Multiple vulnerabilities have been reported in Adobe Flash Player, which can be exploited by malicious people to bypass certain security restrictions and compromise a user's system.
1) An error when parsing ActionScript can be exploited to corrupt memory.
2) An unspecified error can be exploited to cause a stack-based buffer overflow.
3) An integer overflow error can be exploited to corrupt memory.
4) An error within NPSWF32.dll when parsing certain tags can be exploited to corrupt memory.
5) An error in the "SoundMixer.computeSpectrum()" method can be exploited to bypass the same-origin policy.
6) Unspecified errors related to "null dereference" may reportedly allow code execution.
7) An unspecified error in the installer allows planting a binary file and may allow execution of arbitrary code.
The vulnerabilities are reported in the following versions:
* Adobe Flash Player 18.104.22.168 and earlier for Windows, Macintosh and Linux
* Adobe Flash Player 22.214.171.124 and earlier for Android 4.x
* Adobe Flash Player 126.96.36.199 and earlier for Android 3.x and 2.x
* Adobe AIR 188.8.131.520 and earlier for Windows, Macintosh and Android
Provided and/or discovered by: 1) wushi of team509 via iDefense VCP.
4) Kai Lu, Fortinet's FortiGuard Labs.
5) Mitsuaki Shiraishi, Symantec Japan via JPCERT/CC.
The vendor credits:
2) Manuel Caballero, Microsoft Vulnerability Research (MSVR).
3) Haifei Li, Microsoft Malware Protection Center (MMPC) and Microsoft Vulnerability Research (MSVR).
6) Tavis Ormandy, Google Security Team.
7) An anonymous person.
Original Advisory: Adobe:
Do you have additional information related to this advisory?
Please provide information about patches, mitigating factors, new versions, exploits, faulty patches, links, and other relevant data by posting comments to this Advisory. You can also send this
information to firstname.lastname@example.org
Subject: Adobe Flash Player Multiple Vulnerabilities
No posts yet
You must be logged in to post a comment.
Secunia Customer Login
Not a customer already?
Learn more about how our market leading Vulnerability Management solutions can help you manage risk and ensure compliance.