CVE-2015-0309

EPSS 9.72%
Published 13.01.2015 23:59:07
Last modified 12.04.2025 10:46:40
Source psirt@adobe.com
Teams watchlist Login
Open Login

Heap-based buffer overflow in Adobe Flash Player before 13.0.0.260 and 14.x through 16.x before 16.0.0.257 on Windows and OS X and before 11.2.202.429 on Linux, Adobe AIR before 16.0.0.245 on Windows and OS X and before 16.0.0.272 on Android, Adobe AIR SDK before 16.0.0.272, and Adobe AIR SDK & Compiler before 16.0.0.272 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-0304.

Affected products Warnungen 0 Metrics 2 CWE 1 References 13

Data is provided by the National Vulnerability Database (NVD)

Adobe ≫ Adobe Air SwPlatformandroid Version <= 15.0.0.356

Adobe ≫ Adobe Air Sdk And Compiler Version <= 15.0.0.356

Adobe ≫ Flash Player Version <= 13.0.0.259

Apple ≫ macOS X
Microsoft ≫ Windows

Adobe ≫ Flash Player Version14.0.0.125

Apple ≫ macOS X
Microsoft ≫ Windows

Adobe ≫ Flash Player Version14.0.0.145

Apple ≫ macOS X
Microsoft ≫ Windows

Adobe ≫ Flash Player Version14.0.0.176

Apple ≫ macOS X
Microsoft ≫ Windows

Adobe ≫ Flash Player Version14.0.0.179

Apple ≫ macOS X
Microsoft ≫ Windows

Adobe ≫ Flash Player Version15.0.0.144

Apple ≫ macOS X
Microsoft ≫ Windows

Adobe ≫ Flash Player Version15.0.0.152

Apple ≫ macOS X
Microsoft ≫ Windows

Adobe ≫ Flash Player Version15.0.0.167

Apple ≫ macOS X
Microsoft ≫ Windows

Adobe ≫ Flash Player Version15.0.0.189

Apple ≫ macOS X
Microsoft ≫ Windows

Adobe ≫ Flash Player Version15.0.0.223

Apple ≫ macOS X
Microsoft ≫ Windows

Adobe ≫ Flash Player Version15.0.0.238

Apple ≫ macOS X
Microsoft ≫ Windows

Adobe ≫ Flash Player Version15.0.0.239

Apple ≫ macOS X
Microsoft ≫ Windows

Adobe ≫ Flash Player Version15.0.0.246

Apple ≫ macOS X
Microsoft ≫ Windows

Adobe ≫ Flash Player Version16.0.0.234

Apple ≫ macOS X
Microsoft ≫ Windows

Adobe ≫ Flash Player Version16.0.0.235

Apple ≫ macOS X
Microsoft ≫ Windows

Adobe ≫ Flash Player Version11.2.202.425

Linux ≫ Linux Kernel

Adobe ≫ Adobe Air Version <= 15.0.0.356

Apple ≫ macOS X
Microsoft ≫ Windows

Adobe ≫ Adobe Air Sdk Version <= 15.0.0.356

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	9.72%	0.927

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	10	10	10	AV:N/AC:L/Au:N/C:C/I:C/A:C

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

http://helpx.adobe.com/security/products/flash-player/apsb15-01.html

Patch

Vendor Advisory

http://secunia.com/advisories/62177

http://secunia.com/advisories/62187

http://secunia.com/advisories/62252

http://secunia.com/advisories/62371

http://secunia.com/advisories/62740

http://security.gentoo.org/glsa/glsa-201502-02.xml

http://www.securitytracker.com/id/1031525

http://www.securityfocus.com/bid/72038

https://exchange.xforce.ibmcloud.com/vulnerabilities/99986

https://nvd.nist.gov/vuln/detail/CVE-2015-0309

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2015-0309

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2015-0309

EUVD