January 2015 - Adobe Releases Updates for Adobe Flash Player
Descrição
Adobe has released security updates for Adobe Flash Player for Windows, Macintosh and Linux. These updates address vulnerabilities that could potentially allow an attacker to take control of the affected system. Adobe recommends users update their product installations to the latest versions.
Exposição das informações
Trend Micro Deep Security shields networks through the following Deep Packet Inspection (DPI) rules. Trend Micro customers using the Vulnerability Protection product or OfficeScan with Intrusion Defense Firewall (IDF) plugin are also protected from attacks using these vulnerabilities.
In addition, Trend Micro products protect against an Adobe Flash Player zero-day exploit seen in January 2015. Protection is delivered via rule 1006460 - Adobe Flash Player Buffer Overflow Vulnerability.
| Bulletin ID | Vulnerability ID | DPI Rule Number | DPI Rule Name | Release Date | Vulnerability Protection and IDF Compatibility |
| APSB15-01 | CVE-2015-0302 | 1006452 | Adobe Flash Player Information Disclosure Vulnerability (CVE-2015-0302) | 22-Jan-15 | YES |
| APSB15-01 | CVE-2015-0303 | 1006453 | Adobe Flash Player Memory Corruption Vulnerability (CVE-2015-0303) | 22-Jan-15 | YES |
| APSB15-01 | CVE-2015-0304 | 1006454 | Adobe Flash Player Heap Based Buffer Overflow Vulnerability (CVE-2015-0304) | 22-Jan-15 | YES |
| APSB15-01 | CVE-2015-0305 | 1006457 | Adobe Flash Player Type Confusion Remote Code Execution Vulnerability (CVE-2015-0305) | 22-Jan-15 | YES |
| APSB15-01 | CVE-2015-0307 | 1006456 | Adobe Flash Player Out Of Bounds Read Memory Corruption Vulnerability (CVE-2015-0307) | 22-Jan-15 | YES |
| APSB15-01 | CVE-2015-0308 | 1006458 | Adobe Flash Player Use After Free Remote Code Execution Vulnerability (CVE-2015-0308) | 22-Jan-15 | YES |
| APSB15-01 | CVE-2015-0309 | 1006455 | Adobe Flash Player Heap Based Buffer Overflow Vulnerability (CVE-2015-0309) | 22-Jan-15 | YES |
| APSB15-03 | CVE-2015-0311 | 1006460 | Adobe Flash Player Buffer Overflow Vulnerability | 22-Jan-15 | YES |
Solução
Software infectado e versão:
- Adobe Flash Player 16.0.0.235 and earlier versions
- Adobe Flash Player 13.0.0.259 and earlier 13.x versions
- Adobe Flash Player 11.2.202.425 and earlier versions for Linux
- Adobe AIR desktop runtime 15.0.0.356 and earlier versions
- Adobe AIR SDK 15.0.0.356 and earlier versions
- Adobe AIR SDK and Compiler 15.0.0.356 and earlier versions
- Adobe AIR for Android 15.0.0.356 and earlier versions