Vulnerability Details

Adobe Flash Player Multiple Vulnerabilities Dec15 (Mac OS X)

Published: 2015-12-10 09:26:57
CVE Author: NIST National Vulnerability Database

CVSS Base Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Summary:
This host is installed with Adobe Flash Player and is prone to multiple vulnerabilities.

Detection Method:
Checks if a vulnerable version is present on the target host.

Technical Details:
Multiple flaws exist due to, - Multiple heap buffer overflow vulnerabilities. - Multiple memory corruption vulnerabilities. - Multiple security bypass vulnerabilities. - A stack overflow vulnerability. - A type confusion vulnerability. - An integer overflow vulnerability. - A buffer overflow vulnerability. - Multiple use-after-free vulnerabilities.

Impact:
Successful exploitation will allow attackers to bypass security restrictions and execute arbitrary code on the affected system.

Affected Versions:
Adobe Flash Player version before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Mac OS X.

Recommendations:
Upgrade to Adobe Flash Player version 18.0.0.268 or 20.0.0.228 or later.

Solution Type:
Vendor Patch

Detection Type:
Executable

NIST (National Institute of Standards and Technology) NVD (National Vulnerability Database)

https://nvd.nist.gov/vuln/detail/CVE-2015-8045
https://nvd.nist.gov/vuln/detail/CVE-2015-8047
https://nvd.nist.gov/vuln/detail/CVE-2015-8048
https://nvd.nist.gov/vuln/detail/CVE-2015-8049
https://nvd.nist.gov/vuln/detail/CVE-2015-8050
https://nvd.nist.gov/vuln/detail/CVE-2015-8418
https://nvd.nist.gov/vuln/detail/CVE-2015-8454
https://nvd.nist.gov/vuln/detail/CVE-2015-8455
https://nvd.nist.gov/vuln/detail/CVE-2015-8055
https://nvd.nist.gov/vuln/detail/CVE-2015-8056
https://nvd.nist.gov/vuln/detail/CVE-2015-8057
https://nvd.nist.gov/vuln/detail/CVE-2015-8058
https://nvd.nist.gov/vuln/detail/CVE-2015-8059
https://nvd.nist.gov/vuln/detail/CVE-2015-8060
https://nvd.nist.gov/vuln/detail/CVE-2015-8061
https://nvd.nist.gov/vuln/detail/CVE-2015-8062
https://nvd.nist.gov/vuln/detail/CVE-2015-8063
https://nvd.nist.gov/vuln/detail/CVE-2015-8064
https://nvd.nist.gov/vuln/detail/CVE-2015-8065
https://nvd.nist.gov/vuln/detail/CVE-2015-8066
https://nvd.nist.gov/vuln/detail/CVE-2015-8067
https://nvd.nist.gov/vuln/detail/CVE-2015-8068
https://nvd.nist.gov/vuln/detail/CVE-2015-8069
https://nvd.nist.gov/vuln/detail/CVE-2015-8070
https://nvd.nist.gov/vuln/detail/CVE-2015-8071
https://nvd.nist.gov/vuln/detail/CVE-2015-8401
https://nvd.nist.gov/vuln/detail/CVE-2015-8402
https://nvd.nist.gov/vuln/detail/CVE-2015-8403
https://nvd.nist.gov/vuln/detail/CVE-2015-8404
https://nvd.nist.gov/vuln/detail/CVE-2015-8405
https://nvd.nist.gov/vuln/detail/CVE-2015-8406
https://nvd.nist.gov/vuln/detail/CVE-2015-8407
https://nvd.nist.gov/vuln/detail/CVE-2015-8408
https://nvd.nist.gov/vuln/detail/CVE-2015-8409
https://nvd.nist.gov/vuln/detail/CVE-2015-8410
https://nvd.nist.gov/vuln/detail/CVE-2015-8411
https://nvd.nist.gov/vuln/detail/CVE-2015-8412
https://nvd.nist.gov/vuln/detail/CVE-2015-8413
https://nvd.nist.gov/vuln/detail/CVE-2015-8414
https://nvd.nist.gov/vuln/detail/CVE-2015-8415
https://nvd.nist.gov/vuln/detail/CVE-2015-8416
https://nvd.nist.gov/vuln/detail/CVE-2015-8417
https://nvd.nist.gov/vuln/detail/CVE-2015-8419
https://nvd.nist.gov/vuln/detail/CVE-2015-8420
https://nvd.nist.gov/vuln/detail/CVE-2015-8421
https://nvd.nist.gov/vuln/detail/CVE-2015-8422
https://nvd.nist.gov/vuln/detail/CVE-2015-8423
https://nvd.nist.gov/vuln/detail/CVE-2015-8424
https://nvd.nist.gov/vuln/detail/CVE-2015-8425
https://nvd.nist.gov/vuln/detail/CVE-2015-8426
https://nvd.nist.gov/vuln/detail/CVE-2015-8427
https://nvd.nist.gov/vuln/detail/CVE-2015-8428
https://nvd.nist.gov/vuln/detail/CVE-2015-8429
https://nvd.nist.gov/vuln/detail/CVE-2015-8430
https://nvd.nist.gov/vuln/detail/CVE-2015-8431
https://nvd.nist.gov/vuln/detail/CVE-2015-8432
https://nvd.nist.gov/vuln/detail/CVE-2015-8433
https://nvd.nist.gov/vuln/detail/CVE-2015-8434
https://nvd.nist.gov/vuln/detail/CVE-2015-8435
https://nvd.nist.gov/vuln/detail/CVE-2015-8436
https://nvd.nist.gov/vuln/detail/CVE-2015-8437
https://nvd.nist.gov/vuln/detail/CVE-2015-8438
https://nvd.nist.gov/vuln/detail/CVE-2015-8439
https://nvd.nist.gov/vuln/detail/CVE-2015-8440
https://nvd.nist.gov/vuln/detail/CVE-2015-8441
https://nvd.nist.gov/vuln/detail/CVE-2015-8442
https://nvd.nist.gov/vuln/detail/CVE-2015-8443
https://nvd.nist.gov/vuln/detail/CVE-2015-8444
https://nvd.nist.gov/vuln/detail/CVE-2015-8445
https://nvd.nist.gov/vuln/detail/CVE-2015-8446
https://nvd.nist.gov/vuln/detail/CVE-2015-8447
https://nvd.nist.gov/vuln/detail/CVE-2015-8448
https://nvd.nist.gov/vuln/detail/CVE-2015-8449
https://nvd.nist.gov/vuln/detail/CVE-2015-8450
https://nvd.nist.gov/vuln/detail/CVE-2015-8451
https://nvd.nist.gov/vuln/detail/CVE-2015-8452
https://nvd.nist.gov/vuln/detail/CVE-2015-8453
https://nvd.nist.gov/vuln/detail/CVE-2015-8456
https://nvd.nist.gov/vuln/detail/CVE-2015-8457
https://nvd.nist.gov/vuln/detail/CVE-2015-8652
https://nvd.nist.gov/vuln/detail/CVE-2015-8653
https://nvd.nist.gov/vuln/detail/CVE-2015-8654
https://nvd.nist.gov/vuln/detail/CVE-2015-8655
https://nvd.nist.gov/vuln/detail/CVE-2015-8656
https://nvd.nist.gov/vuln/detail/CVE-2015-8657
https://nvd.nist.gov/vuln/detail/CVE-2015-8822
https://nvd.nist.gov/vuln/detail/CVE-2015-8658
https://nvd.nist.gov/vuln/detail/CVE-2015-8820
https://nvd.nist.gov/vuln/detail/CVE-2015-8821
https://nvd.nist.gov/vuln/detail/CVE-2015-8823

SecurityFocus Bugtraq ID:

https://www.securityfocus.com/bid/78717
https://www.securityfocus.com/bid/78718
https://www.securityfocus.com/bid/78715
https://www.securityfocus.com/bid/78714
https://www.securityfocus.com/bid/78716
https://www.securityfocus.com/bid/78712
https://www.securityfocus.com/bid/78710
https://www.securityfocus.com/bid/78715
https://www.securityfocus.com/bid/78713

References:

https://helpx.adobe.com/security/products/flash-player/apsb15-32.html
http://get.adobe.com/flashplayer

Severity
High
CVSS Score
10.0
Published
2015-12-10
Modified
2018-10-12
Category
General

Free Vulnerability Scanning, Assessment and Management

Mageni's Platform is packed with all the features you need to scan, assess and manage vulnerabilities like this - it is free, open source, lightning fast, reliable and scalable.

Router
Servers
Laptop
Database
Group
Cloud

Frequently Asked Questions

No, you can scan concurrently as many assets as you want. Please note that you must be aware of the hardware requeriments of the platform to ensure a good performance.

No, you can add as many assest as you want. It doesn't matters if you have millions of assets, we won't charge you for that.

No. The software is completely free. We have no intention to charge you to use the software, in fact - it completely goes against our beliefs and business model.

A vulnerability is defined in the ISO 27002 standard as “A weakness of an asset or group of assets that can be exploited by one or more threats” (International Organization for Standardization, 2005)

We generate revenue by providing support and other services for customers that require a subscription so they get guaranteed support and enterprise services. To use Mageni's Platform is completely free, with no limits at all.

Yes. Mageni understands that there are professionals and businesses that need commercial support so Mageni provides an active support subscription with everything needed to run Mageni's Platform reliably and securely. More than software, it's access to security experts, knowledge resources, security updates, and support tools you can't get anywhere else. The subscription includes:

  • Ongoing delivery
    • Patches
    • Bug fixes
    • Updates
    • Upgrades
  • Technical support
    • 24/7 availability
    • Unlimited Incidents
    • Specialty-based routing
    • Multi-Channel
  • Commitments
    • Software certifications
    • Software assurance
    • SLA

No, we don't store the information of your vulnerabilities in our servers.

Vulnerability management is the process in which vulnerabilities in IT are identified and the risks of these vulnerabilities are evaluated. This evaluation leads to correcting the vulnerabilities and removing the risk or a formal risk acceptance by the management of an organization. The term vulnerability management is often confused with vulnerability scanning. Despite the fact both are related, there is an important difference between the two. Vulnerability scanning consists of using a computer program to identify vulnerabilities in networks, computer infrastructure or applications. Vulnerability management is the process surrounding vulnerability scanning, also taking into account other aspects such as risk acceptance, remediation etc. Source: "Implementing a Vulnerability Management Process". SANS Institute.

I am ready to start scanning for vulnerabilities