January 2015 - Adobe Releases Updates for Adobe Flash Player

Data de publicação: 28 de mayo de 2015

Data do informe: 22 de enero de 2015

Descrição

Adobe has released security updates for Adobe Flash Player for Windows, Macintosh and Linux. These updates address vulnerabilities that could potentially allow an attacker to take control of the affected system. Adobe recommends users update their product installations to the latest versions.

Exposição das informações

Trend Micro Deep Security shields networks through the following Deep Packet Inspection (DPI) rules. Trend Micro customers using the Vulnerability Protection product or OfficeScan with Intrusion Defense Firewall (IDF) plugin are also protected from attacks using these vulnerabilities.

In addition, Trend Micro products protect against an Adobe Flash Player zero-day exploit seen in January 2015. Protection is delivered via rule 1006460 - Adobe Flash Player Buffer Overflow Vulnerability.

Bulletin ID Vulnerability ID DPI Rule Number DPI Rule Name Release Date Vulnerability Protection and IDF Compatibility

APSB15-01 CVE-2015-0302 1006452 Adobe Flash Player Information Disclosure Vulnerability (CVE-2015-0302) 22-Jan-15 YES

APSB15-01 CVE-2015-0303 1006453 Adobe Flash Player Memory Corruption Vulnerability (CVE-2015-0303) 22-Jan-15 YES

APSB15-01 CVE-2015-0304 1006454 Adobe Flash Player Heap Based Buffer Overflow Vulnerability (CVE-2015-0304) 22-Jan-15 YES

APSB15-01 CVE-2015-0305 1006457 Adobe Flash Player Type Confusion Remote Code Execution Vulnerability (CVE-2015-0305) 22-Jan-15 YES

APSB15-01 CVE-2015-0307 1006456 Adobe Flash Player Out Of Bounds Read Memory Corruption Vulnerability (CVE-2015-0307) 22-Jan-15 YES

APSB15-01 CVE-2015-0308 1006458 Adobe Flash Player Use After Free Remote Code Execution Vulnerability (CVE-2015-0308) 22-Jan-15 YES

APSB15-01 CVE-2015-0309 1006455 Adobe Flash Player Heap Based Buffer Overflow Vulnerability (CVE-2015-0309) 22-Jan-15 YES

APSB15-03 CVE-2015-0311 1006460 Adobe Flash Player Buffer Overflow Vulnerability 22-Jan-15 YES

Solução

Alteração: : http://helpx.adobe.com/security/products/flash-player/apsb15-01.html

Software infectado e versão:

Adobe Flash Player 16.0.0.235 and earlier versions
Adobe Flash Player 13.0.0.259 and earlier 13.x versions
Adobe Flash Player 11.2.202.425 and earlier versions for Linux
Adobe AIR desktop runtime 15.0.0.356 and earlier versions
Adobe AIR SDK 15.0.0.356 and earlier versions
Adobe AIR SDK and Compiler 15.0.0.356 and earlier versions
Adobe AIR for Android 15.0.0.356 and earlier versions

Bulletin ID	Vulnerability ID	DPI Rule Number	DPI Rule Name	Release Date	Vulnerability Protection and IDF Compatibility
APSB15-01	CVE-2015-0302	1006452	Adobe Flash Player Information Disclosure Vulnerability (CVE-2015-0302)	22-Jan-15	YES
APSB15-01	CVE-2015-0303	1006453	Adobe Flash Player Memory Corruption Vulnerability (CVE-2015-0303)	22-Jan-15	YES
APSB15-01	CVE-2015-0304	1006454	Adobe Flash Player Heap Based Buffer Overflow Vulnerability (CVE-2015-0304)	22-Jan-15	YES
APSB15-01	CVE-2015-0305	1006457	Adobe Flash Player Type Confusion Remote Code Execution Vulnerability (CVE-2015-0305)	22-Jan-15	YES
APSB15-01	CVE-2015-0307	1006456	Adobe Flash Player Out Of Bounds Read Memory Corruption Vulnerability (CVE-2015-0307)	22-Jan-15	YES
APSB15-01	CVE-2015-0308	1006458	Adobe Flash Player Use After Free Remote Code Execution Vulnerability (CVE-2015-0308)	22-Jan-15	YES
APSB15-01	CVE-2015-0309	1006455	Adobe Flash Player Heap Based Buffer Overflow Vulnerability (CVE-2015-0309)	22-Jan-15	YES
APSB15-03	CVE-2015-0311	1006460	Adobe Flash Player Buffer Overflow Vulnerability	22-Jan-15	YES

Arquivo correspondente
SWF_ANGZIA.A