Use-after-free Vulnerability in Adobe Flash Player and Adobe AIR
CVE-2015-8403

Currently unrated

Key Information:

Vendor: Adobe
Status: Air
Vendor: CVE Published:; 10 December 2015

Summary

A use-after-free vulnerability exists in Adobe Flash Player and Adobe AIR, which can enable attackers to execute arbitrary code on affected systems. This vulnerability affects multiple versions of Flash Player on different platforms, including Windows, OS X, and Linux, as well as various iterations of Adobe AIR. Attackers can exploit this flaw via unspecified vectors, leading to potential unauthorized access and control over vulnerable installations.

References

http://lists.opensuse.org/opensuse-security-announce/2015...

vendor-advisoryx_refsource_SUSE

https://helpx.adobe.com/security/products/flash-player/ap...

x_refsource_CONFIRM

http://www.securityfocus.com/bid/78715

vdb-entryx_refsource_BID

EPSS Score

17% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Dec 10, 2015
Vulnerability Reserved
Dec 2, 2015