10

CVE-2015-0310

Warning

Adobe Flash Player before 13.0.0.262 and 14.x through 16.x before 16.0.0.287 on Windows and OS X and before 11.2.202.438 on Linux does not properly restrict discovery of memory addresses, which allows attackers to bypass the ASLR protection mechanism on Windows, and have an unspecified impact on other platforms, via unknown vectors, as exploited in the wild in January 2015.

Data is provided by the National Vulnerability Database (NVD)
AdobeFlash Player Version < 11.2.202.438
   LinuxLinux Kernel Version-
AdobeFlash Player Version < 13.0.0.262
   ApplemacOS X Version-
   MicrosoftWindows Version-
AdobeFlash Player Version >= 14.0 < 16.0.0.287
   ApplemacOS X Version-
   MicrosoftWindows Version-

25.05.2022: CISA Known Exploited Vulnerabilities (KEV) Catalog

Adobe Flash Player ASLR Bypass Vulnerability

Vulnerability

Adobe Flash Player does not properly restrict discovery of memory addresses, which allows attackers to bypass the address space layout randomization (ASLR) protection mechanism.

Description

The impacted product is end-of-life and should be disconnected if still in use.

Required actions
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 40.55% 0.972
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 10 10 10
AV:N/AC:L/Au:N/C:C/I:C/A:C
134c704f-9b21-4f2e-91b3-4a467353bcc0 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

http://www.securityfocus.com/bid/72261
Third Party Advisory
Broken Link
VDB Entry
http://www.securitytracker.com/id/1031609
Third Party Advisory
Broken Link
VDB Entry