#VU5472 Null pointer dereference in Adobe products - CVE-2015-4429
Published: January 30, 2017 / Updated: February 22, 2017
Vulnerability identifier: #VU5472
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2015-4429
CWE-ID: CWE-476
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Adobe AIR
Adobe Flash Player Extended Support Release
Adobe Flash Player for Linux
Adobe Flash Player
Adobe AIR
Adobe Flash Player Extended Support Release
Adobe Flash Player for Linux
Adobe Flash Player
Software vendor:
Adobe
Adobe
Description
The vulnerability allows a remote attacker to cause DoS conditions on the target system.
The weakness exists due to NULL pointer dereference. A remote attacker can create a specially crafted Web site, trick the victim into visiting it and cause the application to crash.
Successful exploitation of the vulnerability results in denial of service on the vulnerable system.
The weakness exists due to NULL pointer dereference. A remote attacker can create a specially crafted Web site, trick the victim into visiting it and cause the application to crash.
Successful exploitation of the vulnerability results in denial of service on the vulnerable system.
Remediation
Install update from vendor's website.