Kaspersky Threats

Description

Multiple serious vulnerabilities have been found in Adobe products. Malicious users can exploit these vulnerabilities to cause denial of service, bypass security restrictions or execute arbitrary code.

Below is a complete list of vulnerabilities

An unknown vulnerability can be exploited remotely to cause denial of service;
Use-after-free, stack based buffer overflow and buffer overflow can be exploited remotely to execute arbitrary code;
An unknown vulnerability can be exploited remotely to bypass security restrictions;
Heap-based buffer overflow can be exploited remotely via a specially designed XML to execute arbitrary code;
Improper SharedObject implementation can be exploited remotely to execute arbitrary code;
Integer overflow at Shader filter can be exploited remotely via a specially designed BitmapData object to execute arbitrary code.

Technical details

Vulnerability (4) related to toString call.

Vulnerability (5) can be triggered via leveraging type confusion during getRemote call.

Vulnerability (6) can be exploited via large BitmapData.
To update Adobe Flash Player ActiveX (detected as Flash.ocx) on Windows 8 and higher, install latest updates from Control Panel

Original advisories

Adobe bulletin

Exploitation

Public exploits exist for this vulnerability.

CVE list

CVE-2015-8050
critical
CVE-2015-8442
critical
CVE-2015-8064
critical
CVE-2015-8065
critical
CVE-2015-8069
critical
CVE-2015-8068
critical
CVE-2015-8067
critical
CVE-2015-8066
critical
CVE-2015-8402
critical
CVE-2015-8401
critical
CVE-2015-8071
critical
CVE-2015-8070
critical
CVE-2015-8404
critical
CVE-2015-8403
critical
CVE-2015-8047
critical
CVE-2015-8045
critical
CVE-2015-8049
critical
CVE-2015-8048
critical
CVE-2015-8443
critical
CVE-2015-8444
critical
CVE-2015-8428
critical
CVE-2015-8439
critical
CVE-2015-8440
critical
CVE-2015-8441
critical
CVE-2015-8456
critical
CVE-2015-8435
critical
CVE-2015-8436
critical
CVE-2015-8437
critical
CVE-2015-8438
critical
CVE-2015-8431
critical
CVE-2015-8424
critical
CVE-2015-8423
critical
CVE-2015-8420
critical
CVE-2015-8419
critical
CVE-2015-8422
critical
CVE-2015-8421
critical
CVE-2015-8416
critical
CVE-2015-8415
critical
CVE-2015-8418
critical
CVE-2015-8417
critical
CVE-2015-8062
critical
CVE-2015-8405
critical
CVE-2015-8406
critical
CVE-2015-8407
critical
CVE-2015-8408
critical
CVE-2015-8409
critical
CVE-2015-8410
critical
CVE-2015-8411
critical
CVE-2015-8412
critical
CVE-2015-8413
critical
CVE-2015-8414
critical
CVE-2015-8060
critical
CVE-2015-8061
critical
CVE-2015-8058
critical
CVE-2015-8059
critical
CVE-2015-8063
critical
CVE-2015-8057
critical
CVE-2015-8055
critical
CVE-2015-8454
critical
CVE-2015-8453
warning
CVE-2015-8452
critical
CVE-2015-8451
critical
CVE-2015-8450
critical
CVE-2015-8449
critical
CVE-2015-8448
critical
CVE-2015-8447
critical
CVE-2015-8446
critical
CVE-2015-8445
critical
CVE-2015-8427
critical
CVE-2015-8457
critical
CVE-2015-8425
critical
CVE-2015-8426
critical
CVE-2015-8056
critical
CVE-2015-8432
critical
CVE-2015-8429
critical
CVE-2015-8430
critical
CVE-2015-8433
critical
CVE-2015-8434
critical
CVE-2015-8455
critical

Find out the statistics of the vulnerabilities spreading in your region on statistics.securelist.com

Found an inaccuracy in the description of this vulnerability? Let us know!

Multiple vulnerabilities in Adobe Flash Player