10

CVE-2015-3113

Warning

Heap-based buffer overflow in Adobe Flash Player before 13.0.0.296 and 14.x through 18.x before 18.0.0.194 on Windows and OS X and before 11.2.202.468 on Linux allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in June 2015.

Data is provided by the National Vulnerability Database (NVD)
AdobeFlash Player Version < 13.0.0.296
   ApplemacOS X Version-
   MicrosoftWindows Version-
AdobeFlash Player Version >= 14.0.0.125 < 18.0.0.194
   ApplemacOS X Version-
   MicrosoftWindows Version-
AdobeFlash Player Version < 11.2.202.468
   LinuxLinux Kernel Version-
OpensuseEvergreen Version11.4
OpensuseOpensuse Version13.1
OpensuseOpensuse Version13.2
SuseLinux Enterprise Desktop Version12 Update-
HpInsight Orchestration Version < 7.5.0
HpSystem Management Homepage Version < 7.5.0
HpSystems Insight Manager Version < 7.5
HpVersion Control Agent Version < 7.5.0
RedhatEnterprise Linux Eus Version6.6

13.04.2022: CISA Known Exploited Vulnerabilities (KEV) Catalog

Adobe Flash Player Heap-Based Buffer Overflow Vulnerability

Vulnerability

Heap-based buffer overflow vulnerability in Adobe Flash Player allows remote attackers to execute code.

Description

The impacted product is end-of-life and should be disconnected if still in use.

Required actions
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 92.91% 0.998
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 10 10 10
AV:N/AC:L/Au:N/C:C/I:C/A:C
134c704f-9b21-4f2e-91b3-4a467353bcc0 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

http://www.securityfocus.com/bid/75371
Third Party Advisory
Broken Link
VDB Entry
http://www.securitytracker.com/id/1032696
Third Party Advisory
Broken Link
VDB Entry