Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
kasperskyKaspersky LabKLA10574
HistoryMay 12, 2015 - 12:00 a.m.

KLA10574 Multiple vulnerabilities in Adobe Flash Player

2015-05-1200:00:00
Kaspersky Lab
threats.kaspersky.com
44

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

8.2 High

AI Score

Confidence

High

0.974 High

EPSS

Percentile

99.9%

JSON

Multiple serious vulnerabilities have been found in Adobe products. Malicious users can exploit these vulnerabilities to write local files, bypass security restrictions, execute arbitrary code or obtain sensitive information.

Below is a complete list of vulnerabilities

  1. Memory corruption, heap overflow, integer overflow, type confusion, use after free and memory leak can be exploited remotely via an unknown vectors;
  2. Race condition can be exploited remotely via vectors related to Internet Explorer;
  3. Unknown vulnerabilities can be exploited remotely via an unknown vectors.

Original advisories

Adobe bulletin

Exploitation

Public exploits exist for this vulnerability.

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Related products

Adobe-Flash-Player-ActiveX

Adobe-AIR

Adobe-Flash-Player-NPAPI

Adobe-Flash-Player-PPAPI

CVE list

CVE-2015-3044 critical

CVE-2015-3089 critical

CVE-2015-3088 critical

CVE-2015-3084 critical

CVE-2015-3086 critical

CVE-2015-3091 critical

CVE-2015-3078 critical

CVE-2015-3079 critical

CVE-2015-3080 critical

CVE-2015-3081 warning

CVE-2015-3092 critical

CVE-2015-3090 critical

CVE-2015-3087 critical

CVE-2015-3077 critical

CVE-2015-3085 high

CVE-2015-3083 high

CVE-2015-3082 high

CVE-2015-3093 critical

Solution

Update to the latest versionGet AIR

Get Flash Player

Impacts

  • ACE

Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.

  • OSI

Obtain sensitive information. Exploitation of vulnerabilities with this impact can lead to capturing by abuser information, critical for user or system.

  • SB

Security bypass. Exploitation of vulnerabilities with this impact can lead to performing actions restricted by current security settings.

  • WLF

Write Local Files. Exploitation of vulnerabilities with this impact can lead to writing into some inaccessible files. Files that can be read depends on concrete program errors.

Affected Products

  • Adobe Flash Player versions earlier than 17.0.0.188 for OS X and WindowsAdobe Flash Player ESR versions earlier than 13.0.0.289Adobe Flash Player versions earlier than 11.2.202.460 for LinuxAdobe AIR runtime, SDK and Compiler versions earlier than 17.0.0.172

Related

nessus 28
suse 7
freebsd 2
openvas 15
altlinux 4
mageia 2
kaspersky 2
securityvulns 1
redhat 2
gentoo 2
ubuntucve 18
prion 18
cvelist 18
cve 18
nvd 18
checkpoint_advisories 17
hackerone 2
zdt 7
zdi 1
packetstorm 1
metasploit 1
googleprojectzero 2
exploitdb 1
threatpost 1
archlinux 1
nessus
nessus
Google Chrome < 42.0.2311.152 Multiple Vulnerabilities (Mac OS X)
2015-05-12 00:00:00
Google Chrome < 42.0.2311.152 Multiple Vulnerabilities
2015-06-16 00:00:00
MS KB3061904: Update for Vulnerabilities in Adobe Flash Player in Internet Explorer
2015-05-12 00:00:00
suse
suse
Security update for flash-player (important)
2015-05-14 20:04:55
Security update for flash-player (important)
2015-05-19 17:04:53
Security update for flash-player (important)
2015-05-16 00:05:04
freebsd
freebsd
Adobe Flash Player -- critical vulnerabilities
2015-05-12 00:00:00
Adobe Flash Player -- critical vulnerabilities
2015-04-14 00:00:00
openvas
openvas
Adobe Flash Player Multiple Vulnerabilities - 01 (May 2015) - Windows
2015-05-15 00:00:00
Adobe Air Multiple Vulnerabilities - 01 (May 2015) - Windows
2015-05-15 00:00:00
Adobe Flash Player Multiple Vulnerabilities - 01 (May 2015) - Mac OS X
2015-05-15 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 6 package adobe-flash-player version 3:11-alt44
2015-05-15 00:00:00
Security fix for the ALT Linux 7 package adobe-flash-player version 3:11-alt44
2015-05-15 00:00:00
Security fix for the ALT Linux 7 package adobe-flash-player version 3:11-alt43
2015-04-15 00:00:00
mageia
mageia
Updated flash-player-plugin packages fix security vulnerabilities
2015-05-12 22:37:48
Updated flash-player-plugin packages fix security vulnerabilities
2015-04-15 12:01:28
kaspersky
kaspersky
KLA10576 Flash Player update for Google Chrome
2015-05-12 00:00:00
KLA10547 Multiple vulnerabilities in Adobe Flash Player
2015-04-14 00:00:00
securityvulns
securityvulns
Adobe Flash Player multiple security vulnerabilities
2015-05-13 00:00:00
redhat
redhat
(RHSA-2015:1005) Critical: flash-plugin security update
2015-05-13 00:00:00
(RHSA-2015:0813) Critical: flash-plugin security update
2015-04-15 00:00:00
gentoo
gentoo
Adobe Flash Player: Multiple vulnerabilities
2015-05-31 00:00:00
Adobe Flash Player: Multiple vulnerabilities
2015-04-17 00:00:00
ubuntucve
ubuntucve
CVE-2015-3089
2015-05-13 00:00:00
CVE-2015-3093
2015-05-13 00:00:00
CVE-2015-3090
2015-05-13 00:00:00
prion
prion
Memory corruption
2015-05-13 11:00:00
Memory corruption
2015-05-13 11:00:00
Memory corruption
2015-05-13 11:00:00
cvelist
cvelist
CVE-2015-3089
2015-05-13 10:00:00
CVE-2015-3093
2015-05-13 10:00:00
CVE-2015-3090
2015-05-13 10:00:00
cve
cve
CVE-2015-3078
2015-05-13 11:00:11
CVE-2015-3090
2015-05-13 11:00:21
CVE-2015-3093
2015-05-13 11:00:23
nvd
nvd
CVE-2015-3089
2015-05-13 11:00:20
CVE-2015-3090
2015-05-13 11:00:21
CVE-2015-3093
2015-05-13 11:00:23
checkpoint_advisories
checkpoint_advisories
Adobe Flash Player Validation Bypass (APSB15-09: CVE-2015-3085; CVE-2015-3082)
2015-06-02 00:00:00
Adobe Flash Player Memory Leak (APSB15-09: CVE-2015-3091)
2015-06-09 00:00:00
Adobe Flash Player Integer Overflow (APSB15-09: CVE-2015-3087)
2015-06-02 00:00:00
hackerone
hackerone
Internet Bug Bounty: Internet-based attacker can run Flash apps in local sandboxes by using special URL schemes (PSIRT-3299, CVE-2015-3079)
2015-06-30 14:33:56
Internet Bug Bounty: Flash Player information disclosure (etc.) CVE-2015-3044, PSIRT-3298
2015-05-21 19:39:15
zdt
zdt
Flash Player Integer Overflow in Function.apply Exploit
2015-08-19 00:00:00
Flash AVSS.setSubscribedTags Use After Free Memory Corruption Exploit
2015-08-19 00:00:00
Flash Broker-Based Sandbox Escape via Forward Slash Instead of Backslash Exploit
2015-08-19 00:00:00
zdi
zdi
(Pwn2Own) Adobe Flash Player BrokerCreateFile Broker Method Path Traversal Sandbox Escape Vulnerability
2015-05-12 00:00:00
packetstorm
packetstorm
Adobe Flash Player ShaderJob Buffer Overflow
2015-06-19 00:00:00
metasploit
metasploit
Adobe Flash Player ShaderJob Buffer Overflow
2015-06-18 17:36:14
googleprojectzero
googleprojectzero
One Perfect Bug: Exploiting Type Confusion in Flash
2015-07-20 00:00:00
Attacking ECMAScript Engines with Redefinition
2015-08-17 00:00:00
exploitdb
exploitdb
Adobe Flash Player - ShaderJob Buffer Overflow (Metasploit)
2015-06-24 00:00:00
threatpost
threatpost
Angler Exploit Kit Exploiting New Adobe Vulnerability, Dropping Cryptowall 3.0
2015-05-28 13:57:47
archlinux
archlinux
flashplugin: multiple issues
2015-04-17 00:00:00

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

8.2 High

AI Score

Confidence

High

0.974 High

EPSS

Percentile

99.9%

JSON
Related for KLA10574
nessus28suse7freebsd2openvas15altlinux4mageia2kaspersky2securityvulns1redhat2gentoo2ubuntucve18prion18cvelist18cve18nvd18checkpoint_advisories17hackerone2zdt7zdi1packetstorm1metasploit1googleprojectzero2exploitdb1threatpost1archlinux1