Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Flash Player < 19.0.0.226 RCE (APSB15-27) (Pawn Storm)

High

Synopsis

The remote host is running an outdated version of Adobe Flash Player for Internet Explorer that is affected by multiple remote code execution vulnerabilities.

Description

Versions of Adobe Flash Player prior to 19.0.0.226 are unpatched for the following vulnerabilities :

- A type confusion flaw is triggered when handling the 'IExternalizable.writeExternal()' method. (CVE-2015-7645) - Two unspecified type confusion flaws may lead to arbitrary code execution. (CVE-2015-7647, CVE-2015-7648)

These flaws may allow a context-dependent attacker to potentially execute arbitrary code. Successful exploitation could result in a crash or potentially allowing an attacker to take control of the affected system.

Solution

Upgrade to Adobe Flash Player version 19.0.0.226 or later. If 19.x cannot be obtained, ESR version 18.0.0.255 has also been patched for these vulnerabilities.