Lucene search

AdobeCVE-2015-7660

HistoryNov 11, 2015 - 12:59 p.m.

CVE-2015-7660

2015-11-1112:59:58

adobe

web.nvd.nist.gov

cve-2015-7660

adobe flash player

use-after-free vulnerability

arbitrary code execution

adobe air

setmask arguments

security vulnerability

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

7.5

Confidence

Low

EPSS

0.906

Percentile

98.9%

JSON

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245 on Windows and OS X and before 11.2.202.548 on Linux, Adobe AIR before 19.0.0.241, Adobe AIR SDK before 19.0.0.241, and Adobe AIR SDK & Compiler before 19.0.0.241 allows attackers to execute arbitrary code via crafted setMask arguments, a different vulnerability than CVE-2015-7651, CVE-2015-7652, CVE-2015-7653, CVE-2015-7654, CVE-2015-7655, CVE-2015-7656, CVE-2015-7657, CVE-2015-7658, CVE-2015-7661, CVE-2015-7663, CVE-2015-8042, CVE-2015-8043, CVE-2015-8044, and CVE-2015-8046.

Affected configurations

Nvd

Node

adobeair_sdkRange≤19.0.0.213

adobeair_sdk_\&_compilerRange≤19.0.0.213

AND

appleiphone_os

applemac_os_xMatch-

googleandroid

microsoftwindowsMatch-

Node

adobeairRange≤19.0.0.213

AND

applemac_os_xMatch-

microsoftwindowsMatch-

Node

adobeflash_playerRange≤18.0.0.255

adobeflash_playerMatch19.0.0.185

adobeflash_playerMatch19.0.0.207

adobeflash_playerMatch19.0.0.226

AND

applemac_os_xMatch-

microsoftwindowsMatch-

Node

adobeflash_playerRange≤11.2.202.540

AND

linuxlinux_kernelMatch-

Node

adobeairRange≤19.0.0.190

AND

googleandroid

VendorProductVersionCPE
adobeair_sdk*cpe:2.3:a:adobe:air_sdk:*:*:*:*:*:*:*:*
adobeair_sdk_\&_compiler*cpe:2.3:a:adobe:air_sdk_\&_compiler:*:*:*:*:*:*:*:*
appleiphone_os*cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
applemac_os_x-cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*
googleandroid*cpe:2.3:o:google:android:*:*:*:*:*:*:*:*
microsoftwindows-cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
adobeair*cpe:2.3:a:adobe:air:*:*:*:*:*:*:*:*
adobeflash_player*cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*
adobeflash_player19.0.0.185cpe:2.3:a:adobe:flash_player:19.0.0.185:*:*:*:*:*:*:*
adobeflash_player19.0.0.207cpe:2.3:a:adobe:flash_player:19.0.0.207:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
adobe	air_sdk	*	cpe:2.3:a:adobe:air_sdk::::::::
adobe	air_sdk_\&_compiler	*	cpe:2.3:a:adobe:air_sdk_\&_compiler::::::::
apple	iphone_os	*	cpe:2.3:o:apple:iphone_os::::::::
apple	mac_os_x	-	cpe:2.3:o:apple:mac_os_x:-:::::::*
google	android	*	cpe:2.3:o:google:android::::::::
microsoft	windows	-	cpe:2.3:o:microsoft:windows:-:::::::*
adobe	air	*	cpe:2.3:a:adobe:air::::::::
adobe	flash_player	*	cpe:2.3:a:adobe:flash_player::::::::
adobe	flash_player	19.0.0.185	cpe:2.3:a:adobe:flash_player:19.0.0.185:::::::*
adobe	flash_player	19.0.0.207	cpe:2.3:a:adobe:flash_player:19.0.0.207:::::::*