Integer Overflow Vulnerability in Adobe Flash Player and AIR
CVE-2015-8445

Currently unrated

Key Information:

Vendor: Adobe
Status: Air Sdk; Air Sdk \& Compiler
Vendor: CVE Published:; 10 December 2015

Summary

The vulnerability arises from an integer overflow in the Shader filter implementation within Adobe Flash Player and Adobe AIR. This flaw allows attackers to exploit a large BitmapData source object, potentially leading to arbitrary code execution on affected systems. It impacts multiple versions of Flash Player on Windows and OS X, along with versions of Adobe AIR prior to the specified updates. Users are strongly urged to update their Adobe software to safeguard against this vulnerability.

References

http://lists.opensuse.org/opensuse-security-announce/2015...

vendor-advisoryx_refsource_SUSE

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/do...

x_refsource_CONFIRM

https://helpx.adobe.com/security/products/flash-player/ap...

x_refsource_CONFIRM

EPSS Score

5% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Dec 10, 2015
Vulnerability Reserved
Dec 2, 2015