CVE-2015-3080high
New! CVE Severity Now Using CVSS v3
The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.
Description
Use-after-free vulnerability in Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188 on Windows and OS X and before 11.2.202.460 on Linux, Adobe AIR before 17.0.0.172, Adobe AIR SDK before 17.0.0.172, and Adobe AIR SDK & Compiler before 17.0.0.172 allows attackers to execute arbitrary code via unspecified vectors.
References
http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00007.html
http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00010.html
http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00016.html
http://rhn.redhat.com/errata/RHSA-2015-1005.html
http://www.securityfocus.com/bid/74608
http://www.securitytracker.com/id/1032285
https://helpx.adobe.com/security/products/flash-player/apsb15-09.html
Details
Source: MITRE
Published: 2015-05-13
Updated: 2017-09-17
Type: NVD-CWE-Other
Risk Information
CVSS v2
Base Score: 10
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Impact Score: 10
Exploitability Score: 10
Severity: HIGH
Vulnerable Software
Configuration 1
AND
OR
cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:14.0.0.125:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:14.0.0.145:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:14.0.0.176:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:14.0.0.179:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:15.0.0.152:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:15.0.0.167:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:15.0.0.189:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:15.0.0.223:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:15.0.0.239:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:15.0.0.246:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:16.0.0.235:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:16.0.0.257:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:16.0.0.287:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:16.0.0.296:*:*:*:*:*:*:*
OR
Configuration 2
AND
OR
OR
Configuration 3
OR
cpe:2.3:a:adobe:air:*:*:*:*:*:*:*:* versions up to 17.0.0.144 (inclusive)
cpe:2.3:a:adobe:air_sdk:*:*:*:*:*:*:*:* versions up to 17.0.0.144 (inclusive)
cpe:2.3:a:adobe:air_sdk_\&_compiler:*:*:*:*:*:*:*:* versions up to 17.0.0.144 (inclusive)
Tenable Plugins
| ID | Name | Product | Family | Severity |
|---|---|---|---|---|
| 8814 | Flash Player < 17.0.0.189 (inferred) Multiple Vulnerabilities (APSB15-06 through 11) | Nessus Network Monitor | Web Clients | high |
| 8812 | Adobe AIR < 17.0.0.172 Multiple Vulnerabilities (APSB15-09) | Nessus Network Monitor | Web Clients | high |
| 8811 | Flash Player < 13.0.0.289 / 17.0.0.188 Multiple Vulnerabilities (APSB15-09) | Nessus Network Monitor | Web Clients | high |
| 8780 | Google Chrome < 42.0.2311.152 Multiple Vulnerabilities | Nessus Network Monitor | Web Clients | high |
| 84161 | Adobe AIR for Mac <= 17.0.0.144 Multiple Vulnerabilities (APSB15-09) | Nessus | MacOS X Local Security Checks | critical |
| 84157 | Adobe AIR <= 17.0.0.144 Multiple Vulnerabilities (APSB15-09) | Nessus | Windows | critical |
| 83911 | GLSA-201505-02 : Adobe Flash Player: Multiple vulnerabilities | Nessus | Gentoo Local Security Checks | critical |
| 83559 | openSUSE Security Update : flash-player (openSUSE-2015-372) | Nessus | SuSE Local Security Checks | critical |
| 83486 | SuSE 11.3 Security Update : flash-player (SAT Patch Number 10680) | Nessus | SuSE Local Security Checks | critical |
| 83442 | FreeBSD : Adobe Flash Player -- critical vulnerabilities (e206df57-f97b-11e4-b799-c485083ca99c) | Nessus | FreeBSD Local Security Checks | critical |
| 83431 | RHEL 5 / 6 : flash-plugin (RHSA-2015:1005) | Nessus | Red Hat Local Security Checks | critical |
| 83369 | MS KB3061904: Update for Vulnerabilities in Adobe Flash Player in Internet Explorer | Nessus | Windows | critical |
| 83368 | Google Chrome < 42.0.2311.152 Multiple Vulnerabilities (Mac OS X) | Nessus | MacOS X Local Security Checks | critical |
| 83367 | Adobe Flash Player <= 17.0.0.169 Multiple Vulnerabilities (APSB15-09) (Mac OS X) | Nessus | MacOS X Local Security Checks | critical |
| 83366 | Google Chrome < 42.0.2311.152 Multiple Vulnerabilities | Nessus | Windows | critical |
| 83365 | Adobe Flash Player <= 17.0.0.169 Multiple Vulnerabilities (APSB15-09) | Nessus | Windows | critical |