Hillstone Networks

RULE（RULE ID：316270）

Rule General Information


Release Date:		2015-05-21

Rule Name:		Adobe Flash Player and AIR Remote Privilege Escalation Vulnerability -1 (CVE-2014-8442)

Severity:

CVE ID:

Rule Protection Details


Description:		Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on Windows and OS X and before 11.2.202.418 on Linux, Adobe AIR before 15.0.0.356, Adobe AIR SDK before 15.0.0.356, and Adobe AIR SDK & Compiler before 15.0.0.356 allow attackers to complete a transition from Low Integrity to Medium Integrity by leveraging incorrect permissions.

Impact:		An attacker can abtain more privileges which he is not entitled to by exloiting the vulnerability, such as executing arbitrary code, deleting files, viewing sensitive information, changing configurations.

Affected OS:		Windows

Reference:		AdobeSecurityBulletins:apsb14-24 SecurityFocusBID:71040

Solutions

Adobe has issued a fix on the official website. For more advisory, please visit http://helpx.adobe.com/security/products/flash-player/apsb14-24.html