Adobe fixed critical flash player vulnerability
Adobe has released an unscheduled update APSB15-14 , which closes the critical vulnerability CVE-2015-3113 (HeapOv) in Flash Player. Vulnerability was discovered by FireEye analysts and was used in targeted attacks for remote code execution (Remote Code Execution).
The discovered exploit allowed to execute the code remotely in the MS Internet Explorer (IE) web browser on Windows XP - Seven, and also in Firefox on Windows XP. It uses the well-known Flash vector object corruption mechanism to perform the heap-spray operation and the ASLR bypass, as well as the ROP to bypass the DEP.
We recommend updating your Flash Player. Browsers such as Internet Explorer 10 & 11 on Windows 8 / 8.1 and Google Chrome update their Flash Player versions automatically. For IE, see the updated Security Advisory 2755801 . Check your version of Flash Player for relevance here , the table below shows these versions for various browsers.
')
be secure.
The discovered exploit allowed to execute the code remotely in the MS Internet Explorer (IE) web browser on Windows XP - Seven, and also in Firefox on Windows XP. It uses the well-known Flash vector object corruption mechanism to perform the heap-spray operation and the ASLR bypass, as well as the ROP to bypass the DEP.
Adobe CVD-2015-3113 is being actively exploited through targeted attacks. Systems running Internet Explorer for Windows 7 and below, as well as Firefox on Windows XP, are known targets.
We recommend updating your Flash Player. Browsers such as Internet Explorer 10 & 11 on Windows 8 / 8.1 and Google Chrome update their Flash Player versions automatically. For IE, see the updated Security Advisory 2755801 . Check your version of Flash Player for relevance here , the table below shows these versions for various browsers.
')
be secure.
Source: https://habr.com/ru/post/261013/
All Articles