Use-after-free Vulnerability in Adobe Flash Player and Adobe AIR Products
CVE-2015-7660

Currently unrated

Key Information:

Vendor: Adobe
Status: Air Sdk; Air Sdk \& Compiler
Vendor: CVE Published:; 11 November 2015

What is CVE-2015-7660?

A use-after-free vulnerability exists in Adobe Flash Player and Adobe AIR that allows attackers to execute arbitrary code through crafted setMask arguments. This issue affects various versions across platforms, and successful exploitation may compromise the affected system. Users and administrators are advised to update to the latest versions to mitigate potential risks.

References

http://www.securitytracker.com/id/1034111

vdb-entryx_refsource_SECTRACK

http://rhn.redhat.com/errata/RHSA-2015-2024.html

vendor-advisoryx_refsource_REDHAT

https://helpx.adobe.com/security/products/flash-player/ap...

x_refsource_CONFIRM

EPSS Score

5% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 11, 2015
Vulnerability Reserved
Oct 1, 2015