Vulnerability CVE-2015-0311
Published: 2015-01-23   Modified: 2015-01-24

Description:
Unspecified vulnerability in Adobe Flash Player through 13.0.0.262 and 14.x, 15.x, and 16.x through 16.0.0.287 on Windows and OS X and through 11.2.202.438 on Linux allows remote attackers to execute arbitrary code via unknown vectors, as exploited in the wild in January 2015.

See advisories in our WLB2 database:
Topic
Author
Date
High
Adobe Flash Player ByteArray UncompressViaZlibVariant Use After Free
Juan vazquez
12.03.2015

Type:

CWE-noinfo

CVSS2 => (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
10/10
10/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
Adobe -> Flash player 

 References:
http://helpx.adobe.com/security/products/flash-player/apsa15-01.html
https://technet.microsoft.com/library/security/2755801
http://www.securitytracker.com/id/1031597
http://www.securityfocus.com/bid/72283
http://security.gentoo.org/glsa/glsa-201502-02.xml
http://malware.dontneedcoffee.com/2015/01/unpatched-vulnerability-0day-in-flash.html
http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00031.html
http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00027.html
http://helpx.adobe.com/security/products/flash-player/apsb15-03.html
Copyright 2024, cxsecurity.com

 

Back to Top