Lucene search

[email protected]CVE-2015-3113

HistoryJun 23, 2015 - 9:59 p.m.

CVE-2015-3113

2015-06-2321:59:01

CWE-787

[email protected]

web.nvd.nist.gov

879

In Wild

cve-2015-3113

buffer overflow

adobe flash player

remote code execution

nvd

security vulnerability

exploit

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

8.2 High

AI Score

Confidence

Low

0.535 Medium

EPSS

Percentile

97.6%

JSON

Heap-based buffer overflow in Adobe Flash Player before 13.0.0.296 and 14.x through 18.x before 18.0.0.194 on Windows and OS X and before 11.2.202.468 on Linux allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in June 2015.

Affected configurations

NVD

Node

adobeflash_playerRange<13.0.0.296

adobeflash_playerRange14.0.0.125–18.0.0.194

AND

applemac_os_xMatch-

microsoftwindowsMatch-

Node

adobeflash_playerRange<11.2.202.468

AND

linuxlinux_kernelMatch-

Node

opensuseevergreenMatch11.4

opensuseopensuseMatch13.1

opensuseopensuseMatch13.2

suselinux_enterprise_desktopMatch12-

suselinux_enterprise_workstation_extensionMatch12-

Node

hpinsight_orchestrationRange<7.5.0

hpsystem_management_homepageRange<7.5.0

hpsystems_insight_managerRange<7.5

hpversion_control_agentRange<7.5.0

hpversion_control_repository_managerRange<7.5.0

hpversion_control_repository_managerMatch7.6

hpvirtual_connect_enterprise_managerRange<7.5.0

Node

redhatenterprise_linux_desktopMatch6.0

redhatenterprise_linux_eusMatch6.6

redhatenterprise_linux_serverMatch6.0

redhatenterprise_linux_workstationMatch6.0

CPENameOperatorVersion
adobe:flash_playeradobe flash playerlt13.0.0.296
adobe:flash_playeradobe flash playerlt18.0.0.194

CPE	Name	Operator	Version
adobe:flash_player	adobe flash player	lt	13.0.0.296
adobe:flash_player	adobe flash player	lt	18.0.0.194

References

lists.opensuse.org/opensuse-security-announce/2015-06/msg00020.html

lists.opensuse.org/opensuse-security-announce/2015-06/msg00025.html

lists.opensuse.org/opensuse-security-announce/2015-07/msg00002.html

marc.info/?l=bugtraq&m=144050155601375&w=2

rhn.redhat.com/errata/RHSA-2015-1184.html

www.securityfocus.com/bid/75371

www.securitytracker.com/id/1032696

bugzilla.redhat.com/show_bug.cgi?id=1235036

bugzilla.suse.com/show_bug.cgi?id=935701

h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04952467

helpx.adobe.com/security/products/flash-player/apsb15-14.html

security.gentoo.org/glsa/201507-13

www.suse.com/security/cve/CVE-2015-3113.html

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

8.2 High

AI Score

Confidence

Low

0.535 Medium

EPSS

Percentile

97.6%

JSON

CVE-2015-3113

Affected configurations

References

Related