Security bypass in Adobe products - CVE-2015-3040

 

Security bypass in Adobe products - CVE-2015-3040

Published: January 26, 2017 / Updated: January 27, 2017


Vulnerability identifier: #VU5410
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2015-3040
CWE-ID: CWE-401
Exploitation vector: Remote access
Exploit availability: No public exploit available
Vendor: Adobe
Affected software:
Adobe AIR
Adobe Flash Player for Linux
Adobe Flash Player

Detailed vulnerability description

The vulnerability allows a remote attacker to bypass address space layout randomization on the target system.

The weakness exists due to multiple memory leaks. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and gain unauthorized access to the system.

Successful exploitation of the vulnerability results in security bypass on the vulnerable system.


How to mitigate CVE-2015-3040

Install update from vendor's website.

Sources