Adobe has released FOUR CRITICAL updates today. Below I list each of the updates, link to their Security Bulletins and link to where you can download them. I've also added a list of CVEs patched in each update. A total of 50 CVEs have been patched in these updates. I believe that's a record for Adobe.
Adobe Flash Player 18.0.0.209
Adobe Security Bulletin
Download Page
CVEs Patched
CVE-2015-5122: "A use-after-free vulnerability that could lead to code execution."
CVE-2015-5123: "A memory corruption vulnerability that could lead to code execution."
Adobe Shockwave Player 12.1.9.159
Adobe Security Bulletin
Download Page
CVEs Patched
CVE-2015-5120 - "Memory corruption vulnerabilities that could lead to code execution"
CVE-2015-5121 - "Memory corruption vulnerabilities that could lead to code execution"
*Neither CVE is yet listed at Mitre.org
Adobe Acrobat & Reader:
DC v2015.008.20082 and v11.0.12
DC v2015.008.20082 and v11.0.12
Adobe Security Bulletin
Adobe Reader DC Download Page
Adobe Reader (non-cloud) v11.0.12 Download Page
Adobe Acrobat Pro and DC Pro Download Page
CVEs Patched
CVE-2014-0566 - "Memory corruption vulnerabilities that could lead to code execution."
CVE-2014-8450 - "Security bypass vulnerabilities that could lead to information disclosure."
CVE-2015-3095 - "Memory corruption vulnerabilities that could lead to code execution."
CVE-2015-4435 - “Methods to bypass restrictions on JavaScript API execution.”
CVE-2015-4438 - “Methods to bypass restrictions on JavaScript API execution.”
CVE-2015-4441 - “Methods to bypass restrictions on JavaScript API execution.”
CVE-2015-4443 - “Null-pointer dereference issues that could lead to a denial-of-service condition.”
CVE-2015-4444 - “Null-pointer dereference issues that could lead to a denial-of-service condition.”
CVE-2015-4445 - “Methods to bypass restrictions on JavaScript API execution.”
CVE-2015-4446 - “Validation bypass issues that could be exploited to perform privilege escalation from low to medium integrity level.”
CVE-2015-4447 - “Methods to bypass restrictions on JavaScript API execution.”
CVE-2015-4448 - "Use-after-free vulnerabilities that could lead to code execution."
CVE-2015-4449 - "Security bypass vulnerabilities that could lead to information disclosure."
CVE-2015-4450 - "Security bypass vulnerabilities that could lead to information disclosure."
CVE-2015-4451 - “Methods to bypass restrictions on JavaScript API execution.”
CVE-2015-4452 - “Methods to bypass restrictions on JavaScript API execution.”
CVE-2015-5085 - “Methods to bypass restrictions on JavaScript API execution.”
CVE-2015-5086 - “Methods to bypass restrictions on JavaScript API execution.”
CVE-2015-5087 - "Memory corruption vulnerabilities that could lead to code execution."
CVE-2015-5088 - "Security bypass vulnerabilities that could lead to information disclosure."
CVE-2015-5089 - "Security bypass vulnerabilities that could lead to information disclosure."
CVE-2015-5090 - “Validation bypass issues that could be exploited to perform privilege escalation from low to medium integrity level.”
CVE-2015-5091 - “Validation bypass issues that could be exploited to perform privilege escalation from low to medium integrity level.”
CVE-2015-5092 - "Security bypass vulnerabilities that could lead to information disclosure."
CVE-2015-5093 - "A buffer overflow vulnerability that could lead to code execution."
CVE-2015-5094 - "Memory corruption vulnerabilities that could lead to code execution."
CVE-2015-5095 - "Use-after-free vulnerabilities that could lead to code execution."
CVE-2015-5096 - "Heap buffer overflow vulnerabilities that could lead to code execution."
CVE-2015-5097 - “Integer overflow vulnerabilities that could lead to code execution.”
CVE-2015-5098 - "A buffer overflow vulnerability that could lead to code execution."
CVE-2015-5099 - "Use-after-free vulnerabilities that could lead to code execution."
CVE-2015-5100 - "Memory corruption vulnerabilities that could lead to code execution."
CVE-2015-5101 - "Use-after-free vulnerabilities that could lead to code execution."
CVE-2015-5102 - "Memory corruption vulnerabilities that could lead to code execution."
CVE-2015-5103 - "Memory corruption vulnerabilities that could lead to code execution."
CVE-2015-5104 - "Memory corruption vulnerabilities that could lead to code execution."
CVE-2015-5105 - "A buffer overflow vulnerability that could lead to code execution."
CVE-2015-5106 - “Validation bypass issues that could be exploited to perform privilege escalation from low to medium integrity level.”
CVE-2015-5107 - "An information leak vulnerability."
CVE-2015-5108 - “Integer overflow vulnerabilities that could lead to code execution.”
CVE-2015-5109 - “Integer overflow vulnerabilities that could lead to code execution.”
CVE-2015-5110 - "A stack overflow vulnerability that could lead to code execution."
CVE-2015-5111 - "Use-after-free vulnerabilities that could lead to code execution."
CVE-2015-5113 - "Use-after-free vulnerabilities that could lead to code execution."
CVE-2015-5114 - "Use-after-free vulnerabilities that could lead to code execution."
CVE-2015-5115 - "Memory corruption vulnerabilities that could lead to code execution."
* CVEs not linked above have not yet been listed at Mitre.org.
--
No comments:
Post a Comment