Adobe Flash Player And AIR SDK Use After Free Vulnerabilities
22 Feb. 2016
Summary
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allows attackers to execute arbitrary code
Credit:
The information has been provided by Anonymous working with HPE's Zero Day Initiative, bilou working with HPE's Zero Day Initiative, Furugawa Nagisa working with HPE's Zero Day Initiative, LMX of Qihoo 360, Natalie Silvanovich of Google Project Zero, Nicolas Joly of Microsoft Security and Yuk.
Vulnerable Systems:
* Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204
Adobe Flash Player and AIR are prone to multiple remote code-execution vulnerabilities. An attacker can exploit these issues to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely result in denial-of-service conditions.