Adobe Flash Player contains a vulnerability in the ActionScript 3 ByteArray class, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.
Adobe Flash Player versions 9.0 through version 22.214.171.124 contain a use-after-free vulnerability in the AS3 ByteArray class. This can allow attacker-controlled memory corruption. Exploit code for this vulnerability is publicly available.
An attacker can execute arbitrary code in the context of the user running Flash Player. Attacks typically involve enticing a user to visit a web site containing specially-crafted Flash content, or to open a specially-crafted Microsoft Office document.
Apply an update
This issue is addressed in Flash Player Desktop 126.96.36.199. Please see Adobe Security Bulletin APSB15-16 for more details and fix versions for other platforms.
Do not run untrusted Flash content
This vulnerability was discovered by HackingTeam.
This document was written by Will Dormann.
|Date First Published:||2015-07-07|
|Date Last Updated:||2015-07-11 18:39 UTC|