#VU5471 Null pointer dereference in Adobe Client/Desktop applications
Vulnerability identifier: #VU5471
Vulnerability risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-476
Exploitation vector: Network
Exploit availability: No
Vulnerable software:
Adobe Flash Player for Linux
Client/Desktop applications /
Multimedia software
Adobe AIR
Client/Desktop applications /
Multimedia software
Adobe Flash Player Extended Support Release
Client/Desktop applications /
Multimedia software
Adobe Flash Player
Client/Desktop applications /
Plugins for browsers, ActiveX components
Vendor: Adobe
Description
The vulnerability allows a remote attacker to cause DoS conditions on the target system.
The weakness exists due to NULL pointer dereference. A remote attacker can create a specially crafted Web site, trick the victim into visiting it and cause the application to crash.
Successful exploitation of the vulnerability results in denial of service on the vulnerable system.
Mitigation
Install update from vendor's website.
Vulnerable software versions
Adobe Flash Player for Linux: 11.2.202.238 - 11.2.202.481
Adobe Flash Player: 18.0.0 - 18.0.0.203
Adobe AIR: 18.0.0.144 - 18.0.0.180
Adobe Flash Player Extended Support Release: 13.0.0.260 - 13.0.0.302
External links
http://helpx.adobe.com/security/products/flash-player/apsb15-16.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
