CVE-2015-5565HIGH
New! CVE Severity Now Using CVSS v3
The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.
Description
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linux, Adobe AIR before 18.0.0.199, Adobe AIR SDK before 18.0.0.199, and Adobe AIR SDK & Compiler before 18.0.0.199 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-5127, CVE-2015-5130, CVE-2015-5134, CVE-2015-5539, CVE-2015-5540, CVE-2015-5550, CVE-2015-5551, CVE-2015-5556, CVE-2015-5557, CVE-2015-5559, CVE-2015-5561, CVE-2015-5563, and CVE-2015-5564.
References
http://rhn.redhat.com/errata/RHSA-2015-1603.html
http://www.securityfocus.com/bid/76288
http://www.securitytracker.com/id/1033235
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722
https://helpx.adobe.com/security/products/flash-player/apsb15-19.html
Details
Source: MITRE
Published: 2015-08-14
Updated: 2018-01-05
Type: NVD-CWE-Other
Risk Information
CVSS v2
Base Score: 10
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Impact Score: 10
Exploitability Score: 10
Severity: HIGH
Vulnerable Software
Configuration 1
OR
cpe:2.3:a:adobe:air:*:*:*:*:*:*:*:* versions up to 18.0.0.180 (inclusive)
cpe:2.3:a:adobe:air_sdk:*:*:*:*:*:*:*:* versions up to 18.0.0.180 (inclusive)
cpe:2.3:a:adobe:air_sdk_\&_compiler:*:*:*:*:*:*:*:* versions up to 18.0.0.180 (inclusive)
Configuration 2
AND
OR
OR
Configuration 3
AND
OR
OR
Tenable Plugins
| ID | Name | Product | Family | Severity |
|---|---|---|---|---|
| 8885 | Google Chrome OS < 44.0.2403.155 Multiple Vulnerabilities | Nessus Network Monitor | Mobile Devices | critical |
| 8883 | Google Chrome < 44.0.2403.155 Multiple Vulnerabilities | Nessus Network Monitor | Web Clients | high |
| 8857 | Flash Player < 18.0.0.232 Multiple Vulnerabilities (APSB15-19) | Nessus Network Monitor | Web Clients | critical |
| 8848 | Adobe AIR < 18.0.0.199 Multiple Vulnerabilities (APSB15-19) | Nessus Network Monitor | Web Clients | critical |
| 85568 | Google Chrome < 44.0.2403.155 Multiple Vulnerabilities (Mac OS X) | Nessus | MacOS X Local Security Checks | critical |
| 85567 | Google Chrome < 44.0.2403.155 Multiple Vulnerabilities | Nessus | Windows | critical |
| 85372 | RHEL 5 / 6 : flash-plugin (RHSA-2015:1603) | Nessus | Red Hat Local Security Checks | critical |
| 85329 | MS KB3087916: Update for Vulnerabilities in Adobe Flash Player in Internet Explorer | Nessus | Windows | critical |
| 85328 | Adobe Flash Player <= 18.0.0.209 Multiple Vulnerabilities (APSB15-19) (Mac OS X) | Nessus | MacOS X Local Security Checks | critical |
| 85327 | Adobe AIR for Mac <= 18.0.0.180 Multiple Vulnerabilities (APSB15-16) | Nessus | MacOS X Local Security Checks | critical |
| 85326 | Adobe Flash Player <= 18.0.0.209 Multiple Vulnerabilities (APSB15-19) | Nessus | Windows | critical |
| 85325 | Adobe AIR <= 18.0.0.180 Multiple Vulnerabilities (APSB15-19) | Nessus | Windows | critical |