- Adobe Flash Player 220.127.116.116 and earlier versions
- Adobe Flash Player 18.104.22.1684 and earlier 13.x versions
- Adobe Flash Player 22.214.171.1240 and earlier 11.x versions
Adobe Flash Player is prone to multiple vulnerabilities that could allow for remote code execution. These vulnerabilities are as follows:
- Use-after-free vulnerability that could lead to code execution (CVE-2015-0313, CVE-2015-0315, CVE-2015-0320, CVE-2015-0322).
- Memory corruption vulnerabilities that could lead to code execution (CVE-2015-0314, CVE-2015-0316, CVE-2015-0318, CVE-2015-0321, CVE-2015-0329, CVE-2015-0330).
- Type confusion vulnerability that could lead to code execution (CVE-2015-0317, CVE-2015-0319).
- Heap Buffer overflow vulnerabilities that could lead to code execution (CVE-2015-0323, CVE-2015-032).
- Buffer overflow vulnerability that could lead to code execution (CVE-2015-0324).
- A Null pointer dereferencing issue (CVE-2015-0325, CVE-2015-0326, CVE-2015-0328).
Successful exploitation could result in an attacker compromising data security or processing resources in a user's computer.
We recommend the following actions be taken:
- Install the updates provided by Adobe immediately after appropriate testing.
- Remind users not to visit untrusted websites or follow links provided by unknown or untrusted sources.
- Remind users not to open email attachments from unknown users or suspicious emails from trusted sources.
- Limit user account privileges to those required only.
Links not available