Published: 10/12/2015 Updated: 10/09/2017

CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10

VMScore: 1000

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Use-after-free vulnerability in Adobe Flash Player prior to 18.0.0.268 and 19.x and 20.x prior to 20.0.0.228 on Windows and OS X and prior to 11.2.202.554 on Linux, Adobe AIR prior to 20.0.0.204, Adobe AIR SDK prior to 20.0.0.204, and Adobe AIR SDK & Compiler prior to 20.0.0.204 allows malicious users to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-8048, CVE-2015-8049, CVE-2015-8050, CVE-2015-8055, CVE-2015-8056, CVE-2015-8057, CVE-2015-8058, CVE-2015-8059, CVE-2015-8061, CVE-2015-8062, CVE-2015-8063, CVE-2015-8064, CVE-2015-8065, CVE-2015-8066, CVE-2015-8067, CVE-2015-8068, CVE-2015-8069, CVE-2015-8070, CVE-2015-8071, CVE-2015-8401, CVE-2015-8402, CVE-2015-8403, CVE-2015-8404, CVE-2015-8405, CVE-2015-8406, CVE-2015-8410, CVE-2015-8411, CVE-2015-8412, CVE-2015-8413, CVE-2015-8414, CVE-2015-8420, CVE-2015-8421, CVE-2015-8422, CVE-2015-8423, CVE-2015-8424, CVE-2015-8425, CVE-2015-8426, CVE-2015-8427, CVE-2015-8428, CVE-2015-8429, CVE-2015-8430, CVE-2015-8431, CVE-2015-8432, CVE-2015-8433, CVE-2015-8435, CVE-2015-8436, CVE-2015-8437, CVE-2015-8441, CVE-2015-8442, CVE-2015-8447, CVE-2015-8448, CVE-2015-8449, CVE-2015-8450, CVE-2015-8452, and CVE-2015-8454.

Vulnerable Product	Search on Vulmon	Subscribe to Product
adobe flash player
adobe flash player 19.0.0.185
adobe flash player 19.0.0.207
adobe flash player 19.0.0.226
adobe flash player 19.0.0.245
adobe air sdk
adobe air sdk & compiler
adobe air

Synopsis Critical: flash-plugin security update Type/Severity Security Advisory: Critical Topic An updated Adobe Flash Player package that fixes multiple security issuesis now available for Red Hat Enterprise Linux 5 and 6 SupplementaryRed Hat Product Security has rated this update as having Critical secur ...

Source: codegooglecom/p/google-security-research/issues/detail?id=568 There is a use-after-free in SoundsetTransform If a transform value is set to an object with valueOf defined, it can free the transform before the values are set A minimal PoC is as follows: thiscreateEmptyMovieClip("my_mc", 1); var my_sound:Sound = new Sound("my_ ...

NVD-CWE-Other https://helpx.adobe.com/security/products/flash-player/apsb15-32.html http://www.securityfocus.com/bid/78715 https://security.gentoo.org/glsa/201601-03 http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00008.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00012.html http://www.securitytracker.com/id/1034318 http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00007.html https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680 https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722 https://www.exploit-db.com/exploits/39072/https://access.redhat.com/errata/RHSA-2015:2593 https://nvd.nist.gov https://www.exploit-db.com/exploits/39072/

CVE-2015-8434

Vulnerability Summary

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect