CVE-2015-3043

Warning

Exploit

EPSS 86.51%
Published 14.04.2015 22:59:21
Last modified 12.04.2025 10:46:40
Source psirt@adobe.com
Teams watchlist Login
Open Login

Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, as exploited in the wild in April 2015, a different vulnerability than CVE-2015-0347, CVE-2015-0350, CVE-2015-0352, CVE-2015-0353, CVE-2015-0354, CVE-2015-0355, CVE-2015-0360, CVE-2015-3038, CVE-2015-3041, and CVE-2015-3042.

Affected products Warnungen 1 Metrics 4 CWE 1 References 13

Data is provided by the National Vulnerability Database (NVD)

Adobe ≫ Flash Player Version < 11.2.202.457

Linux ≫ Linux Kernel Version-

Adobe ≫ Flash Player Version < 13.0.0.281

Apple ≫ macOS X Version-
Microsoft ≫ Windows Version-

Adobe ≫ Flash Player Version >= 14.0.0.125 < 17.0.0.169

Apple ≫ macOS X Version-
Microsoft ≫ Windows Version-

Novell ≫ Suse Linux Enterprise Desktop Version11.0 Updatesp3

Novell ≫ Suse Linux Enterprise Desktop Version12.0

Novell ≫ Suse Linux Enterprise Workstation Extension Version12.0

Opensuse ≫ Evergreen Version11.4

Opensuse ≫ Opensuse Version13.1

Opensuse ≫ Opensuse Version13.2

Redhat ≫ Enterprise Linux Desktop Version5.0

Redhat ≫ Enterprise Linux Desktop Version6.0

Redhat ≫ Enterprise Linux Eus Version6.6

Redhat ≫ Enterprise Linux Server Version5.0

Redhat ≫ Enterprise Linux Server Version6.0

Redhat ≫ Enterprise Linux Server Aus Version6.6

Redhat ≫ Enterprise Linux Server From Rhui Version5.0

Redhat ≫ Enterprise Linux Server From Rhui Version6.0

Redhat ≫ Enterprise Linux Workstation Version5.0

Redhat ≫ Enterprise Linux Workstation Version6.0

03.03.2022: CISA Known Exploited Vulnerabilities (KEV) Catalog

Adobe Flash Player Memory Corruption Vulnerability

Vulnerability

A memory corruption vulnerability exists in Adobe Flash Player that allows an attacker to perform remote code execution.

Description

The impacted product is end-of-life and should be disconnected if still in use.

Required actions

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	86.51%	0.994

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	10	10	10	AV:N/AC:L/Au:N/C:C/I:C/A:C
134c704f-9b21-4f2e-91b3-4a467353bcc0	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H