Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Flash Player < RCE (APSB15-27) (Pawn Storm)



The remote host is running an outdated version of Adobe Flash Player for Internet Explorer that is affected by multiple remote code execution vulnerabilities.


Versions of Adobe Flash Player prior to are unpatched for the following vulnerabilities :

- A type confusion flaw is triggered when handling the 'IExternalizable.writeExternal()' method. (CVE-2015-7645) - Two unspecified type confusion flaws may lead to arbitrary code execution. (CVE-2015-7647, CVE-2015-7648)

These flaws may allow a context-dependent attacker to potentially execute arbitrary code. Successful exploitation could result in a crash or potentially allowing an attacker to take control of the affected system.


Upgrade to Adobe Flash Player version or later. If 19.x cannot be obtained, ESR version has also been patched for these vulnerabilities.