CVE-2015-8445

Vulnerability

An integer overflow vulnerability exists in the Shader filter implementation of Adobe Flash Player [1]. By supplying a large BitmapData object as a source to the Shader filter, it is possible to trigger an integer overflow, which leads to a heap overflow [1]. Affected versions include Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X, and before 11.2.202.554 on Linux; also Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 [1].

Exploitation

Exploitation requires user interaction; the target must visit a malicious web page or open a malicious file containing a crafted SWF that provides a large BitmapData source to the Shader filter [1]. The attacker does not need prior authentication, as the vulnerability is reachable via standard web content. The integer overflow occurs during processing of the Shader filter parameters, corrupting heap memory [1].

Impact

Successful exploitation allows an attacker to execute arbitrary code within the context of the current process [1]. This can lead to full system compromise depending on the privileges of the user running the Flash Player instance. The impact includes arbitrary code execution, with potential for data theft, malware installation, or further system control [1][2].

Mitigation

Adobe released fixed versions on December 8, 2015: Flash Player 20.0.0.228 (Windows/OS X) and 11.2.202.554 (Linux), and AIR 20.0.0.204 [1]. Gentoo recommends upgrading to www-plugins/adobe-flash-11.2.202.559 or later [2]. Users should update to the latest versions as there is no known workaround [2].