CVE-2015-8823

EPSS 0.84%
Veröffentlicht 22.04.2016 18:59:00
Zuletzt bearbeitet 12.04.2025 10:46:40
Quelle psirt@adobe.com
Teams Watchlist Login
Unerledigt Login

Use-after-free vulnerability in the TextField object implementation in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allows attackers to execute arbitrary code via crafted text property, a different vulnerability than CVE-2015-8048, CVE-2015-8049, CVE-2015-8050, CVE-2015-8055, CVE-2015-8056, CVE-2015-8057, CVE-2015-8058, CVE-2015-8059, CVE-2015-8061, CVE-2015-8062, CVE-2015-8063, CVE-2015-8064, CVE-2015-8065, CVE-2015-8066, CVE-2015-8067, CVE-2015-8068, CVE-2015-8069, CVE-2015-8070, CVE-2015-8071, CVE-2015-8401, CVE-2015-8402, CVE-2015-8403, CVE-2015-8404, CVE-2015-8405, CVE-2015-8406, CVE-2015-8410, CVE-2015-8411, CVE-2015-8412, CVE-2015-8413, CVE-2015-8414, CVE-2015-8420, CVE-2015-8421, CVE-2015-8422, CVE-2015-8423, CVE-2015-8424, CVE-2015-8425, CVE-2015-8426, CVE-2015-8427, CVE-2015-8428, CVE-2015-8429, CVE-2015-8430, CVE-2015-8431, CVE-2015-8432, CVE-2015-8433, CVE-2015-8434, CVE-2015-8435, CVE-2015-8436, CVE-2015-8437, CVE-2015-8441, CVE-2015-8442, CVE-2015-8447, CVE-2015-8448, CVE-2015-8449, CVE-2015-8450, CVE-2015-8452, CVE-2015-8454, CVE-2015-8653, CVE-2015-8655, CVE-2015-8821, and CVE-2015-8822.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Adobe ≫ Flash Player SwPlatforminternet_explorer Version <= 19.0.0.245

Microsoft ≫ Windows 8.0
Microsoft ≫ Windows 8.1

Adobe ≫ Air Version <= 19.0.0.241

   Apple ≫ macOS X Version-
   Google ≫ Android Version-
   Microsoft ≫ Windows Version-

Adobe ≫ Flash Player SwEditionesr Version <= 18.0.0.261

Apple ≫ macOS X Version-
Microsoft ≫ Windows Version-

Adobe ≫ Flash Player SwPlatformchrome Version <= 19.0.0.245

   Apple ≫ macOS X Version-
   Google ≫ Chrome Os Version-
   Linux ≫ Linux Kernel Version-
   Microsoft ≫ Windows Version-

Adobe ≫ Flash Player Version <= 11.2.202.548

Linux ≫ Linux Kernel Version-

Adobe ≫ Flash Player SwPlatformedge Version <= 19.0.0.245

Microsoft ≫ Windows 10 Version-

Adobe ≫ Air Sdk Version <= 19.0.0.241

   Apple ≫ iPhone OS Version-
   Apple ≫ macOS X Version-
   Google ≫ Android Version-
   Microsoft ≫ Windows Version-

Adobe ≫ Flash Player Desktop Runtime Version <= 19.0.0.245

Apple ≫ macOS X Version-
Microsoft ≫ Windows Version-

Adobe ≫ Flash Player SwPlatforminternet_explorer Version <= 19.0.0.245

   Microsoft ≫ Windows 10
   Microsoft ≫ Windows 8.0 Version-
   Microsoft ≫ Windows 8.1 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.84%	0.738

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov	9.3	8.6	10	AV:N/AC:M/Au:N/C:C/I:C/A:C

CWE-416 Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

https://helpx.adobe.com/security/products/flash-player/apsb15-32.html

Patch

Vendor Advisory

http://www.zerodayinitiative.com/advisories/ZDI-15-665

Third Party Advisory

VDB Entry

https://nvd.nist.gov/vuln/detail/CVE-2015-8823

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2015-8823

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2015-8823

EUVD