CVE-2015-3097

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160, Adobe AIR before 18.0.0.144, Adobe AIR SDK before 18.0.0.144, and Adobe AIR SDK & Compiler before 18.0.0.144 on 64-bit Windows 7 systems do not properly select a random memory address for the Flash heap, which makes it easier for attackers to conduct unspecified attacks by predicting this address.

References

http://www.securityfocus.com/bid/75090

http://www.securitytracker.com/id/1032519

http://www.securitytracker.com/id/1032810

https://helpx.adobe.com/security/products/flash-player/apsb15-11.html

https://helpx.adobe.com/security/products/flash-player/apsb15-16.html

https://security.gentoo.org/glsa/201506-01

Details

Source: MITRE

Published: 2015-06-10

Updated: 2017-09-22

Type: CWE-200

Risk Information

CVSS v2

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM

Vulnerable Software

Configuration 1

AND

OR

cpe:2.3:a:adobe:air:*:*:*:*:*:*:*:*

cpe:2.3:a:adobe:air_sdk:*:*:*:*:*:*:*:*

cpe:2.3:a:adobe:air_sdk_\&_compiler:*:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:14.0.0.125:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:14.0.0.145:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:14.0.0.176:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:14.0.0.179:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:15.0.0.152:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:15.0.0.167:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:15.0.0.189:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:15.0.0.223:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:15.0.0.239:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:15.0.0.246:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:16.0.0.235:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:16.0.0.257:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:16.0.0.287:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:16.0.0.296:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:17.0.0.134:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:17.0.0.169:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:17.0.0.188:*:*:*:*:*:*:*

OR

cpe:2.3:o:microsoft:windows_7:*:*:*:*:*:*:x64:*

Tenable Plugins

View all (21 total)

IDNameProductFamilySeverity
8886Google Chrome OS < 43.0.2357.132 Multiple VulnerabilitiesNessus Network MonitorMobile Devices
critical
8881Google Chrome < 43.0.2357.132 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
high
8858Adobe AIR < 18.0.0.180 Multiple Vulnerabilities (APSB15-16)Nessus Network MonitorWeb Clients
high
8835Adobe AIR < 18.0.0.144 Multiple Vulnerabilities (APSB15-11)Nessus Network MonitorWeb Clients
high
8821Flash Player < 13.0.0.302 / 18.0.0.203 Multiple Vulnerabilities (APSB15-16)Nessus Network MonitorWeb Clients
high
8814Flash Player < 17.0.0.189 (inferred) Multiple Vulnerabilities (APSB15-06 through 11) Nessus Network MonitorWeb Clients
high
8813Flash Player < 13.0.0.292 / 18.0.0.160 Multiple Vulnerabilities (APSB15-11)Nessus Network MonitorWeb Clients
high
84668Google Chrome < 43.0.2357.132 Multiple Vulnerabilities (Mac OS X)NessusMacOS X Local Security Checks
critical
84667Google Chrome < 43.0.2357.132 Multiple VulnerabilitiesNessusWindows
critical
84645MS KB3065823: Update for Vulnerabilities in Adobe Flash Player in Internet ExplorerNessusWindows
critical
84644Adobe Flash Player <= 18.0.0.194 Multiple Vulnerabilities (APSB15-16) (Mac OS X)NessusMacOS X Local Security Checks
critical
84643Adobe AIR for Mac <= 18.0.0.144 Multiple Vulnerabilities (APSB15-16)NessusMacOS X Local Security Checks
critical
84642Adobe Flash Player <= 18.0.0.194 Multiple Vulnerabilities (APSB15-16)NessusWindows
critical
84641Adobe AIR <= 18.0.0.144 Multiple Vulnerabilities (APSB15-16)NessusWindows
critical
84315GLSA-201506-01 : Adobe Flash Player: Multiple vulnerabilitiesNessusGentoo Local Security Checks
critical
8783Google Chrome < 43.0.2357.124 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
high
84158Adobe AIR <= 17.0.0.172 Multiple Vulnerabilities (APSB15-11)NessusWindows
critical
84132FreeBSD : Adobe Flash Player -- critical vulnerabilities (1e63db88-1050-11e5-a4df-c485083ca99c)NessusFreeBSD Local Security Checks
critical
84052MS KB3065820: Update for Vulnerabilities in Adobe Flash Player in Internet ExplorerNessusWindows
critical
84049Google Chrome < 43.0.2357.124 Multiple VulnerabilitiesNessusWindows
critical
84048Adobe Flash Player <= 17.0.0.188 Multiple Vulnerabilities (APSB15-11)NessusWindows
critical