CVE-2015-8658

HIGH

Description

Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allow attackers to execute arbitrary code or cause a denial of service (uninitialized pointer dereference and memory corruption) via crafted MPEG-4 data, a different vulnerability than CVE-2015-8045, CVE-2015-8047, CVE-2015-8060, CVE-2015-8408, CVE-2015-8416, CVE-2015-8417, CVE-2015-8418, CVE-2015-8419, CVE-2015-8443, CVE-2015-8444, CVE-2015-8451, CVE-2015-8455, CVE-2015-8652, CVE-2015-8654, CVE-2015-8656, CVE-2015-8657, and CVE-2015-8820.

References

http://www.securityfocus.com/bid/84160

http://www.zerodayinitiative.com/advisories/ZDI-15-662

https://helpx.adobe.com/security/products/flash-player/apsb15-32.html

Details

Source: MITRE

Published: 2016-03-04

Updated: 2016-11-28

Type: CWE-119

Risk Information

CVSS v2.0

Base Score: 9.3

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 8.6

Severity: HIGH

CVSS v3.0

Base Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 2.8

Severity: HIGH

Tenable Plugins

View all (8 total)

IDNameProductFamilySeverity
9043Adobe AIR < 20.0.0.204 Multiple Vulnerabilities (APSB15-32)Nessus Network MonitorWeb Clients
high
9040Flash Player < 20.0.0.228 Multiple Vulnerabilities (APSB15-32)Nessus Network MonitorWeb Clients
high
9034Google Chrome < 47.0.2526.80 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
high
87304RHEL 5 / 6 : flash-plugin (RHSA-2015:2593)NessusRed Hat Local Security Checks
critical
87247Adobe Flash Player for Mac <= 19.0.0.245 Multiple Vulnerabilities (APSB15-32)NessusMacOS X Local Security Checks
critical
87246Adobe AIR for Mac <= 19.0.0.241 Multiple Vulnerabilities (APSB15-32)NessusMacOS X Local Security Checks
critical
87244Adobe Flash Player <= 19.0.0.245 Multiple Vulnerabilities (APSB15-32)NessusWindows
critical
87243Adobe AIR <= 19.0.0.241 Multiple Vulnerabilities (APSB15-32)NessusWindows
critical