Code execution vulnerabilities in Adobe Flash Player and AIR

Description

Type confusion, integer overflow, use-after-free and memory corruption vulnerabilities were found in Adobe products. By exploiting these vulnerabilities malicious users can cause denial of service or execute arbitrary code. These vulnerabilities can be exploited remotely via an unknown vectors.

---

Technical details

Exploit for some of these vulnerabilities is being used in limited targeted attacks.

Original advisories

• Adobe Security bulletin

Exploitation

Public exploits exist for this vulnerability.

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Related products

• Adobe-Flash-Player-ActiveX
• Adobe-AIR
• Adobe-Flash-Player-NPAPI
• Adobe-Flash-Player-PPAPI

CVE list

• CVE-2015-8634
  critical
• CVE-2015-8460
  critical
• CVE-2015-8641
  critical
• CVE-2015-8640
  critical
• CVE-2015-8643
  critical
• CVE-2015-8642
  critical
• CVE-2015-8636
  critical
• CVE-2015-8635
  critical
• CVE-2015-8639
  critical
• CVE-2015-8638
  critical
• CVE-2015-8644
  critical
• CVE-2015-8645
  critical
• CVE-2015-8459
  critical
• CVE-2015-8650
  critical
• CVE-2015-8651
  critical
• CVE-2015-8646
  critical
• CVE-2015-8647
  critical
• CVE-2015-8648
  critical
• CVE-2015-8649
  critical

Read more

Find out the statistics of the vulnerabilities spreading in your region on statistics.securelist.com