Vulnerability CVE-2015-3091


Published: 2015-05-13

Description:
Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188 on Windows and OS X and before 11.2.202.460 on Linux, Adobe AIR before 17.0.0.172, Adobe AIR SDK before 17.0.0.172, and Adobe AIR SDK & Compiler before 17.0.0.172 do not properly restrict discovery of memory addresses, which allows attackers to bypass the ASLR protection mechanism via unspecified vectors, a different vulnerability than CVE-2015-3092.

Vendor: Adobe
Product: Flash player 
Version:
17.0.0.169
17.0.0.134
16.0.0.296
16.0.0.287
16.0.0.257
16.0.0.235
15.0.0.246
15.0.0.239
15.0.0.223
15.0.0.189
15.0.0.167
15.0.0.152
14.0.0.179
14.0.0.176
14.0.0.145
14.0.0.125
13.0.0.264
11.2.202.475
Product: Adobe air 
Version: 17.0.0.144;
Product: Air sdk 
Version: 17.0.0.144;
Product: Air sdk & compiler 
Version: 17.0.0.144;
Product: AIR 
Version: 17.0.0.144;
Product: Adobe air sdk 
Version: 17.0.0.144;

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:N/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5/10
2.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
None
None

 References:
http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00007.html
http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00010.html
http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00016.html
http://rhn.redhat.com/errata/RHSA-2015-1005.html
http://www.securityfocus.com/bid/74617
http://www.securitytracker.com/id/1032285
https://helpx.adobe.com/security/products/flash-player/apsb15-09.html
https://security.gentoo.org/glsa/201505-02

Related CVE
CVE-2019-8076
Adobe application manager installer version 10.0 have an Insecure Library Loading (DLL hijacking) vulnerability. Successful exploitation could lead to Arbitrary Code Execution in the context of the current user.
CVE-2019-8070
Adobe Flash Player 32.0.0.238 and earlier versions, 32.0.0.207 and earlier versions have a Use after free vulnerability. Successful exploitation could lead to Arbitrary Code Execution in the context of the current user.
CVE-2019-8069
Adobe Flash Player 32.0.0.238 and earlier versions, 32.0.0.207 and earlier versions have a Same Origin Method Execution vulnerability. Successful exploitation could lead to Arbitrary Code Execution in the context of the current user.
CVE-2019-8001
Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have an out of bound write vulnerability. Successful exploitation could lead to arbitrary code execution.
CVE-2019-8000
Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have an out of bound read vulnerability. Successful exploitation could lead to memory leak.
CVE-2019-7999
Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have an out of bound read vulnerability. Successful exploitation could lead to memory leak.
CVE-2019-7998
Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have an out of bound write vulnerability. Successful exploitation could lead to arbitrary code execution.
CVE-2019-7997
Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have an out of bound write vulnerability. Successful exploitation could lead to arbitrary code execution.

Copyright 2019, cxsecurity.com

 

Back to Top