CVE-2015-8651

Warning

EPSS 89.78%
Published 28.12.2015 23:59:19
Last modified 12.04.2025 10:46:40
Source psirt@adobe.com
Teams watchlist Login
Open Login

Integer overflow in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR SDK before 20.0.0.233, and Adobe AIR SDK & Compiler before 20.0.0.233 allows attackers to execute arbitrary code via unspecified vectors.

Affected products Warnungen 1 Metrics 4 CWE 1 References 15

Data is provided by the National Vulnerability Database (NVD)

Adobe ≫ Air Sdk Version < 20.0.0.233

   Apple ≫ iPhone OS
   Apple ≫ macOS X
   Google ≫ Android
   Microsoft ≫ Windows

Adobe ≫ Flash Player Version < 11.2.202.559

Linux ≫ Linux Kernel

Adobe ≫ Air Version < 20.0.0.233

   Apple ≫ macOS X
   Google ≫ Android
   Microsoft ≫ Windows

Adobe ≫ Flash Player Version < 18.0.0.324

Apple ≫ macOS X
Microsoft ≫ Windows

Adobe ≫ Flash Player Version >= 19.0.0.185 < 20.0.0.267

Apple ≫ macOS X
Microsoft ≫ Windows

Redhat ≫ Enterprise Linux Desktop Version5.0

Redhat ≫ Enterprise Linux Desktop Version6.0

Redhat ≫ Enterprise Linux Server Version5.0

Redhat ≫ Enterprise Linux Server Version6.0

Redhat ≫ Enterprise Linux Workstation Version5.0

Redhat ≫ Enterprise Linux Workstation Version6.0

Opensuse ≫ Evergreen Version11.4

Opensuse ≫ Opensuse Version13.1

Opensuse ≫ Opensuse Version13.2

Suse ≫ Linux Enterprise Desktop Version11 Updatesp3

Suse ≫ Linux Enterprise Desktop Version11 Updatesp4

Suse ≫ Linux Enterprise Desktop Version12 Update-

Suse ≫ Linux Enterprise Desktop Version12 Updatesp1

Suse ≫ Linux Enterprise Workstation Extension Version12 Update-

Suse ≫ Linux Enterprise Workstation Extension Version12 Updatesp1

Hp ≫ Insight Control Version < 7.6

Hp ≫ Insight Control Server Provisioning Version < 7.6

Hp ≫ Matrix Operating Environment Version7.6

Hp ≫ System Management Homepage Version < 7.6

Hp ≫ Systems Insight Manager Version < 7.6

Hp ≫ Version Control Repository Manager Version < 7.6

25.05.2022: CISA Known Exploited Vulnerabilities (KEV) Catalog

Adobe Flash Player Integer Overflow Vulnerability

Vulnerability

Integer overflow in Adobe Flash Player allows attackers to execute code.

Description

The impacted product is end-of-life and should be disconnected if still in use.

Required actions

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	89.78%	0.995

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov	9.3	8.6	10	AV:N/AC:M/Au:N/C:C/I:C/A:C
134c704f-9b21-4f2e-91b3-4a467353bcc0	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE-190 Integer Overflow or Wraparound

The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680

Third Party Advisory

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722

Third Party Advisory

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388

Third Party Advisory

https://security.gentoo.org/glsa/201601-03

Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00045.html

Third Party Advisory

Mailing List

http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00046.html