Kaspersky ID:
KLA10711
Detect Date:
12/08/2015
Updated:
09/26/2023

Description

Multiple serious vulnerabilities have been found in Adobe products. Malicious users can exploit these vulnerabilities to cause denial of service, bypass security restrictions or execute arbitrary code.

Below is a complete list of vulnerabilities

  1. An unknown vulnerability can be exploited remotely to cause denial of service;
  2. Use-after-free, stack based buffer overflow and buffer overflow can be exploited remotely to execute arbitrary code;
  3. An unknown vulnerability can be exploited remotely to bypass security restrictions;
  4. Heap-based buffer overflow can be exploited remotely via a specially designed XML to execute arbitrary code;
  5. Improper SharedObject implementation can be exploited remotely to execute arbitrary code;
  6. Integer overflow at Shader filter can be exploited remotely via a specially designed BitmapData object to execute arbitrary code.

Technical details

Vulnerability (4) related to toString call.

Vulnerability (5) can be triggered via leveraging type confusion during getRemote call.

Vulnerability (6) can be exploited via large BitmapData.
To update Adobe Flash Player ActiveX (detected as Flash.ocx) on Windows 8 and higher, install latest updates from Control Panel

Original advisories

Exploitation

Public exploits exist for this vulnerability.

Related products

CVE list

  • CVE-2015-8050
    critical
  • CVE-2015-8442
    critical
  • CVE-2015-8064
    critical
  • CVE-2015-8065
    critical
  • CVE-2015-8069
    critical
  • CVE-2015-8068
    critical
  • CVE-2015-8067
    critical
  • CVE-2015-8066
    critical
  • CVE-2015-8402
    critical
  • CVE-2015-8401
    critical
  • CVE-2015-8071
    critical
  • CVE-2015-8070
    critical
  • CVE-2015-8404
    critical
  • CVE-2015-8403
    critical
  • CVE-2015-8047
    critical
  • CVE-2015-8045
    critical
  • CVE-2015-8049
    critical
  • CVE-2015-8048
    critical
  • CVE-2015-8443
    critical
  • CVE-2015-8444
    critical
  • CVE-2015-8428
    critical
  • CVE-2015-8439
    critical
  • CVE-2015-8440
    critical
  • CVE-2015-8441
    critical
  • CVE-2015-8456
    critical
  • CVE-2015-8435
    critical
  • CVE-2015-8436
    critical
  • CVE-2015-8437
    critical
  • CVE-2015-8438
    critical
  • CVE-2015-8431
    critical
  • CVE-2015-8424
    critical
  • CVE-2015-8423
    critical
  • CVE-2015-8420
    critical
  • CVE-2015-8419
    critical
  • CVE-2015-8422
    critical
  • CVE-2015-8421
    critical
  • CVE-2015-8416
    critical
  • CVE-2015-8415
    critical
  • CVE-2015-8418
    critical
  • CVE-2015-8417
    critical
  • CVE-2015-8062
    critical
  • CVE-2015-8405
    critical
  • CVE-2015-8406
    critical
  • CVE-2015-8407
    critical
  • CVE-2015-8408
    critical
  • CVE-2015-8409
    critical
  • CVE-2015-8410
    critical
  • CVE-2015-8411
    critical
  • CVE-2015-8412
    critical
  • CVE-2015-8413
    critical
  • CVE-2015-8414
    critical
  • CVE-2015-8060
    critical
  • CVE-2015-8061
    critical
  • CVE-2015-8058
    critical
  • CVE-2015-8059
    critical
  • CVE-2015-8063
    critical
  • CVE-2015-8057
    critical
  • CVE-2015-8055
    critical
  • CVE-2015-8454
    critical
  • CVE-2015-8453
    warning
  • CVE-2015-8452
    critical
  • CVE-2015-8451
    critical
  • CVE-2015-8450
    critical
  • CVE-2015-8449
    critical
  • CVE-2015-8448
    critical
  • CVE-2015-8447
    critical
  • CVE-2015-8446
    critical
  • CVE-2015-8445
    critical
  • CVE-2015-8427
    critical
  • CVE-2015-8457
    critical
  • CVE-2015-8425
    critical
  • CVE-2015-8426
    critical
  • CVE-2015-8056
    critical
  • CVE-2015-8432
    critical
  • CVE-2015-8429
    critical
  • CVE-2015-8430
    critical
  • CVE-2015-8433
    critical
  • CVE-2015-8434
    critical
  • CVE-2015-8455
    critical

Read more

Find out the statistics of the vulnerabilities spreading in your region on statistics.securelist.com

Found an inaccuracy in the description of this vulnerability? Let us know!
Kaspersky IT Security Calculator
Calculate
Check now
Learn more about cybersecurity on Kaspersky Encyclopedia
For free
Learn more
Confirm changes?
Your message has been sent successfully.