CIS CYBERSECURITY ADVISORIES

MS-ISAC ADVISORY NUMBER:
2015-001

DATE(S) ISSUED:
01/13/2015

SUBJECT:
Multiple vulnerabilities In Adobe Flash Player and Adobe AIR Could Allow Remote Code Execution (APSB15-01)

OVERVIEW:

Multiple vulnerabilities in Adobe Flash Player and Adobe AIR could allow remote code execution. Adobe Flash Player is a widely distributed multimedia and application player used to enhance the user experience when visiting web pages or reading email messages. Adobe AIR is a cross platform runtime used for developing Internet applications that run outside of a browser. Successful exploitation could result in an attacker compromising data security, potentially allowing access to confidential data, or could compromise processing resources in a user's computer. Failed exploit attempts will likely cause denial-of-service conditions.

THREAT INTELLIGENCE

There are currently no reports of these vulnerabilities being exploited in the wild.

SYSTEM AFFECTED:

  • Adobe Flash Player 16.0.0.235 and earlier versions
  • Adobe Flash Player 13.0.0.259 and earlier 13.x versions
  • Adobe Flash Player 11.2.202.425 and earlier versions for Linux
  • Adobe AIR desktop runtime 15.0.0.356 and earlier versions
  • Adobe AIR SDK 15.0.0.356 and earlier versions
  • Adobe AIR SDK & Compiler 15.0.0.356 and earlier versions
  • Adobe AIR 15.0.0.356 and earlier versions for Android

RISK:

Government:

  • Large and medium government entities:High
  • Small government entities:High

Businesses:

  • Large and medium business entities:High
  • Small business entities:High

Home users: High

TECHNICAL SUMMARY:

Adobe Flash Player is prone to multiple vulnerabilities that could allow for remote code execution. These vulnerabilities are as follows:

  • Improper file validation vulnerability (CVE-2015-0301).
  • Information disclosure vulnerability that could lead to key stroke logging (CVE-2015-0302).
  • Memory corruption vulnerabilities that could lead to code execution (CVE-2015-0303, CVE-2015-0306).
  • Buffer overflow vulnerabilities that could lead to code execution (CVE-2015-0304, CVE-2015-0309).
  • Type confusion vulnerability that could lead to code execution (CVE-2015-0305).
  • Out-of-bounds read vulnerability that could lead to code execution (CVE-2015-0307).
  • Use-after-free vulnerability that could lead to code execution (CVE-2015-0308).

Successful exploitation could result in an attacker compromising data security, potentially allowing access to confidential data, or could compromise processing resources in a user's computer.

RECOMMENDATIONS:

We recommend the following actions be taken:

  • Install the updates provided by Adobe immediately after appropriate testing.
  • Remind users not to visit websites or follow links provided by unknown or untrusted sources.
  • Do not open email attachments from unknown or untrusted sources.
  • Limit user account privileges to those required only.

REFERENCES:

Adobe:

http://helpx.adobe.com/security/products/flash-player/apsb15-01.html#tablet

CVE:

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0301

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0302

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0303

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0304

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0305

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0306

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0307

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0308

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0309