CVE-2015-8636: Buffer Overflow
First published: Mon Dec 28 2015(Updated: )
Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR SDK before 20.0.0.233, and Adobe AIR SDK & Compiler before 20.0.0.233 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-8459, CVE-2015-8460, and CVE-2015-8645.
Credit: psirt@adobe.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Adobe AIR | <=20.0.0.204 | |
| macOS Yosemite | ||
| Google Android | ||
| Microsoft Windows | ||
| Adobe Flash Player for Internet Explorer 11 | <=18.0.0.268 | |
| Adobe Flash Player for Internet Explorer 11 | =19.0.0.185 | |
| Adobe Flash Player for Internet Explorer 11 | =19.0.0.207 | |
| Adobe Flash Player for Internet Explorer 11 | =19.0.0.226 | |
| Adobe Flash Player for Internet Explorer 11 | =19.0.0.245 | |
| Adobe Flash Player for Internet Explorer 11 | =20.0.0.228 | |
| Adobe Flash Player for Internet Explorer 11 | =20.0.0.235 | |
| Adobe AIR SDK and Compiler | <=20.0.0.204 | |
| Adobe AIR SDK & Compiler | <=20.0.0.204 | |
| Apple iPhone OS | ||
| Adobe Flash Player for Internet Explorer 11 | <=11.2.202.554 | |
| Linux Kernel |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00045.html
- http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00046.html
- http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00047.html
- http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00048.html
- http://rhn.redhat.com/errata/RHSA-2015-2697.html
- http://www.securityfocus.com/bid/79700
- http://www.securitytracker.com/id/1034544
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722
- https://helpx.adobe.com/security/products/flash-player/apsb16-01.html
- https://security.gentoo.org/glsa/201601-03
- https://www.exploit-db.com/exploits/39219/
Frequently Asked Questions
What is the severity of CVE-2015-8636?
CVE-2015-8636 has a critical severity rating due to its potential to allow remote code execution.
How do I fix CVE-2015-8636?
To fix CVE-2015-8636, update Adobe Flash Player and Adobe AIR to the latest versions available.
Who is affected by CVE-2015-8636?
CVE-2015-8636 affects users of Adobe Flash Player versions up to 18.0.0.324 and 19.x and 20.x before 20.0.0.267, as well as Adobe AIR versions prior to 20.0.0.233.
What type of vulnerability is CVE-2015-8636?
CVE-2015-8636 is a remote code execution vulnerability that can be exploited by attackers.
Can CVE-2015-8636 be exploited on Linux systems?
Yes, CVE-2015-8636 can be exploited on Linux systems running vulnerable versions of Adobe Flash Player.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/severity
- agent/remedy
- agent/weakness
- agent/last-modified-date
- agent/author
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/softwarecombine
- vendor/adobe
- canonical/adobe air
- version/adobe air/20.0.0.204
- vendor/apple
- canonical/macos yosemite
- vendor/google
- canonical/google android
- vendor/microsoft
- canonical/microsoft windows
- canonical/adobe flash player for internet explorer 11
- version/adobe flash player for internet explorer 11/18.0.0.268
- version/adobe flash player for internet explorer 11/19.0.0.185
- version/adobe flash player for internet explorer 11/19.0.0.207
- version/adobe flash player for internet explorer 11/19.0.0.226
- version/adobe flash player for internet explorer 11/19.0.0.245
- version/adobe flash player for internet explorer 11/20.0.0.228
- version/adobe flash player for internet explorer 11/20.0.0.235
- canonical/adobe air sdk and compiler
- version/adobe air sdk and compiler/20.0.0.204
- canonical/adobe air sdk & compiler
- version/adobe air sdk & compiler/20.0.0.204
- canonical/apple iphone os
- version/adobe flash player for internet explorer 11/11.2.202.554
- vendor/linux
- canonical/linux kernel