CVE-2015-3107

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Use-after-free vulnerability in Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160 on Windows and OS X and before 11.2.202.466 on Linux, Adobe AIR before 18.0.0.144 on Windows and before 18.0.0.143 on OS X and Android, Adobe AIR SDK before 18.0.0.144 on Windows and before 18.0.0.143 on OS X, and Adobe AIR SDK & Compiler before 18.0.0.144 on Windows and before 18.0.0.143 on OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-3103 and CVE-2015-3106.

References

http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00005.html

http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00009.html

http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00011.html

http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00018.html

http://rhn.redhat.com/errata/RHSA-2015-1086.html

http://www.securityfocus.com/bid/75087

http://www.securitytracker.com/id/1032519

https://helpx.adobe.com/security/products/flash-player/apsb15-11.html

https://security.gentoo.org/glsa/201506-01

https://security.gentoo.org/glsa/201508-01

https://www.exploit-db.com/exploits/37850/

Details

Source: MITRE

Published: 2015-06-10

Updated: 2017-09-17

Type: CWE-416

Risk Information

CVSS v2

Base Score: 10

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 10

Severity: HIGH

Vulnerable Software

Configuration 1

AND

OR

cpe:2.3:a:adobe:air:*:*:*:*:*:*:*:*

OR

cpe:2.3:o:google:android:*:*:*:*:*:*:*:*

Configuration 2

OR

cpe:2.3:o:opensuse:evergreen:11.4:*:*:*:*:*:*:*

Configuration 3

AND

OR

cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:14.0.0.125:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:14.0.0.145:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:14.0.0.176:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:14.0.0.179:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:15.0.0.152:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:15.0.0.167:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:15.0.0.189:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:15.0.0.223:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:15.0.0.239:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:15.0.0.246:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:16.0.0.235:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:16.0.0.257:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:16.0.0.287:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:16.0.0.296:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:17.0.0.134:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:17.0.0.169:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:17.0.0.188:*:*:*:*:*:*:*

OR

cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

Configuration 4

AND

OR

cpe:2.3:a:adobe:air:*:*:*:*:*:*:*:*

cpe:2.3:a:adobe:air_sdk:*:*:*:*:*:*:*:*

cpe:2.3:a:adobe:air_sdk_\&_compiler:*:*:*:*:*:*:*:*

OR

cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

Configuration 5

AND

OR

cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*

OR

cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*

Tenable Plugins

View all (33 total)

IDNameProductFamilySeverity
8883Google Chrome < 44.0.2403.155 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
high
86089GLSA-201508-01 : Adobe Flash Player: Multiple vulnerabilitiesNessusGentoo Local Security Checks
critical
8857Flash Player < 18.0.0.232 Multiple Vulnerabilities (APSB15-19)Nessus Network MonitorWeb Clients
critical
8848Adobe AIR < 18.0.0.199 Multiple Vulnerabilities (APSB15-19)Nessus Network MonitorWeb Clients
critical
85568Google Chrome < 44.0.2403.155 Multiple Vulnerabilities (Mac OS X)NessusMacOS X Local Security Checks
critical
85567Google Chrome < 44.0.2403.155 Multiple VulnerabilitiesNessusWindows
critical
85435openSUSE Security Update : flash-player (openSUSE-2015-546)NessusSuSE Local Security Checks
critical
85434openSUSE Security Update : flash-player (openSUSE-2015-545)NessusSuSE Local Security Checks
critical
85378SUSE SLED12 Security Update : flash-player (SUSE-SU-2015:1374-1)NessusSuSE Local Security Checks
critical
85377SUSE SLED11 Security Update : flash-player (SUSE-SU-2015:1373-1)NessusSuSE Local Security Checks
critical
85370FreeBSD : Adobe Flash Player -- critical vulnerabilities (f3778328-d288-4b39-86a4-65877331eaf7)NessusFreeBSD Local Security Checks
critical
85329MS KB3087916: Update for Vulnerabilities in Adobe Flash Player in Internet ExplorerNessusWindows
critical
85328Adobe Flash Player <= 18.0.0.209 Multiple Vulnerabilities (APSB15-19) (Mac OS X)NessusMacOS X Local Security Checks
critical
85327Adobe AIR for Mac <= 18.0.0.180 Multiple Vulnerabilities (APSB15-16)NessusMacOS X Local Security Checks
critical
85326Adobe Flash Player <= 18.0.0.209 Multiple Vulnerabilities (APSB15-19)NessusWindows
critical
85325Adobe AIR <= 18.0.0.180 Multiple Vulnerabilities (APSB15-19)NessusWindows
critical
8835Adobe AIR < 18.0.0.144 Multiple Vulnerabilities (APSB15-11)Nessus Network MonitorWeb Clients
high
8814Flash Player < 17.0.0.189 (inferred) Multiple Vulnerabilities (APSB15-06 through 11) Nessus Network MonitorWeb Clients
high
8813Flash Player < 13.0.0.292 / 18.0.0.160 Multiple Vulnerabilities (APSB15-11)Nessus Network MonitorWeb Clients
high
84315GLSA-201506-01 : Adobe Flash Player: Multiple vulnerabilitiesNessusGentoo Local Security Checks
critical
8783Google Chrome < 43.0.2357.124 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
high
84207SUSE SLED11 Security Update : flash-player (SUSE-SU-2015:1064-1)NessusSuSE Local Security Checks
critical
84162Adobe AIR for Mac <= 17.0.0.172 Multiple Vulnerabilities (APSB15-11)NessusMacOS X Local Security Checks
critical
84158Adobe AIR <= 17.0.0.172 Multiple Vulnerabilities (APSB15-11)NessusWindows
critical
84147SUSE SLED12 Security Update : flash-player (SUSE-SU-2015:1043-1)NessusSuSE Local Security Checks
critical
84135openSUSE Security Update : Adobe Flash Player (openSUSE-2015-412)NessusSuSE Local Security Checks
critical
84132FreeBSD : Adobe Flash Player -- critical vulnerabilities (1e63db88-1050-11e5-a4df-c485083ca99c)NessusFreeBSD Local Security Checks
critical
84111RHEL 5 / 6 : flash-plugin (RHSA-2015:1086)NessusRed Hat Local Security Checks
critical
84052MS KB3065820: Update for Vulnerabilities in Adobe Flash Player in Internet ExplorerNessusWindows
critical
84051Google Chrome < 43.0.2357.124 Multiple Vulnerabilities (Mac OS X)NessusMacOS X Local Security Checks
critical
84050Adobe Flash Player <= 17.0.0.188 Multiple Vulnerabilities (APSB15-11) (Mac OS X)NessusMacOS X Local Security Checks
critical
84049Google Chrome < 43.0.2357.124 Multiple VulnerabilitiesNessusWindows
critical
84048Adobe Flash Player <= 17.0.0.188 Multiple Vulnerabilities (APSB15-11)NessusWindows
critical