CVE-2015-0303

2015-01-1323:59:00

NVD-CWE-noinfo

[email protected]

web.nvd.nist.gov

adobe flash player

adobe air

arbitrary code execution

denial of service

cve-2015-0303

7.5 High

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.026 Low

EPSS

Percentile

90.1%

JSON

Adobe Flash Player before 13.0.0.260 and 14.x through 16.x before 16.0.0.257 on Windows and OS X and before 11.2.202.429 on Linux, Adobe AIR before 16.0.0.245 on Windows and OS X and before 16.0.0.272 on Android, Adobe AIR SDK before 16.0.0.272, and Adobe AIR SDK & Compiler before 16.0.0.272 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-0306.

CPENameOperatorVersion
adobe:adobe_airadobe adobe airle15.0.0.356
adobe:adobe_air_sdkadobe adobe air sdkle15.0.0.356
adobe:flash_playeradobe flash playereq11.2.202.425
adobe:flash_playeradobe flash playerle13.0.0.259
adobe:flash_playeradobe flash playereq14.0.0.125
adobe:flash_playeradobe flash playereq14.0.0.145
adobe:flash_playeradobe flash playereq14.0.0.176
adobe:flash_playeradobe flash playereq14.0.0.179
adobe:flash_playeradobe flash playereq15.0.0.144
adobe:flash_playeradobe flash playereq15.0.0.152

CPE	Name	Operator	Version
adobe:adobe_air	adobe adobe air	le	15.0.0.356
adobe:adobe_air_sdk	adobe adobe air sdk	le	15.0.0.356
adobe:flash_player	adobe flash player	eq	11.2.202.425
adobe:flash_player	adobe flash player	le	13.0.0.259
adobe:flash_player	adobe flash player	eq	14.0.0.125
adobe:flash_player	adobe flash player	eq	14.0.0.145
adobe:flash_player	adobe flash player	eq	14.0.0.176
adobe:flash_player	adobe flash player	eq	14.0.0.179
adobe:flash_player	adobe flash player	eq	15.0.0.144
adobe:flash_player	adobe flash player	eq	15.0.0.152