Announcement Announcement Module
Collapse
No announcement yet.
Multiple Vulnerabilities in Adobe Flash Player and Adobe AIR Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Multiple Vulnerabilities in Adobe Flash Player and Adobe AIR

    Multiple Vulnerabilities in Adobe Flash Player and Adobe AIR


    Severity Rating: HIGH

    Component Affected

    Adobe Flash Player 12.0.0.77 and earlier versions for Windows and Macintosh
    Adobe Flash Player 11.2.202.346 and earlier versions for Linux
    Adobe AIR 4.0.0.1628 and earlier versions for Android
    Adobe AIR 4.0.0.1628 SDK and earlier versions
    Adobe AIR 4.0.0.1628 SDK & Compiler and earlier versions
    Overview

    Multiple vulnerabilities have been reported in Adobe Flash Player and Adobe AIR which could be exploited by remote attackers to disclose sensitive information, execute arbitrary code and take complete control of the affected system.
    Description

    1. Use-after-free vulnerability

    This issue occurs due to an use-after-free vulnerability in Adobe Flash Player and Adobe AIR. A remote attacker could exploit this vulnerability to execute arbitrary code and bypass Internet Explorer sandbox protection mechanism. Successful exploitation could allow remote attacks to take complete control of the target system.

    2. Buffer Overflow Vulnerability

    This vulnerability occurs due to a buffer overflow error in Adobe Flash Player and Adobe AIR. A remote attacker could exploit this vulnerability by enticing users to open a specially crafted Flash content. Successful exploitation of this vulnerability could result in execution of arbitrary code and complete system compromise.

    3. Information Disclosure Vulnerability

    A security bypass vulnerability has been reported in Adobe Flash Player and Adobe AIR, which could allow a remote attacker to bypass intended access restrictions and obtain potentially sensitive information. A remote attacker could exploit this vulnerability by enticing users to open a specially crafted Flash content.

    4. Cross-Site scripting Vulnerability

    A Cross-site scripting (XSS) vulnerability has been reported in Adobe Flash Player and Adobe AIR which could allow remote attackers to inject arbitrary web script or HTML code. Successful exploitation of this vulnerability could allow an unauthenticated remote attacker to access the target users cookies, including authentication cookies, access recently submitted form data and take actions on the site on behalf of target user.


    Solution

    Apply appropriate updates as mentioned in APSB14-09 http://helpx.adobe.com/security/prod...apsb14-09.html

    Vendor Information

    Adobe
    http://helpx.adobe.com/security/prod...apsb14-09.html


    References

    Secunia
    http://secunia.com/advisories/57679/


    Secure List
    http://www.securelist.com/en/advisories/57679


    Security Tracker
    http://securitytracker.com/id/1030035

  • #2
    Multiple Vulnerabilities in Adobe Flash Player and Adobe AIR

    Severity Rating: High

    Components Affected
    • Adobe Flash Player 13.0.0.214 and earlier versions for Windows and Macintosh
    • Adobe Flash Player 11.2.202.359 and earlier versions for Linux
    • Adobe AIR 13.0.0.111 SDK and earlier versions
    • Adobe AIR 13.0.0.111 SDK & Compiler and earlier versions
    • Adobe AIR 13.0.0.111 and earlier versions for Android
    • Adobe AIR 13.0.0.111 and earlier versions for Windows and Macintosh

    Overview
    Multiple vulnerabilities have been reported in Adobe Flash Player and Adobe AIR which could be exploited by remote attackers to conduct cross-site scripting attacks, bypass certain security restrictions or execute arbitrary code on the targeted system.

    Description
    1. Cross-Site scripting Vulnerabilities These vulnerabilities have been reported in Adobe Flash Player and Adobe AIR.
    An unauthenticated remote attacker could exploit these vulnerabilities by enticing a user to visit a malicious webpage and load a specially crafted flash content.
    Successful exploitation of these vulnerabilities allows an attacker to conduct cross-site scripting(XSS) attacks on the targeted system.


    2. Security Bypass Vulnerabilities
    These vulnerabilities exists in Adobe Flash Player and Adobe AIR due to an unspecified error in “Security Control Handler” component.
    A remote attacker could exploit this vulnerability to bypass security restrictions when a file with specially crafted content is viewed in a browser.

    3. Memory Corruption Vulnerability
    This vulnerability occurs due to an unspecified memory corruption flaw in Adobe Flash Player and Adobe AIR.
    A remote attacker could exploit this vulnerability by creating specially crafted content that, when loaded by the target user, will trigger a memory corruption resulting in execution of arbitrary code on the system with the privileges of the victim or cause the application to crash.


    Solution
    Apply appropriate updates as mentioned in APSB14-16

    Vendor Information

    Adobe
    https://helpx.adobe.com/security/pro...apsb14-16.html

    References
    Secure List
    http://www.securelist.com/en/advisories/58465

    Security Tracker
    http://www.securitytracker.com/id/1030368

    Cisco
    http://tools.cisco.com/security/cent...?alertId=34579

    Comment

    Working...
    X