Vigil@nce - Adobe Flash Player: bypassing ASLR
February 2015 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can bypass ASLR via Adobe Flash Player, in order to
ease the exploitation of another vulnerability.
Impacted products: Flash Player, IE, openSUSE, RHEL, SUSE Linux
Enterprise Desktop, SLES
Severity: 2/4
Creation date: 23/01/2015
DESCRIPTION OF THE VULNERABILITY
Systems use ASLR in order to randomize memory addresses used by
programs and libraries.
However, Adobe Flash Player allows an attacker to bypass this
security feature. Technical details are unknown.
An attacker can therefore bypass ASLR via Adobe Flash Player, in
order to ease the exploitation of another vulnerability.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Adobe-Flash-Player-bypassing-ASLR-16036