critical vulnerabilities have been found in Adobe products. Malicious users can exploit these vulnerabilities to bypass security restrictions, cause denial of service, execute arbitrary code or obtain sensitive information. Below is a complete list of vulnerabilities Improper memory randomization can be exploited remotely via an unknown vectors related to Windows 7 x64 system; Heap based buffer overflow, null pointer dereference, type confusion and use-after-free vulnerabilities can be exploited remotely via an unknown vectors.
Affected products	Adobe Flash Player versions earlier than 18.0.0.203 Adobe Flash Player ESR versions earlier than 13.0.0.302 Adobe Flash Player for Linux versions earlier than 11.2.202.481 Adobe AIR 18.0.0.180
Solution	Update to the latest version Get Adobe Flash Player Get Adobe AIR
Original advisories	Adobe bulletin
Impacts ?	ACE [?] OSI [?] DoS [?] SB [?] PE [?]
Related products	Adobe Flash Player ActiveX Adobe AIR Adobe Flash Player NPAPI Adobe Flash Player PPAPI
CVE-IDS ?	CVE-2015-30975.0Critical CVE-2015-311810.0Critical CVE-2015-313710.0Critical CVE-2015-311910.0Critical CVE-2015-443310.0Critical CVE-2015-443210.0Critical CVE-2015-443110.0Critical CVE-2015-443010.0Critical CVE-2015-312110.0Critical CVE-2015-511810.0Critical CVE-2015-511710.0Critical CVE-2015-51165.0Critical CVE-2015-313510.0Critical CVE-2015-511910.0Critical CVE-2015-312310.0Critical CVE-2015-312410.0Critical CVE-2015-442910.0Critical CVE-2015-442810.0Critical CVE-2015-312010.0Critical CVE-2015-311710.0Critical CVE-2015-512410.0Critical CVE-2015-31155.0Critical CVE-2015-31165.0Critical CVE-2015-312210.0Critical CVE-2015-313410.0Critical CVE-2015-313310.0Critical CVE-2015-31145.0Critical CVE-2014-05785.0Critical CVE-2015-312810.0Critical CVE-2015-312710.0Critical CVE-2015-313610.0Critical CVE-2015-31255.0Critical CVE-2015-313210.0Critical CVE-2015-313110.0Critical CVE-2015-313010.0Critical CVE-2015-312910.0Critical CVE-2015-31267.5Critical
Exploitation	The following public exploits exists for this vulnerability: https://www.exploit-db.com/exploits/37848 https://www.exploit-db.com/exploits/37851 https://www.exploit-db.com/exploits/37849 https://www.exploit-db.com/exploits/37862 Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

KLA10623Multiple vulnerabilities in Adobe products

KLA10623
Multiple vulnerabilities in Adobe products