CVE-2015-0306

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Adobe Flash Player before 13.0.0.260 and 14.x through 16.x before 16.0.0.257 on Windows and OS X and before 11.2.202.429 on Linux, Adobe AIR before 16.0.0.245 on Windows and OS X and before 16.0.0.272 on Android, Adobe AIR SDK before 16.0.0.272, and Adobe AIR SDK & Compiler before 16.0.0.272 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-0303.

References

http://helpx.adobe.com/security/products/flash-player/apsb15-01.html

http://secunia.com/advisories/62177

http://secunia.com/advisories/62187

http://secunia.com/advisories/62252

http://secunia.com/advisories/62371

http://secunia.com/advisories/62740

http://security.gentoo.org/glsa/glsa-201502-02.xml

http://www.securityfocus.com/bid/72036

http://www.securitytracker.com/id/1031525

https://exchange.xforce.ibmcloud.com/vulnerabilities/99984

Details

Source: MITRE

Published: 2015-01-13

Updated: 2017-09-08

Risk Information

CVSS v2

Base Score: 10

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 10

Severity: HIGH

Tenable Plugins

View all (15 total)

IDNameProductFamilySeverity
8657Flash Player <= 16.0.0.235 Multiple Vulnerabilities (APSB15-01)Nessus Network MonitorWeb Clients
high
8655Flash Player < 16.0.0.306 (inferred) Multiple Vulnerabilities (APSB15-01 through 05) Nessus Network MonitorWeb Clients
high
81225GLSA-201502-02 : Adobe Flash Player: Multiple vulnerabilitiesNessusGentoo Local Security Checks
critical
81098openSUSE Security Update : flash-player (openSUSE-SU-2015:0174-1)NessusSuSE Local Security Checks
critical
80924FreeBSD : Adobe Flash Player -- multiple vulnerabilities (cc294a2c-a232-11e4-8e9f-0011d823eebd)NessusFreeBSD Local Security Checks
critical
80565SuSE 11.3 Security Update : flash-player (SAT Patch Number 10164)NessusSuSE Local Security Checks
critical
80564openSUSE Security Update : flash-player (openSUSE-SU-2015:0059-1)NessusSuSE Local Security Checks
critical
80544RHEL 5 / 6 : flash-plugin (RHSA-2015:0052)NessusRed Hat Local Security Checks
critical
80489MS KB3024663: Update for Vulnerabilities in Adobe Flash Player in Internet ExplorerNessusWindows
critical
80488Google Chrome < 39.0.2171.99 Multiple Vulnerabilities (Mac OS X)NessusMacOS X Local Security Checks
critical
80487Flash Player For Mac <= 16.0.0.235 Multiple Vulnerabilities (APSB15-01)NessusMacOS X Local Security Checks
critical
80486Adobe AIR for Mac <= 15.0.0.356 Multiple Vulnerabilities (APSB15-01)NessusMacOS X Local Security Checks
critical
80485Google Chrome < 39.0.2171.99 Multiple VulnerabilitiesNessusWindows
critical
80484Flash Player <= 16.0.0.235 Multiple Vulnerabilities (APSB15-01)NessusWindows
critical
80483Adobe AIR <= 15.0.0.356 Multiple Vulnerabilities (APSB15-01)NessusWindows
critical