CVE-2015-8439HIGH
New! CVE Severity Now Using CVSS v3
The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.
Description
The SharedObject object implementation in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allows attackers to execute arbitrary code by leveraging an unspecified "type confusion" during a getRemote call, a different vulnerability than CVE-2015-8456.
References
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00007.html
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00008.html
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00012.html
http://www.securityfocus.com/bid/78714
http://www.securitytracker.com/id/1034318
http://zerodayinitiative.com/advisories/ZDI-15-606
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722
https://helpx.adobe.com/security/products/flash-player/apsb15-32.html
Details
Source: MITRE
Published: 2015-12-10
Updated: 2017-02-17
Type: NVD-CWE-Other
Risk Information
CVSS v2
Base Score: 9.3
Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Impact Score: 10
Exploitability Score: 8.6
Severity: HIGH
Vulnerable Software
Configuration 1
AND
OR
OR
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
Configuration 2
AND
OR
OR
Configuration 3
AND
OR
cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:19.0.0.185:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:19.0.0.207:*:*:*:*:*:*:*
OR
Configuration 4
AND
OR
OR
Tenable Plugins
| ID | Name | Product | Family | Severity |
|---|---|---|---|---|
| 88392 | GLSA-201601-03 : Adobe Flash Player: Multiple vulnerabilities | Nessus | Gentoo Local Security Checks | critical |
| 9043 | Adobe AIR < 20.0.0.204 Multiple Vulnerabilities (APSB15-32) | Nessus Network Monitor | Web Clients | critical |
| 9040 | Flash Player < 20.0.0.228 Multiple Vulnerabilities (APSB15-32) | Nessus Network Monitor | Web Clients | critical |
| 87714 | openSUSE Security Update : flash-player (openSUSE-2015-882) | Nessus | SuSE Local Security Checks | critical |
| 9034 | Google Chrome < 47.0.2526.80 Multiple Vulnerabilities | Nessus Network Monitor | Web Clients | high |
| 87319 | SUSE SLED12 Security Update : flash-player (SUSE-SU-2015:2247-1) | Nessus | SuSE Local Security Checks | critical |
| 87317 | SUSE SLED11 Security Update : flash-player (SUSE-SU-2015:2236-1) | Nessus | SuSE Local Security Checks | critical |
| 87304 | RHEL 5 / 6 : flash-plugin (RHSA-2015:2593) | Nessus | Red Hat Local Security Checks | high |
| 87270 | FreeBSD : flash -- multiple vulnerabilities (c8842a84-9ddd-11e5-8c2f-c485083ca99c) | Nessus | FreeBSD Local Security Checks | critical |
| 87249 | MS KB3119147: Update for Vulnerabilities in Adobe Flash Player in Internet Explorer and Microsoft Edge | Nessus | Windows | critical |
| 87248 | Google Chrome < 47.0.2526.80 Multiple Vulnerabilities (Mac OS X) | Nessus | MacOS X Local Security Checks | critical |
| 87247 | Adobe Flash Player for Mac <= 19.0.0.245 Multiple Vulnerabilities (APSB15-32) | Nessus | MacOS X Local Security Checks | critical |
| 87246 | Adobe AIR for Mac <= 19.0.0.241 Multiple Vulnerabilities (APSB15-32) | Nessus | MacOS X Local Security Checks | critical |
| 87245 | Google Chrome < 47.0.2526.80 Multiple Vulnerabilities | Nessus | Windows | critical |
| 87244 | Adobe Flash Player <= 19.0.0.245 Multiple Vulnerabilities (APSB15-32) | Nessus | Windows | critical |
| 87243 | Adobe AIR <= 19.0.0.241 Multiple Vulnerabilities (APSB15-32) | Nessus | Windows | critical |