Vulnerability CVE-2015-3090


Published: 2015-05-13

Description:
Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188 on Windows and OS X and before 11.2.202.460 on Linux, Adobe AIR before 17.0.0.172, Adobe AIR SDK before 17.0.0.172, and Adobe AIR SDK & Compiler before 17.0.0.172 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-3078, CVE-2015-3089, and CVE-2015-3093.

See advisories in our WLB2 database:
Topic
Author
Date
High
Adobe Flash Player ShaderJob Buffer Overflow
Juan vazquez
20.06.2015

Type:

CWE-119

(Improper Restriction of Operations within the Bounds of a Memory Buffer)

Vendor: Adobe
Product: Flash player 
Version:
17.0.0.169
17.0.0.134
16.0.0.296
16.0.0.287
16.0.0.257
16.0.0.235
15.0.0.246
15.0.0.239
15.0.0.223
15.0.0.189
15.0.0.167
15.0.0.152
14.0.0.179
14.0.0.176
14.0.0.145
14.0.0.125
13.0.0.264
11.2.202.475
Product: Adobe air 
Version: 17.0.0.144;
Product: Air sdk 
Version: 17.0.0.144;
Product: Air sdk & compiler 
Version: 17.0.0.144;
Product: AIR 
Version: 17.0.0.144;
Product: Adobe air sdk 
Version: 17.0.0.144;

CVSS2 => (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
10/10
10/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete

 References:
http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00007.html
http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00010.html
http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00016.html
http://rhn.redhat.com/errata/RHSA-2015-1005.html
http://www.securityfocus.com/bid/74605
http://www.securitytracker.com/id/1032285
https://helpx.adobe.com/security/products/flash-player/apsb15-09.html
https://security.gentoo.org/glsa/201505-02

Related CVE
CVE-2018-15965
Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have a deserialization of untrusted data vulnerability. Successful exploitation could lead to arbitrary code execution.
CVE-2018-15964
Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have a use of a component with a known vulnerability vulnerability. Successful exploitation could lead to information disclosure.
CVE-2018-15963
Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have a security bypass vulnerability. Successful exploitation could lead to arbitrary folder creation.
CVE-2018-15962
Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have a directory listing vulnerability. Successful exploitation could lead to information disclosure.
CVE-2018-15961
Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have an unrestricted file upload vulnerability. Successful exploitation could lead to arbitrary code execution.
CVE-2018-15960
Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have a use of a component with a known vulnerability vulnerability. Successful exploitation could lead to arbitrary file overwrite.
CVE-2018-15959
Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have a deserialization of untrusted data vulnerability. Successful exploitation could lead to arbitrary code execution.
CVE-2018-15958
Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have a deserialization of untrusted data vulnerability. Successful exploitation could lead to arbitrary code execution.

Copyright 2018, cxsecurity.com

 

Back to Top