Integer overflow in Adobe Flash Player prior to 18.0.0.324 and 19.x and 20.x prior to 20.0.0.267 on Windows and OS X and prior to 11.2.202.559 on Linux, Adobe AIR prior to 20.0.0.233, Adobe AIR SDK prior to 20.0.0.233, and Adobe AIR SDK & Compiler prior to 20.0.0.233 allows malicious users to execute arbitrary code via unspecified vectors.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
adobe air_sdk |
||
adobe air_sdk_\\&_compiler |
||
adobe flash_player |
||
adobe air |
||
adobe flash_player 19.0.0.226 |
||
adobe flash_player 19.0.0.207 |
||
adobe flash_player 20.0.0.235 |
||
adobe flash_player 20.0.0.228 |
||
adobe flash_player 19.0.0.245 |
||
adobe flash_player 19.0.0.185 |
Same group compromised a million users A DAY.
A two-year long, highly sophisticated malvertising campaign infected visitors to some of the most popular news sites in the UK, Australia, and Canada including Channel 9, Sky News, and MSN. Readers of those news sites, just a portion of all affected (since it also affected eBay's UK portal), were infected with modular trojans capable of harvesting account and email credentials, stealing keystrokes, capturing web cam footage, and opening backdoors. The news sites are not at direct fault as they d...
There is no honour among content thieves
Scores of Game of Thrones pirates may have had computers encrypted by ransomware after malvertisers served the dangerous malware through the Pirate Bay during the mega-series' season six première last weekend. MalwareBytes researcher Jerome Segura says the hard-working Magnitude exploit kit authors were able to target pirates after they bought advertising space on the infamous Bittorrent website targeting users with pop-under ads. Magnitude is a hugely successful crimeware offering that allows ...
Rivals stuck with old Adobe exploits
The Angler exploit kit is again sailing the cyber seas and pillaging with impunity, adding one of the more recent machine-hijacking Flash holes to its arsenal. The integration of Adobe Flash vulnerability (CVE-2015-8651) patched last month solidifies Angler's position as the most popular and effective exploit kit on underground criminal markets. Chinese security researcher known as ThreatBook reports the exploit kit is being used in phishing attacks under the so-called DarkHotel campaign. Those ...
Adobe squeezes out one last batch of security fixes for 2015
Adobe has issued new versions of Flash to patch a load of security flaws – one of which is being exploited in the wild. Curiously, that particular vulnerability (CVE-2015-8651) was reported to the Photoshop giant by Kai Wang and Hunter Gao of Huawei's IT security department. Could the Chinese tech goliath have caught miscreants trying to exploit the bug to infect its systems? Adobe said the flaw is being used "in limited, targeted attacks." People should upgrade their installation of Flash –...