Hillstone Networks

RULE（RULE ID：710600）

Rule General Information


Release Date:		2016-12-21

Rule Name:		Adobe Flash Player and AIR Movieclip Setmask Use After Free Vulnerability -2 (CVE-2015-4428)

Severity:

CVE ID:

Rule Protection Details


Description:		Use-after-free vulnerability in Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0.0.203 on Windows and OS X and before 11.2.202.481 on Linux, Adobe AIR before 18.0.0.180, Adobe AIR SDK before 18.0.0.180, and Adobe AIR SDK & Compiler before 18.0.0.180 allows attackers to execute arbitrary code via unspecified vectors.

Impact:		An attacker can execute arbitrary code via a successful exploit in the context of the vulnerable software.

Affected OS:		Windows, Mac OS, Other Unix, FreeBSD, Linux

Reference:		SecurityFocusBID:75590 AdobeSecurityBulletins:apsb15-16

Solutions

Adobe has issued a fix on the official website. For more advisory, please visit https://helpx.adobe.com/security/products/flash-player/apsb15-16.html