Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Flash Player < 13.0.0.305 / 18.0.0.209 Multiple RCE (APSB15-18)

High

Synopsis

The remote host is running an outdated version of Adobe Flash Player for Internet Explorer that is affected by multiple remote code execution vulnerabilities.

Description

Versions of Adobe Flash Player prior to 18.0.0.209 are outdated and thus unpatched for the following vulnerabilities :

- A use-after-free error exists in the opaqueBackground class in the ActionScript 3 (AS3) implementation. A remote attacker, via specially crafted Flash content, can dereference already freed memory, resulting in the execution of arbitrary code. (CVE-2015-5122) - A use-after-free error exists in the BitmapData class in the ActionScript 3 (AS3) implementation. A remote attacker, via specially crafted Flash content, can dereference already freed memory, resulting in the execution of arbitrary code. (CVE-2015-5123)

Solution

Upgrade to Adobe Flash Player version 18.0.0.209 or later. If 18.x cannot be obtained, 13.0.0.305 has also been patched for these vulnerabilities.