Forum Thread: Adobe Flash Player Unspecified Code Execution Vulnerability

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
Vulnerabilities

See the original Secunia advisory:
Adobe Flash Player Unspecified Code Execution Vulnerability

Secunia Adobe Flash Player Unspecified Code Execution Vulnerability
Secunia Official 22nd Jan, 2015 23:57
Ranking: 0
Posts: 0
User Since: -
System Score: -
Location: Copenhagen, DK
A vulnerability has been reported in Adobe Flash Player, which can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to an unspecified error and can be exploited to execute arbitrary code. No further information is currently available.

Note: This vulnerability is currently exploited in limited targeted attacks.

The vulnerability is reported in version 16.0.0.257. Other versions may also be affected.

pc.tech1 RE: Adobe Flash Player Unspecified Code Execution Vulnerability
Member 22nd Jan, 2015 23:57
Score: 8
Posts: 22
User Since: 13th Feb 2010
System Score: N/A
Location: US
Last edited on 22nd Jan, 2015 23:57
Flash 16.0.0.287 released
- https://helpx.adobe.com/security/products/flash-pl...
Jan 22, 2015
CVE number: CVE-2015-0310
Platform: All Platforms
.

--
This machine has no brain.
Use your own.
.
Was this reply relevant?
+0
-0
Maurice Joyce RE: Adobe Flash Player Unspecified Code Execution Vulnerability
Handling Contributor 23rd Jan, 2015 10:05
Score: 12325
Posts: 9,575
User Since: 4th Jan 2009
System Score: N/A
Location: UK
Last edited on 23rd Jan, 2015 10:20
After updating to clear CVE-2015-0310 please be aware that Adobe Flash version 16.0.0.287 is also vulnerable as outlined in CVE-2015-0311. Windows 8 & Windows 8.1 have been updated by Microsoft if you have auto update switched on.

Details of latest UNPATCHED vulnerability is here:

http://blogs.adobe.com/psirt/

EDIT: The Secunia advisory has been updated to reflect the latest vulnerability.

https://secunia.com/advisories/62432



--
Maurice

Microsoft Surface 4 Intel i7 64Bit
Windows 10 Pro version 1809 Build 17763.404
16 GB RAM
IE & Edge Only
Was this reply relevant?
+2
-0
klausus02 RE: Adobe Flash Player Unspecified Code Execution Vulnerability
Member 25th Jan, 2015 15:37
Score: 89
Posts: 144
User Since: 4th Feb 2011
System Score: N/A
Location: DE
Last edited on 25th Jan, 2015 15:37
Attention
I just ran a full scan with PSI2. Adobe Flash version 16.0.0.287 is marked as secure!
Is Secunia Database still out of date?
--
Klaus
Was this reply relevant?
+0
-0
ddmarshall RE: Adobe Flash Player Unspecified Code Execution Vulnerability
Dedicated Contributor 25th Jan, 2015 19:51
Score: 1250
Posts: 992
User Since: 8th Nov 2008
System Score: N/A
Location: UK
My Flash Player updated itself to 16.0.0.296 on February 24.

Apparently the update is only available through the Flash Player automatic updater at the moment. It can't be downloaded from the Adobe website and is not available for Windows 8 or Chrome.
http://helpx.adobe.com/security/products/flash-pla...

--
Was this reply relevant?
+0
-0
klausus02 RE: Adobe Flash Player Unspecified Code Execution Vulnerability
Member 26th Jan, 2015 18:21
Score: 89
Posts: 144
User Since: 4th Feb 2011
System Score: N/A
Location: DE
The Flash Player automatic updater is giving an older and wrong version, also!

You can get the new version here e.g.:

http://www.adobe.com/de/products/flashplayer/distr...

-regards
Was this reply relevant?
+0
-0
Anthony Wells RE: Adobe Flash Player Unspecified Code Execution Vulnerability
Expert Contributor 27th Jan, 2015 18:26
Score: 2542
Posts: 3,402
User Since: 19th Dec 2007
System Score: N/A
Location: N/A
Hi ,

Atm ,the Flash NPAPI plug-in for Firefox and other browsers is now available from the Adobe website . Ff has also updated to version 35.0.1

Google Chrome has auto-updated to stable version 40.0.2214.93m and includes the latest PPAPI ...296.

IE 11 on W8.1.1 does not yet provide an update via Windows update .

Take care

Anthony

--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+0
-0
ddmarshall RE: Adobe Flash Player Unspecified Code Execution Vulnerability
Dedicated Contributor 27th Jan, 2015 21:00
Score: 1250
Posts: 992
User Since: 8th Nov 2008
System Score: N/A
Location: UK
Update for Internet Explorer on Windows 8.x is now available.

--
Was this reply relevant?
+0
-0
Anthony Wells RE: Adobe Flash Player Unspecified Code Execution Vulnerability
Expert Contributor 27th Jan, 2015 21:30
Score: 2542
Posts: 3,402
User Since: 19th Dec 2007
System Score: N/A
Location: N/A
Done and dusted , thanks ddm .

Take care

Anthony

--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+0
-0