CVE-2015-0308

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Use-after-free vulnerability in Adobe Flash Player before 13.0.0.260 and 14.x through 16.x before 16.0.0.257 on Windows and OS X and before 11.2.202.429 on Linux, Adobe AIR before 16.0.0.245 on Windows and OS X and before 16.0.0.272 on Android, Adobe AIR SDK before 16.0.0.272, and Adobe AIR SDK & Compiler before 16.0.0.272 allows attackers to execute arbitrary code via unspecified vectors.

References

http://helpx.adobe.com/security/products/flash-player/apsb15-01.html

http://secunia.com/advisories/62177

http://secunia.com/advisories/62187

http://secunia.com/advisories/62252

http://secunia.com/advisories/62371

http://secunia.com/advisories/62740

http://security.gentoo.org/glsa/glsa-201502-02.xml

http://www.securityfocus.com/bid/72039

http://www.securitytracker.com/id/1031525

https://exchange.xforce.ibmcloud.com/vulnerabilities/99989

Details

Source: MITRE

Published: 2015-01-13

Updated: 2017-09-08

Risk Information

CVSS v2

Base Score: 10

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 10

Severity: HIGH

Tenable Plugins

View all (15 total)

IDNameProductFamilySeverity
8657Flash Player <= 16.0.0.235 Multiple Vulnerabilities (APSB15-01)Nessus Network MonitorWeb Clients
high
8655Flash Player < 16.0.0.306 (inferred) Multiple Vulnerabilities (APSB15-01 through 05) Nessus Network MonitorWeb Clients
high
81225GLSA-201502-02 : Adobe Flash Player: Multiple vulnerabilitiesNessusGentoo Local Security Checks
critical
81098openSUSE Security Update : flash-player (openSUSE-SU-2015:0174-1)NessusSuSE Local Security Checks
critical
80924FreeBSD : Adobe Flash Player -- multiple vulnerabilities (cc294a2c-a232-11e4-8e9f-0011d823eebd)NessusFreeBSD Local Security Checks
critical
80565SuSE 11.3 Security Update : flash-player (SAT Patch Number 10164)NessusSuSE Local Security Checks
critical
80564openSUSE Security Update : flash-player (openSUSE-SU-2015:0059-1)NessusSuSE Local Security Checks
critical
80544RHEL 5 / 6 : flash-plugin (RHSA-2015:0052)NessusRed Hat Local Security Checks
critical
80489MS KB3024663: Update for Vulnerabilities in Adobe Flash Player in Internet ExplorerNessusWindows
critical
80488Google Chrome < 39.0.2171.99 Multiple Vulnerabilities (Mac OS X)NessusMacOS X Local Security Checks
critical
80487Flash Player For Mac <= 16.0.0.235 Multiple Vulnerabilities (APSB15-01)NessusMacOS X Local Security Checks
critical
80486Adobe AIR for Mac <= 15.0.0.356 Multiple Vulnerabilities (APSB15-01)NessusMacOS X Local Security Checks
critical
80485Google Chrome < 39.0.2171.99 Multiple VulnerabilitiesNessusWindows
critical
80484Flash Player <= 16.0.0.235 Multiple Vulnerabilities (APSB15-01)NessusWindows
critical
80483Adobe AIR <= 15.0.0.356 Multiple Vulnerabilities (APSB15-01)NessusWindows
critical