Vulnerabilities > CVE-2015-5561 - Use After Free Remote Code Execution vulnerability in Adobe Flash Player and AIR APSB15-19

047910
CVSS 10.0 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
network
low complexity
adobe
apple
microsoft
linux
critical
nessus
exploit available

Summary

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linux, Adobe AIR before 18.0.0.199, Adobe AIR SDK before 18.0.0.199, and Adobe AIR SDK & Compiler before 18.0.0.199 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-5127, CVE-2015-5130, CVE-2015-5134, CVE-2015-5539, CVE-2015-5540, CVE-2015-5550, CVE-2015-5551, CVE-2015-5556, CVE-2015-5557, CVE-2015-5559, CVE-2015-5563, CVE-2015-5564, and CVE-2015-5565. <a href="http://cwe.mitre.org/data/definitions/416.html">CWE-416: Use After Free</a>

Vulnerable Configurations

Part Description Count
Application
Adobe
402
OS
Apple
1
OS
Microsoft
1
OS
Linux
1

Exploit-Db

descriptionAdobe Flash AS2 Use-After-Free in TextField.filters. CVE-2015-5561. Dos exploit for windows platform
idEDB-ID:37883
last seen2016-02-04
modified2015-08-19
published2015-08-19
reporterbilou
sourcehttps://www.exploit-db.com/download/37883/
titleAdobe Flash AS2 Use-After-Free in TextField.filters

Nessus

  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2015-1603.NASL
    descriptionAn updated Adobe Flash Player package that fixes multiple security issues is now available for Red Hat Enterprise Linux 5 and 6 Supplementary. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities are detailed in the Adobe Security Bulletin APSB15-19 listed in the References section. Multiple flaws were found in the way flash-plugin displayed certain SWF content. An attacker could use these flaws to create a specially crafted SWF file that would cause flash-plugin to crash or, potentially, execute arbitrary code when the victim loaded a page containing the malicious SWF content. (CVE-2015-5127, CVE-2015-5128, CVE-2015-5129, CVE-2015-5130, CVE-2015-5131, CVE-2015-5132, CVE-2015-5133, CVE-2015-5134, CVE-2015-5539, CVE-2015-5540, CVE-2015-5541, CVE-2015-5544, CVE-2015-5545, CVE-2015-5546, CVE-2015-5547, CVE-2015-5548, CVE-2015-5549, CVE-2015-5550, CVE-2015-5551, CVE-2015-5552, CVE-2015-5553, CVE-2015-5554, CVE-2015-5555, CVE-2015-5556, CVE-2015-5557, CVE-2015-5558, CVE-2015-5559, CVE-2015-5560, CVE-2015-5561, CVE-2015-5562, CVE-2015-5563, CVE-2015-5564) All users of Adobe Flash Player should install this updated package, which upgrades Flash Player to version 11.2.202.508.
    last seen2020-06-01
    modified2020-06-02
    plugin id85372
    published2015-08-13
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/85372
    titleRHEL 5 / 6 : flash-plugin (RHSA-2015:1603)
  • NASL familyWindows
    NASL idSMB_KB3087916.NASL
    descriptionThe remote Windows host is missing KB3087916. It is, therefore, affected by multiple remote code execution vulnerabilities : - Multiple type confusion errors exist that allow an attacker to execute arbitrary code. (CVE-2015-5128, CVE-2015-5554, CVE-2015-5555, CVE-2015-5558, CVE-2015-5562) - An unspecified vulnerability exists related to vector length corruptions. (CVE-2015-5125) - Multiple user-after-free errors exist that allow an attacker to execute arbitrary code. (CVE-2015-5550, CVE-2015-5551, CVE-2015-3107, CVE-2015-5556, CVE-2015-5130, CVE-2015-5134, CVE-2015-5539, CVE-2015-5540, CVE-2015-5557, CVE-2015-5559, CVE-2015-5127, CVE-2015-5563, CVE-2015-5561, CVE-2015-5564, CVE-2015-5565, CVE-2015-5566) - Multiple heap buffer overflow conditions exist that allow an attacker to execute arbitrary code. (CVE-2015-5129, CVE-2015-5541) - Multiple buffer overflow conditions exist that allow an attacker to execute arbitrary code. (CVE-2015-5131, CVE-2015-5132, CVE-2015-5133) - Multiple memory corruption issues exist that allow an attacker to execute arbitrary code. (CVE-2015-5544, CVE-2015-5545, CVE-2015-5546, CVE-2015-5547, CVE-2015-5548, CVE-2015-5549, CVE-2015-5552, CVE-2015-5553) - An integer overflow condition exists that allows an attacker to execute arbitrary code. (CVE-2015-5560)
    last seen2020-06-01
    modified2020-06-02
    plugin id85329
    published2015-08-11
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/85329
    titleMS KB3087916: Update for Vulnerabilities in Adobe Flash Player in Internet Explorer
  • NASL familyWindows
    NASL idGOOGLE_CHROME_44_0_2403_155.NASL
    descriptionThe version of Google Chrome installed on the remote Windows host is prior to 44.0.2403.155. It is, therefore, affected by multiple vulnerabilities : - Multiple type confusion errors exist that allow an attacker to execute arbitrary code. (CVE-2015-5128, CVE-2015-5554, CVE-2015-5555, CVE-2015-5558, CVE-2015-5562) - An unspecified vulnerability exists related to vector length corruptions. (CVE-2015-5125) - Multiple user-after-free errors exist that allow an attacker to execute arbitrary code. (CVE-2015-5550, CVE-2015-5551, CVE-2015-3107, CVE-2015-5556, CVE-2015-5130, CVE-2015-5134, CVE-2015-5539, CVE-2015-5540, CVE-2015-5557, CVE-2015-5559, CVE-2015-5127, CVE-2015-5563, CVE-2015-5561, CVE-2015-5564, CVE-2015-5565, CVE-2015-5566) - Multiple heap buffer overflow conditions exist that allow an attacker to execute arbitrary code. (CVE-2015-5129, CVE-2015-5541) - Multiple buffer overflow conditions exist that allow an attacker to execute arbitrary code. (CVE-2015-5131, CVE-2015-5132, CVE-2015-5133) - Multiple memory corruption issues exist that allow an attacker to execute arbitrary code. (CVE-2015-5544, CVE-2015-5545, CVE-2015-5546, CVE-2015-5547, CVE-2015-5548, CVE-2015-5549, CVE-2015-5552, CVE-2015-5553) - An integer overflow condition exists that allows an attacker to execute arbitrary code. (CVE-2015-5560)
    last seen2020-06-01
    modified2020-06-02
    plugin id85567
    published2015-08-20
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/85567
    titleGoogle Chrome < 44.0.2403.155 Multiple Vulnerabilities
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201508-01.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201508-01 (Adobe Flash Player: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Adobe Flash Player. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could possibly execute arbitrary code with the privileges of the process, cause a Denial of Service condition, obtain sensitive information, or bypass security restrictions. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id86089
    published2015-09-23
    reporterThis script is Copyright (C) 2015-2016 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/86089
    titleGLSA-201508-01 : Adobe Flash Player: Multiple vulnerabilities
  • NASL familyWindows
    NASL idADOBE_AIR_APSB15-19.NASL
    descriptionAccording to its version, the installation of Adobe AIR on the remote Windows host is equal or prior to 18.0.0.180. It is, therefore, affected by multiple vulnerabilities : - Multiple type confusion errors exist that allow an attacker to execute arbitrary code. (CVE-2015-5128, CVE-2015-5554, CVE-2015-5555, CVE-2015-5558, CVE-2015-5562) - An unspecified vulnerability exists related to vector length corruptions. (CVE-2015-5125) - Multiple user-after-free errors exist that allow an attacker to execute arbitrary code. (CVE-2015-5550, CVE-2015-5551, CVE-2015-3107, CVE-2015-5556, CVE-2015-5130, CVE-2015-5134, CVE-2015-5539, CVE-2015-5540, CVE-2015-5557, CVE-2015-5559, CVE-2015-5127, CVE-2015-5563, CVE-2015-5561, CVE-2015-5564, CVE-2015-5565, CVE-2015-5566) - Multiple heap buffer overflow conditions exist that allow an attacker to execute arbitrary code. (CVE-2015-5129, CVE-2015-5541) - Multiple buffer overflow conditions exist that allow an attacker to execute arbitrary code. (CVE-2015-5131, CVE-2015-5132, CVE-2015-5133) - Multiple memory corruption issues exist that allow an attacker to execute arbitrary code. (CVE-2015-5544, CVE-2015-5545, CVE-2015-5546, CVE-2015-5547, CVE-2015-5548, CVE-2015-5549, CVE-2015-5552, CVE-2015-5553) - An integer overflow condition exists that allows an attacker to execute arbitrary code. (CVE-2015-5560)
    last seen2020-06-01
    modified2020-06-02
    plugin id85325
    published2015-08-11
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/85325
    titleAdobe AIR <= 18.0.0.180 Multiple Vulnerabilities (APSB15-19)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2015-546.NASL
    description - Security update to 11.2.202.508 (bsc#941239) : - APSB15-19: CVE-2015-3107, CVE-2015-5124, CVE-2015-5125, CVE-2015-5127, CVE-2015-5128, CVE-2015-5129, CVE-2015-5130, CVE-2015-5131, CVE-2015-5132, CVE-2015-5133, CVE-2015-5134, CVE-2015-5539, CVE-2015-5540, CVE-2015-5541, CVE-2015-5544, CVE-2015-5545, CVE-2015-5546, CVE-2015-5547, CVE-2015-5548, CVE-2015-5549, CVE-2015-5550, CVE-2015-5551, CVE-2015-5552, CVE-2015-5553, CVE-2015-5554, CVE-2015-5555, CVE-2015-5556, CVE-2015-5557, CVE-2015-5558, CVE-2015-5559, CVE-2015-5560, CVE-2015-5561, CVE-2015-5562, CVE-2015-5563
    last seen2020-06-05
    modified2015-08-17
    plugin id85435
    published2015-08-17
    reporterThis script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/85435
    titleopenSUSE Security Update : flash-player (openSUSE-2015-546)
  • NASL familyWindows
    NASL idFLASH_PLAYER_APSB15-19.NASL
    descriptionThe version of Adobe Flash Player installed on the remote Windows host is equal or prior to version 18.0.0.209. It is, therefore, affected by the following vulnerabilities : - Multiple type confusion errors exist that allow an attacker to execute arbitrary code. (CVE-2015-5128, CVE-2015-5554, CVE-2015-5555, CVE-2015-5558, CVE-2015-5562) - An unspecified vulnerability exists related to vector length corruptions. (CVE-2015-5125) - Multiple user-after-free errors exist that allow an attacker to execute arbitrary code. (CVE-2015-5550, CVE-2015-5551, CVE-2015-3107, CVE-2015-5556, CVE-2015-5130, CVE-2015-5134, CVE-2015-5539, CVE-2015-5540, CVE-2015-5557, CVE-2015-5559, CVE-2015-5127, CVE-2015-5563, CVE-2015-5561, CVE-2015-5564, CVE-2015-5565, CVE-2015-5566) - Multiple heap buffer overflow conditions exist that allow an attacker to execute arbitrary code. (CVE-2015-5129, CVE-2015-5541) - Multiple buffer overflow conditions exist that allow an attacker to execute arbitrary code. (CVE-2015-5131, CVE-2015-5132, CVE-2015-5133) - Multiple memory corruption issues exist that allow an attacker to execute arbitrary code. (CVE-2015-5544, CVE-2015-5545, CVE-2015-5546, CVE-2015-5547, CVE-2015-5548, CVE-2015-5549, CVE-2015-5552, CVE-2015-5553) - An integer overflow condition exists that allows an attacker to execute arbitrary code. (CVE-2015-5560)
    last seen2020-06-01
    modified2020-06-02
    plugin id85326
    published2015-08-11
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/85326
    titleAdobe Flash Player <= 18.0.0.209 Multiple Vulnerabilities (APSB15-19)
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_FLASH_PLAYER_APSB15-19.NASL
    descriptionThe version of Adobe Flash Player installed on the remote Mac OS X host is equal or prior to version 18.0.0.209. It is, therefore, affected by multiple vulnerabilities : - Multiple type confusion errors exist that allow an attacker to execute arbitrary code. (CVE-2015-5128, CVE-2015-5554, CVE-2015-5555, CVE-2015-5558, CVE-2015-5562) - An unspecified vulnerability exists related to vector length corruptions. (CVE-2015-5125) - Multiple user-after-free errors exist that allow an attacker to execute arbitrary code. (CVE-2015-5550, CVE-2015-5551, CVE-2015-3107, CVE-2015-5556, CVE-2015-5130, CVE-2015-5134, CVE-2015-5539, CVE-2015-5540, CVE-2015-5557, CVE-2015-5559, CVE-2015-5127, CVE-2015-5563, CVE-2015-5561, CVE-2015-5564, CVE-2015-5565, CVE-2015-5566) - Multiple heap buffer overflow conditions exist that allow an attacker to execute arbitrary code. (CVE-2015-5129, CVE-2015-5541) - Multiple buffer overflow conditions exist that allow an attacker to execute arbitrary code. (CVE-2015-5131, CVE-2015-5132, CVE-2015-5133) - Multiple memory corruption issues exist that allow an attacker to execute arbitrary code. (CVE-2015-5544, CVE-2015-5545, CVE-2015-5546, CVE-2015-5547, CVE-2015-5548, CVE-2015-5549, CVE-2015-5552, CVE-2015-5553) - An integer overflow condition exists that allows an attacker to execute arbitrary code. (CVE-2015-5560)
    last seen2020-06-01
    modified2020-06-02
    plugin id85328
    published2015-08-11
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/85328
    titleAdobe Flash Player <= 18.0.0.209 Multiple Vulnerabilities (APSB15-19) (Mac OS X)
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_GOOGLE_CHROME_44_0_2403_155.NASL
    descriptionThe version of Google Chrome installed on the remote Mac OS X host is prior to 44.0.2403.155. It is, therefore, affected by multiple vulnerabilities : - Multiple type confusion errors exist that allow an attacker to execute arbitrary code. (CVE-2015-5128, CVE-2015-5554, CVE-2015-5555, CVE-2015-5558, CVE-2015-5562) - An unspecified vulnerability exists related to vector length corruptions. (CVE-2015-5125) - Multiple user-after-free errors exist that allow an attacker to execute arbitrary code. (CVE-2015-5550, CVE-2015-5551, CVE-2015-3107, CVE-2015-5556, CVE-2015-5130, CVE-2015-5134, CVE-2015-5539, CVE-2015-5540, CVE-2015-5557, CVE-2015-5559, CVE-2015-5127, CVE-2015-5563, CVE-2015-5561, CVE-2015-5564, CVE-2015-5565, CVE-2015-5566) - Multiple heap buffer overflow conditions exist that allow an attacker to execute arbitrary code. (CVE-2015-5129, CVE-2015-5541) - Multiple buffer overflow conditions exist that allow an attacker to execute arbitrary code. (CVE-2015-5131, CVE-2015-5132, CVE-2015-5133) - Multiple memory corruption issues exist that allow an attacker to execute arbitrary code. (CVE-2015-5544, CVE-2015-5545, CVE-2015-5546, CVE-2015-5547, CVE-2015-5548, CVE-2015-5549, CVE-2015-5552, CVE-2015-5553) - An integer overflow condition exists that allows an attacker to execute arbitrary code. (CVE-2015-5560)
    last seen2020-06-01
    modified2020-06-02
    plugin id85568
    published2015-08-20
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/85568
    titleGoogle Chrome < 44.0.2403.155 Multiple Vulnerabilities (Mac OS X)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2015-1373-1.NASL
    descriptionThis security update to 11.2.202.508 (bsc#941239) fixes the following issues : - APSB15-19: CVE-2015-3107, CVE-2015-5124, CVE-2015-5125, CVE-2015-5127, CVE-2015-5128, CVE-2015-5129, CVE-2015-5130, CVE-2015-5131, CVE-2015-5132, CVE-2015-5133, CVE-2015-5134, CVE-2015-5539, CVE-2015-5540, CVE-2015-5541, CVE-2015-5544, CVE-2015-5545, CVE-2015-5546, CVE-2015-5547, CVE-2015-5548, CVE-2015-5549, CVE-2015-5550, CVE-2015-5551, CVE-2015-5552, CVE-2015-5553, CVE-2015-5554, CVE-2015-5555, CVE-2015-5556, CVE-2015-5557, CVE-2015-5558, CVE-2015-5559, CVE-2015-5560, CVE-2015-5561, CVE-2015-5562, CVE-2015-5563 Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id85377
    published2015-08-13
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/85377
    titleSUSE SLED11 Security Update : flash-player (SUSE-SU-2015:1373-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2015-1374-1.NASL
    descriptionThis security update to 11.2.202.508 (bsc#941239) fixes the following issues : - APSB15-19: CVE-2015-3107, CVE-2015-5124, CVE-2015-5125, CVE-2015-5127, CVE-2015-5128, CVE-2015-5129, CVE-2015-5130, CVE-2015-5131, CVE-2015-5132, CVE-2015-5133, CVE-2015-5134, CVE-2015-5539, CVE-2015-5540, CVE-2015-5541, CVE-2015-5544, CVE-2015-5545, CVE-2015-5546, CVE-2015-5547, CVE-2015-5548, CVE-2015-5549, CVE-2015-5550, CVE-2015-5551, CVE-2015-5552, CVE-2015-5553, CVE-2015-5554, CVE-2015-5555, CVE-2015-5556, CVE-2015-5557, CVE-2015-5558, CVE-2015-5559, CVE-2015-5560, CVE-2015-5561, CVE-2015-5562, CVE-2015-5563 Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id85378
    published2015-08-13
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/85378
    titleSUSE SLED12 Security Update : flash-player (SUSE-SU-2015:1374-1)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2015-545.NASL
    descriptionSecurity update to 11.2.202.508 (bsc#941239) : - APSB15-19: CVE-2015-3107, CVE-2015-5124, CVE-2015-5125, CVE-2015-5127, CVE-2015-5128, CVE-2015-5129, CVE-2015-5130, CVE-2015-5131, CVE-2015-5132, CVE-2015-5133, CVE-2015-5134, CVE-2015-5539, CVE-2015-5540, CVE-2015-5541, CVE-2015-5544, CVE-2015-5545, CVE-2015-5546, CVE-2015-5547, CVE-2015-5548, CVE-2015-5549, CVE-2015-5550, CVE-2015-5551, CVE-2015-5552, CVE-2015-5553, CVE-2015-5554, CVE-2015-5555, CVE-2015-5556, CVE-2015-5557, CVE-2015-5558, CVE-2015-5559, CVE-2015-5560, CVE-2015-5561, CVE-2015-5562, CVE-2015-5563
    last seen2020-06-05
    modified2015-08-17
    plugin id85434
    published2015-08-17
    reporterThis script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/85434
    titleopenSUSE Security Update : flash-player (openSUSE-2015-545)
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_ADOBE_AIR_APSB15-19.NASL
    descriptionAccording to its version, the installation of Adobe AIR on the remote Mac OS X host is equal or prior to 18.0.0.180. It is, therefore, affected by multiple vulnerabilities : - Multiple type confusion errors exist that allow an attacker to execute arbitrary code. (CVE-2015-5128, CVE-2015-5554, CVE-2015-5555, CVE-2015-5558, CVE-2015-5562) - An unspecified vulnerability exists related to vector length corruptions. (CVE-2015-5125) - Multiple user-after-free errors exist that allow an attacker to execute arbitrary code. (CVE-2015-5550, CVE-2015-5551, CVE-2015-3107, CVE-2015-5556, CVE-2015-5130, CVE-2015-5134, CVE-2015-5539, CVE-2015-5540, CVE-2015-5557, CVE-2015-5559, CVE-2015-5127, CVE-2015-5563, CVE-2015-5561, CVE-2015-5564, CVE-2015-5565, CVE-2015-5566) - Multiple heap buffer overflow conditions exist that allow an attacker to execute arbitrary code. (CVE-2015-5129, CVE-2015-5541) - Multiple buffer overflow conditions exist that allow an attacker to execute arbitrary code. (CVE-2015-5131, CVE-2015-5132, CVE-2015-5133) - Multiple memory corruption issues exist that allow an attacker to execute arbitrary code. (CVE-2015-5544, CVE-2015-5545, CVE-2015-5546, CVE-2015-5547, CVE-2015-5548, CVE-2015-5549, CVE-2015-5552, CVE-2015-5553) - An integer overflow condition exists that allows an attacker to execute arbitrary code. (CVE-2015-5560)
    last seen2020-06-01
    modified2020-06-02
    plugin id85327
    published2015-08-11
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/85327
    titleAdobe AIR for Mac <= 18.0.0.180 Multiple Vulnerabilities (APSB15-16)
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_F3778328D2884B3986A465877331EAF7.NASL
    descriptionAdobe reports : Adobe has released security updates for Adobe Flash Player. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system. These updates resolve type confusion vulnerabilities that could lead to code execution (CVE-2015-5128, CVE-2015-5554, CVE-2015-5555, CVE-2015-5558, CVE-2015-5562). These updates include further hardening to a mitigation introduced in version 18.0.0.209 to defend against vector length corruptions (CVE-2015-5125). These updates resolve use-after-free vulnerabilities that could lead to code execution (CVE-2015-5550, CVE-2015-5551, CVE-2015-3107, CVE-2015-5556, CVE-2015-5130, CVE-2015-5134, CVE-2015-5539, CVE-2015-5540, CVE-2015-5557, CVE-2015-5559, CVE-2015-5127, CVE-2015-5563, CVE-2015-5561, CVE-2015-5124, CVE-2015-5564). These updates resolve heap buffer overflow vulnerabilities that could lead to code execution (CVE-2015-5129, CVE-2015-5541). These updates resolve buffer overflow vulnerabilities that could lead to code execution (CVE-2015-5131, CVE-2015-5132, CVE-2015-5133). These updates resolve memory corruption vulnerabilities that could lead to code execution (CVE-2015-5544, CVE-2015-5545, CVE-2015-5546, CVE-2015-5547, CVE-2015-5548, CVE-2015-5549, CVE-2015-5552, CVE-2015-5553). These updates resolve an integer overflow vulnerability that could lead to code execution (CVE-2015-5560).
    last seen2020-06-01
    modified2020-06-02
    plugin id85370
    published2015-08-13
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/85370
    titleFreeBSD : Adobe Flash Player -- critical vulnerabilities (f3778328-d288-4b39-86a4-65877331eaf7)

Packetstorm

data sourcehttps://packetstormsecurity.com/files/download/133162/flashas2-uaf.txt
idPACKETSTORM:133162
last seen2016-12-05
published2015-08-19
reporterbilou
sourcehttps://packetstormsecurity.com/files/133162/Adobe-Flash-AS2-Use-After-Free-In-TextField.filters.html
titleAdobe Flash AS2 Use-After-Free In TextField.filters

Redhat

advisories
rhsa
idRHSA-2015:1603
rpms
  • flash-plugin-0:11.2.202.508-1.el5
  • flash-plugin-0:11.2.202.508-1.el6_7