Use-after-free Vulnerability in Adobe Flash Player and Adobe AIR
CVE-2015-8050

Currently unrated

Key Information:

Vendor: Adobe
Status: Air
Vendor: CVE Published:; 10 December 2015

Summary

A use-after-free vulnerability exists in the MovieClip object implementation of Adobe Flash Player and Adobe AIR, prior to specified versions. This flaw allows attackers to execute arbitrary code by leveraging a crafted beginGradientFill call. Successful exploitation could lead to compromised systems, allowing for unauthorized access and execution of malicious code.

References

http://lists.opensuse.org/opensuse-security-announce/2015...

vendor-advisoryx_refsource_SUSE

https://helpx.adobe.com/security/products/flash-player/ap...

x_refsource_CONFIRM

http://www.securityfocus.com/bid/78715

vdb-entryx_refsource_BID

EPSS Score

10% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Dec 10, 2015
Vulnerability Reserved
Nov 2, 2015