Multiple vulnerabilities in Adobe Flash Player & AIR

Description

Multiple serious vulnerabilities have been found in Adobe Flash Player & AIR. Malicious users can exploit these vulnerabilities to cause denial of service, bypass security restrictions or execute arbitrary code.

Below is a complete list of vulnerabilities

1. An unknown vulnerability can be exploited to execute arbitrary code or bypass same origin policy via a specially designed Loader object and other unknown vectors;
2. Improper API implementation can be exploited via an unknown vectors.

---

Technical details

(1) can be exploited via a Loader object with specially designed loaderBytes property.

Original advisories

• Adobe bulletin

Exploitation

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Related products

• Adobe-Flash-Player-ActiveX
• Adobe-AIR
• Adobe-Flash-Player-NPAPI
• Adobe-Flash-Player-PPAPI

CVE list

• CVE-2015-7627
  critical
• CVE-2015-7628
  critical
• CVE-2015-7637
  critical
• CVE-2015-7636
  critical
• CVE-2015-7644
  critical
• CVE-2015-7635
  critical
• CVE-2015-5569
  critical
• CVE-2015-7625
  critical
• CVE-2015-7626
  critical
• CVE-2015-7630
  critical
• CVE-2015-7629
  critical
• CVE-2015-7643
  critical
• CVE-2015-7631
  critical
• CVE-2015-7641
  critical
• CVE-2015-7633
  critical
• CVE-2015-7639
  critical
• CVE-2015-7640
  critical
• CVE-2015-7638
  critical
• CVE-2015-7634
  critical
• CVE-2015-7632
  critical
• CVE-2015-7642
  critical

Read more

Find out the statistics of the vulnerabilities spreading in your region on statistics.securelist.com