CVE-2015-8643
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
95.5%
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR SDK before 20.0.0.233, and Adobe AIR SDK & Compiler before 20.0.0.233 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-8634, CVE-2015-8635, CVE-2015-8638, CVE-2015-8639, CVE-2015-8640, CVE-2015-8641, CVE-2015-8642, CVE-2015-8646, CVE-2015-8647, CVE-2015-8648, CVE-2015-8649, and CVE-2015-8650.
Affected configurations
| Vendor | Product | Version | CPE |
|---|---|---|---|
| adobe | flash_player | * | cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:* |
| adobe | flash_player | 19.0.0.185 | cpe:2.3:a:adobe:flash_player:19.0.0.185:*:*:*:*:*:*:* |
| adobe | flash_player | 19.0.0.207 | cpe:2.3:a:adobe:flash_player:19.0.0.207:*:*:*:*:*:*:* |
| adobe | flash_player | 19.0.0.226 | cpe:2.3:a:adobe:flash_player:19.0.0.226:*:*:*:*:*:*:* |
| adobe | flash_player | 19.0.0.245 | cpe:2.3:a:adobe:flash_player:19.0.0.245:*:*:*:*:*:*:* |
| adobe | flash_player | 20.0.0.228 | cpe:2.3:a:adobe:flash_player:20.0.0.228:*:*:*:*:*:*:* |
| adobe | flash_player | 20.0.0.235 | cpe:2.3:a:adobe:flash_player:20.0.0.235:*:*:*:*:*:*:* |
| apple | mac_os_x | * | cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:* |
| microsoft | windows | * | cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:* |
| linux | linux_kernel | * | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* |
References
lists.opensuse.org/opensuse-security-announce/2015-12/msg00045.html
lists.opensuse.org/opensuse-security-announce/2015-12/msg00046.html
lists.opensuse.org/opensuse-security-announce/2015-12/msg00047.html
lists.opensuse.org/opensuse-security-announce/2015-12/msg00048.html
rhn.redhat.com/errata/RHSA-2015-2697.html
www.securityfocus.com/bid/79701
www.securitytracker.com/id/1034544
h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388
h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680
h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722
helpx.adobe.com/security/products/flash-player/apsb16-01.html
security.gentoo.org/glsa/201601-03
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
95.5%