Use-after-free vulnerability in Adobe Flash Player and Adobe AIR
CVE-2015-7644

Currently unrated

Key Information:

Vendor: Adobe
Status: Air; Air Sdk; Air Sdk \& Compiler
Vendor: CVE Published:; 15 October 2015

Summary

A use-after-free vulnerability in Adobe Flash Player prior to version 18.0.0.252 and 19.x prior to 19.0.0.207, as well as Adobe AIR and associated SDK versions prior to 19.0.0.213, could allow attackers to exploit the uninitialized memory to execute arbitrary code on affected systems. This exploitation occurs via unspecified vectors, which differ from other vulnerabilities identified in related CVEs. It is crucial for users and organizations to update their software to mitigate the risks associated with this vulnerability.

References

http://rhn.redhat.com/errata/RHSA-2015-2024.html

vendor-advisoryx_refsource_REDHAT

http://lists.opensuse.org/opensuse-security-announce/2015...

vendor-advisoryx_refsource_SUSE

http://www.securityfocus.com/bid/77061

vdb-entryx_refsource_BID

EPSS Score

5% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Oct 15, 2015
Vulnerability Reserved
Oct 1, 2015