MS-ISAC CYBERSECURITY ADVISORIES

MS-ISAC ADVISORY NUMBER:
2015-146

DATE(S) ISSUED:
12/08/2015

SUBJECT:
Multiple Vulnerabilities in Adobe Flash Player Could Allow Remote Code Execution (APSB15-32)

OVERVIEW:

Multiple vulnerabilities have been discovered in Adobe Flash Player. Adobe Flash Player is a widely distributed multimedia and application player used to enhance the user experience when visiting web pages or reading email messages.

 

Successful exploitation could result in an attacker compromising data security, potentially allowing access to confidential data, or could compromise processing resources in a user's computer. Failed exploit attempts will likely cause denial-of-service conditions.

 

THREAT INTELLIGENCE

 

There are currently no reports of these vulnerabilities being exploited in the wild.

 

SYSTEM AFFECTED:

 

  • Adobe Flash Player Desktop Runtime 19.0.0.245 and earlier

  • Adobe Flash Player Extended Support Release 18.0.0.261 and earlier

  • Adobe Flash Player for Google Chrome 19.0.0.245 and earlier

  • Adobe Flash Player for Microsoft Edge and Internet Explorer 11 19.0.0.245 and earlier

  • Adobe Flash Player for Internet Explorer 10 and 11 19.0.0.245 and earlier

  • Adobe Flash Player for Linux 11.2.202.548 and earlier

  • AIR Desktop Runtime 19.0.0.241 and earlier

  • AIR SDK 19.0.0.241 and earlier

  • AIR SDK & Compiler 19.0.0.241 and earlier

  • AIR for Android 19.0.0.241 and earlier

 

RISK:

 

Government:

  • Large and medium government entities: High

  • Small government entities: High

 

Businesses:

  • Large and medium business entities: High

  • Small business entities: High

 

Home users: High

 

TECHNICAL SUMMARY:

 

Adobe Flash Player is prone to multiple vulnerabilities that could allow for remote code execution. These vulnerabilities are as follows:

 

  • Multiple heap buffer overflow vulnerabilities that may lead to remote code execution (CVE-2015-8438, CVE-2015-8446)

  • Multiple resolve memory corruption vulnerabilities that may lead to remote code execution (CVE-2015-8444, CVE-2015-8443, CVE-2015-8417, CVE-2015-8416, CVE-2015-8451, CVE-2015-8047, CVE-2015-8053, CVE-2015-8045, CVE-2015-8051, CVE-2015-8060, CVE-2015-8419, CVE-2015-8408).

  • Multiple security bypass vulnerabilities (CVE-2015-8453, CVE-2015-8440, CVE-2015-8409).

  • A stack overflow vulnerability that may lead to remote code execution (CVE-2015-8407).

  • A type confusion vulnerability that may lead to remote code execution (CVE-2015-8439).

  • An integer overflow vulnerability that may lead to remote code execution (CVE-2015-8445).

  • A buffer overflow vulnerability that may lead to remote code execution (CVE-2015-8415)

  • Multiple use-after-free vulnerabilities that may lead to remote code execution (CVE-2015-8050, CVE-2015-8049, CVE-2015-8437, CVE-2015-8450, CVE-2015-8449, CVE-2015-8448, CVE-2015-8436, CVE-2015-8452, CVE-2015-8048, CVE-2015-8413, CVE-2015-8412, CVE-2015-8410, CVE-2015-8411, CVE-2015-8424, CVE-2015-8422, CVE-2015-8420, CVE-2015-8421, CVE-2015-8423, CVE-2015-8425, CVE-2015-8433, CVE-2015-8432, CVE-2015-8431, CVE-2015-8426, CVE-2015-8430, CVE-2015-8427, CVE-2015-8428, CVE-2015-8429, CVE-2015-8434, CVE-2015-8435, CVE-2015-8414, CVE-2015-8052, CVE-2015-8059, CVE-2015-8058, CVE-2015-8055, CVE-2015-8057, CVE-2015-8056, CVE-2015-8061, CVE-2015-8067, CVE-2015-8066, CVE-2015-8062, CVE-2015-8068, CVE-2015-8064, CVE-2015-8065, CVE-2015-8063, CVE-2015-8405, CVE-2015-8404, CVE-2015-8402, CVE-2015-8403, CVE-2015-8071, CVE-2015-8401, CVE-2015-8406, CVE-2015-8069, CVE-2015-8070, CVE-2015-8441, CVE-2015-8442, CVE-2015-8447).

 

Successful exploitation of these vulnerabilities could result in an attacker gaining the same privileges as the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user access.

 

RECOMMENDATIONS:

 

We recommend the following actions be taken:

 

  • Install the updates provided by Adobe immediately after appropriate testing.

  • Remind users not to visit untrusted websites or follow links provided by unknown or untrusted sources.

  • Do not open email attachments from unknown or untrusted sources.

  • Run all software as a non-privileged user (one without administrative privileges) to diminish the effects of a successful attack 

 

REFERENCES:

 

Adobe:

https://helpx.adobe.com/security/products/flash-player/apsb15-32.html

 

CVE:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8045

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8047

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8048

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8049

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8050

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8051

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8052

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8053

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8054

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8055

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8056

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8057

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8058

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8059

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8060

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8061

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8062

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8063

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8064

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8065

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8066

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8067

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8068

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8069

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8070

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8071

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8401

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8402

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8403

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8404

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8405

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8406

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8407

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8408

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8409

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8410

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8411

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8412

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8413

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8414

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8415

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8416

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8417

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8419

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8420

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8421

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8422

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8423

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8424

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8425

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8426

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8427

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8428

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8429

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8430

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8431

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8432

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8433

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8434

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8435

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8436

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8437

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8438

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8439

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8440

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8441

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8442

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8443

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8444

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8445

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8446

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8447

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8448

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8449

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8450

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8451

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8452

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8453