Adobe Flash Player and air aslr Security Restriction Bypass Vulnerability

Adobe Flash Player and air aslr Security Restriction Bypass Vulnerability
Adobe Flash Player and air aslr Security Restriction Bypass Vulnerability

Release date:
Updated on:

Affected Systems:

Adobe Flash Player < 13.0.0.289
Adobe Flash Player < 11.2.202.460
Adobe Flash Player 14.x-17.x
Adobe AIR < 17.0.0.172

Description:

Bugtraq id: 74613
CVE (CAN) ID: CVE-2015-3091, CVE-2015-3092

Adobe Flash Player is an integrated multimedia Player. Adobe AIR is a technology developed based on the combination of network and desktop applications. It can control cloud programs on the network without having to use a browser.

Adobe Flash Player and AIR do not properly restrict access to memory addresses. Therefore, there is a security restriction bypass vulnerability. Attackers can exploit this vulnerability to bypass the ASLR protection mechanism.

<* Source: Jihui Lu

Link: https://helpx.adobe.com/security/products/flash-player/apsb15-09.html
*>

Suggestion:

Vendor patch:

Adobe
-----
Adobe has released a Security Bulletin (apsb15-09) and patches for this:
Apsb15-09: Security updates available for Adobe Flash Player
Link: https://helpx.adobe.com/security/products/flash-player/apsb15-09.html

Patch download:

Http://www.adobe.com/go/getflash
Http://helpx.adobe.com/flash-player/kb/archived-flash-player-versions.html

This article permanently updates the link address: