Adobe Flash Player ActionScript 3 BitmapData释放后重利用远

Adobe Flash Player ActionScript 3 BitmapData释放后重利用远程内存破坏漏洞


发布日期:2015-07-12
更新日期:2015-07-16

受影响系统:

Adobe Flash Player < 18.0.0.204
Adobe Flash Player < 18.0.0.203
Adobe Flash Player < 13.0.0.302
Adobe Flash Player < 11.2.202.481
Adobe Flash Player 14.x
Adobe Flash Player 13.x
Adobe Flash Player 12.x
Adobe Flash Player 11.x

描述:

BUGTRAQ  ID: 75710
CVE(CAN) ID: CVE-2015-5123

Adobe Flash Player是一个集成的多媒体播放器。

Adobe Flash Player在ActionScript 3 (AS3)实现中,BitmapData类存在释放后重利用漏洞,远程攻击者通过构造的Flash内容,覆盖ValueOf函数,利用此漏洞可执行任意代码或造成拒绝服务(内存破坏)。

<*来源:Peter Pi
        slipstream/RoL
 
  链接:https://helpx.adobe.com/security/products/flash-player/apsa15-04.html
*>

建议:

厂商补丁:

Adobe
-----
Adobe已经为此发布了一个安全公告(APSA15-04)以及相应补丁:
APSA15-04:Adobe Security Bulletin Security Advisory for Adobe Flash Player
链接:https://helpx.adobe.com/security/products/flash-player/apsa15-04.html

内容版权声明:除非注明,否则皆为本站原创文章。

转载注明出处:https://www.heiqu.com/a292adbdcfbda70a90a72c63bb41eb90.html