Lucene search

[email protected]CVE-2015-0309

HistoryJan 13, 2015 - 11:59 p.m.

CVE-2015-0309

2015-01-1323:59:07

CWE-119

[email protected]

web.nvd.nist.gov

cve-2015-0309

adobe flash player

buffer overflow

security vulnerability

arbitrary code execution

nvd

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

7.8

Confidence

Low

EPSS

0.173

Percentile

96.1%

JSON

Heap-based buffer overflow in Adobe Flash Player before 13.0.0.260 and 14.x through 16.x before 16.0.0.257 on Windows and OS X and before 11.2.202.429 on Linux, Adobe AIR before 16.0.0.245 on Windows and OS X and before 16.0.0.272 on Android, Adobe AIR SDK before 16.0.0.272, and Adobe AIR SDK & Compiler before 16.0.0.272 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-0304.

Affected configurations

NVD

Node

adobeadobe_airRange≤15.0.0.356android

Node

adobeadobe_air_sdk_and_compilerRange≤15.0.0.356

Node

adobeflash_playerRange≤13.0.0.259

adobeflash_playerMatch14.0.0.125

adobeflash_playerMatch14.0.0.145

adobeflash_playerMatch14.0.0.176

adobeflash_playerMatch14.0.0.179

adobeflash_playerMatch15.0.0.144

adobeflash_playerMatch15.0.0.152

adobeflash_playerMatch15.0.0.167

adobeflash_playerMatch15.0.0.189

adobeflash_playerMatch15.0.0.223

adobeflash_playerMatch15.0.0.238

adobeflash_playerMatch15.0.0.239

adobeflash_playerMatch15.0.0.246

adobeflash_playerMatch16.0.0.234

adobeflash_playerMatch16.0.0.235

AND

applemac_os_x

microsoftwindows

Node

adobeflash_playerMatch11.2.202.425

AND

linuxlinux_kernel

Node

adobeadobe_airRange≤15.0.0.356

AND

applemac_os_x

microsoftwindows

Node

adobeadobe_air_sdkRange≤15.0.0.356

VendorProductVersionCPE
adobeadobe_aircpe:/a:adobe:adobe_air::::

Vendor	Product	Version	CPE
adobe	adobe_air		cpe:/a:adobe:adobe_air::::

References

helpx.adobe.com/security/products/flash-player/apsb15-01.html

secunia.com/advisories/62177

secunia.com/advisories/62187

secunia.com/advisories/62252

secunia.com/advisories/62371

secunia.com/advisories/62740

security.gentoo.org/glsa/glsa-201502-02.xml

www.securityfocus.com/bid/72038

www.securitytracker.com/id/1031525

exchange.xforce.ibmcloud.com/vulnerabilities/99986

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

7.8

Confidence

Low

EPSS

0.173

Percentile

96.1%

JSON

Related for CVE-2015-0309

nvd2 ubuntucve2 cvelist2 cve1 prion2 checkpoint_advisories2 nessus15 suse5 archlinux2 redhat1 openvas9 securityvulns1 kaspersky1 freebsd1 mageia1 gentoo1