Adobe Flash Player ActionScript 3 BitmapData释放后重利用远程内存破坏漏洞
发布日期:2015-07-12
更新日期:2015-07-16
受影响系统:
Adobe Flash Player < 18.0.0.203
Adobe Flash Player < 13.0.0.302
Adobe Flash Player < 11.2.202.481
Adobe Flash Player 14.x
Adobe Flash Player 13.x
Adobe Flash Player 12.x
Adobe Flash Player 11.x
描述:
BUGTRAQ ID: 75710
CVE(CAN) ID: CVE-2015-5123
Adobe Flash Player是一个集成的多媒体播放器。
Adobe Flash Player在ActionScript 3 (AS3)实现中,BitmapData类存在释放后重利用漏洞,远程攻击者通过构造的Flash内容,覆盖ValueOf函数,利用此漏洞可执行任意代码或造成拒绝服务(内存破坏)。
<*来源:Peter Pi
slipstream/RoL
链接:https://helpx.adobe.com/security/products/flash-player/apsa15-04.html
*>
建议:
厂商补丁:
Adobe
-----
Adobe已经为此发布了一个安全公告(APSA15-04)以及相应补丁:
APSA15-04:Adobe Security Bulletin Security Advisory for Adobe Flash Player
链接:https://helpx.adobe.com/security/products/flash-player/apsa15-04.html