CVE-2015-8460

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR SDK before 20.0.0.233, and Adobe AIR SDK & Compiler before 20.0.0.233 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-8459, CVE-2015-8636, and CVE-2015-8645.

References

http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00045.html

http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00046.html

http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00047.html

http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00048.html

http://rhn.redhat.com/errata/RHSA-2015-2697.html

http://www.securityfocus.com/bid/79700

http://www.securitytracker.com/id/1034544

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722

https://helpx.adobe.com/security/products/flash-player/apsb16-01.html

https://security.gentoo.org/glsa/201601-03

Details

Source: MITRE

Published: 2015-12-28

Updated: 2017-02-17

Type: CWE-119

Risk Information

CVSS v2

Base Score: 9.3

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 8.6

Severity: HIGH

CVSS v3

Base Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 2.8

Severity: HIGH

Tenable Plugins

View all (14 total)

IDNameProductFamilySeverity
88392GLSA-201601-03 : Adobe Flash Player: Multiple vulnerabilitiesNessusGentoo Local Security Checks
critical
9045Google Chrome < 47.0.2526.106 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
high
9044Adobe AIR < 20.0.0.233 Multiple Vulnerabilities (APSB16-01)Nessus Network MonitorWeb Clients
critical
9041Flash Player < 20.0.0.267 Multiple Vulnerabilities (APSB16-01)Nessus Network MonitorWeb Clients
critical
87724SUSE SLED11 Security Update : flash-player (SUSE-SU-2015:2402-1)NessusSuSE Local Security Checks
critical
87723SUSE SLED12 Security Update : flash-player (SUSE-SU-2015:2401-1)NessusSuSE Local Security Checks
critical
87715openSUSE Security Update : flash-player (openSUSE-2015-975)NessusSuSE Local Security Checks
critical
87671MS KB3132372: Update for Vulnerabilities in Adobe Flash Player in Internet Explorer and Microsoft EdgeNessusWindows
critical
87665RHEL 5 / 6 : flash-plugin (RHSA-2015:2697)NessusRed Hat Local Security Checks
critical
87661FreeBSD : flash -- multiple vulnerabilities (84c7ea88-bf04-4bdc-973b-36744bf540ab)NessusFreeBSD Local Security Checks
critical
87659Adobe Flash Player for Mac <= 20.0.0.235 Multiple Vulnerabilities (APSB16-01)NessusMacOS X Local Security Checks
critical
87658Adobe AIR for Mac <= 20.0.0.204 Multiple Vulnerabilities (APSB16-01)NessusMacOS X Local Security Checks
critical
87657Adobe Flash Player <= 20.0.0.235 Multiple Vulnerabilities (APSB16-01)NessusWindows
critical
87656Adobe AIR <= 20.0.0.204 Multiple Vulnerabilities (APSB16-01)NessusWindows
critical