Concerned about recent PAN-OS and other firewall/VPN CVEs? Take advantage of Zscaler’s special offer today

Zscaler Security Advisories

Security Advisory - June 09, 2015

Zscaler Protects against Multiple Security Vulnerabilities in Adobe Flash Player

Zscaler, working with Microsoft through their MAPPs program, has deployed protections for the following 9 vulnerabilities included in the June 2015 Adobe security bulletins. Zscaler will continue to monitor exploits associated with all vulnerabilities in the June release and deploy additional protections as necessary.

APSB15-11 - Security updates available for Adobe Reader and Acrobat

Severity: Critical
Affected Software

  • Adobe Flash Player and earlier versions for Windows and Macintosh
  • Adobe Flash Player Extended Support Release and earlier 13.x versions for Windows and Macintosh
  • Adobe Flash Player and earlier 11.x versions for Linux
  • Adobe AIR Desktop Runtime and earlier versions for Windows and Macintosh
  • Adobe AIR SDK and SDK & Compiler and earlier versions for Windows and Macintosh
  • Adobe AIR for Android and earlier versions

CVE-2015-3096 - Variant of CVE-2014-5333 (Rosetta Flash) using 2-bytes UTF-8 sequence
CVE-2015-3098 - Same-origin-policy/SecurityDomain/AllowScriptAccess violation via loaded flash files
CVE-2015-3100 - Misusing of FPU Instruction Could Cause Security Vulnerabilities
CVE-2015-3102 - Adobe Flash custom pageDomain vulnerability
CVE-2015-3103 - Flash Player Race Condition Vulnerability
CVE-2015-3104 - Integer overflow / memory corruption with excessive number of shader input channels
CVE-2015-3105 - Out-of-bounds write in ShaderParameter resolution
CVE-2015-3106 - AS2 Use After Free in TextField.filters
CVE-2015-3108 - Internet Explorer Memory Corruption Vulnerability

Description: Adobe has released security updates for Adobe Flash Player for Windows, Macintosh and Linux.  These updates address vulnerabilities that could potentially allow an attacker to take control of the affected system.