Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
kasperskyKaspersky LabKLA10679
HistoryOct 13, 2015 - 12:00 a.m.

KLA10679 Multiple vulnerabilities in Adobe Flash Player & AIR

2015-10-1300:00:00
Kaspersky Lab
threats.kaspersky.com
29

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

8.3 High

AI Score

Confidence

Low

0.113 Low

EPSS

Percentile

95.2%

JSON

Multiple serious vulnerabilities have been found in Adobe Flash Player & AIR. Malicious users can exploit these vulnerabilities to cause denial of service, bypass security restrictions or execute arbitrary code.

Below is a complete list of vulnerabilities

  1. An unknown vulnerability can be exploited to execute arbitrary code or bypass same origin policy via a specially designed Loader object and other unknown vectors;
  2. Improper API implementation can be exploited via an unknown vectors.

Technical details

(1) can be exploited via a Loader object with specially designed loaderBytes property.

Original advisories

Adobe bulletin

Exploitation

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Related products

Adobe-Flash-Player-ActiveX

Adobe-AIR

Adobe-Flash-Player-NPAPI

Adobe-Flash-Player-PPAPI

CVE list

CVE-2015-7627 critical

CVE-2015-7628 critical

CVE-2015-7637 critical

CVE-2015-7636 critical

CVE-2015-7644 critical

CVE-2015-7635 critical

CVE-2015-5569 critical

CVE-2015-7625 critical

CVE-2015-7626 critical

CVE-2015-7630 critical

CVE-2015-7629 critical

CVE-2015-7643 critical

CVE-2015-7631 critical

CVE-2015-7641 critical

CVE-2015-7633 critical

CVE-2015-7639 critical

CVE-2015-7640 critical

CVE-2015-7638 critical

CVE-2015-7634 critical

CVE-2015-7632 critical

CVE-2015-7642 critical

Solution

Update to the latest versionGet AIR

Get Flash Player

Impacts

  • ACE

Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.

  • DoS

Denial of service. Exploitation of vulnerabilities with this impact can lead to loss of system availability or critical functional fault.

  • SB

Security bypass. Exploitation of vulnerabilities with this impact can lead to performing actions restricted by current security settings.

Affected Products

  • Adobe Flash Player versions earlier than 19.0.0.207Adobe Flash Player Extended Support Release versions earlier than 18.0.0.252Adobe Flash Player for Linux versions earlier than 11.2.202.535Adobe AIR versions earlier than 19.0.0.213

Related

openvas 8
nessus 14
altlinux 2
suse 4
freebsd 1
redhat 2
mageia 1
archlinux 1
prion 21
cve 21
ubuntucve 21
nvd 21
cvelist 21
checkpoint_advisories 8
gentoo 1
jvn 1
zdi 4
symantec 1
openvas
openvas
Adobe Air Multiple Vulnerabilities -01 (Oct 2015) - Windows
2015-10-16 00:00:00
Adobe Air Multiple Vulnerabilities -01 (Oct 2015) - Mac OS X
2015-10-16 00:00:00
Adobe Flash Player Multiple Vulnerabilities - 01 (Oct 2015) - Linux
2015-10-16 00:00:00
nessus
nessus
Adobe AIR < 19.0.0.213 Multiple Vulnerabilities (APSB15-25)
2015-10-21 00:00:00
Flash Player < 19.0.0.207 Multiple Vulnerabilities (APSB15-25)
2015-10-21 00:00:00
RHEL 6 : flash-plugin (RHSA-2015:1893)
2015-10-15 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 6 package adobe-flash-player version 3:11-alt54
2015-10-14 00:00:00
Security fix for the ALT Linux 7 package adobe-flash-player version 3:11-alt54
2015-10-14 00:00:00
suse
suse
Security update for Adobe Flash Player (important)
2015-10-14 18:09:47
Security update for flash-player (important)
2015-10-14 17:11:22
Security update for flash-player (important)
2015-10-14 17:10:32
freebsd
freebsd
flash -- multiple vulnerabilities
2015-10-13 00:00:00
redhat
redhat
(RHSA-2015:1893) Critical: flash-plugin security update
2015-10-15 00:00:00
(RHSA-2015:2024) Critical: flash-plugin security update
2015-11-11 00:00:00
mageia
mageia
Updated flash-player-plugin packages fixes security vulnerabilities
2015-10-14 08:55:15
archlinux
archlinux
flashplugin: multiple issues
2015-10-14 00:00:00
prion
prion
Design/Logic Flaw
2015-10-18 10:59:00
Design/Logic Flaw
2015-10-18 10:59:00
Design/Logic Flaw
2015-10-18 10:59:00
cve
cve
CVE-2015-7641
2015-10-18 10:59:11
CVE-2015-7640
2015-10-18 10:59:10
CVE-2015-7642
2015-10-18 10:59:12
ubuntucve
ubuntucve
CVE-2015-7636
2015-10-18 00:00:00
CVE-2015-7639
2015-10-18 00:00:00
CVE-2015-7641
2015-10-18 00:00:00
nvd
nvd
CVE-2015-7640
2015-10-18 10:59:10
CVE-2015-7636
2015-10-18 10:59:06
CVE-2015-7637
2015-10-18 10:59:07
cvelist
cvelist
CVE-2015-7639
2015-10-18 10:00:00
CVE-2015-7640
2015-10-18 10:00:00
CVE-2015-7637
2015-10-18 10:00:00
checkpoint_advisories
checkpoint_advisories
Adobe Flash Player Memory Corruption (APSB15-25: CVE-2015-7625; CVE-2015-7626)
2015-10-29 00:00:00
Adobe Flash Player Security Bypass (APSB15-25: CVE-2015-7628)
2015-10-29 00:00:00
Adobe Flash Player Memory Corruption (APSB15-25: CVE-2015-7633)
2015-10-29 00:00:00
gentoo
gentoo
Adobe Flash Player: Multiple vulnerabilities
2015-11-17 00:00:00
jvn
jvn
JVN#22533124: Adobe Flash Player issue where iframe contents may be overwritten
2015-12-17 00:00:00
zdi
zdi
Adobe Flash TextFormat tabStops Use-After-Free Remote Code Execution Vulnerability
2015-10-13 00:00:00
Adobe Flash Loader loadBytes Buffer Overflow Remote Code Execution Vulnerability
2015-10-13 00:00:00
Adobe Flash TextLine validity Use-After-Free Remote Code Execution Vulnerability
2015-10-13 00:00:00
symantec
symantec
Adobe Flash Player and AIR CVE-2015-7632 Buffer Overflow Vulnerability
2015-10-13 00:00:00

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

8.3 High

AI Score

Confidence

Low

0.113 Low

EPSS

Percentile

95.2%

JSON
Related for KLA10679
openvas8nessus14altlinux2suse4freebsd1redhat2mageia1archlinux1prion21cve21ubuntucve21nvd21cvelist21checkpoint_advisories8gentoo1jvn1zdi4symantec1