CVE-2015-3102

2015-06-1001:59:00

CWE-200

[email protected]

web.nvd.nist.gov

cve-2015-3102

adobe flash player

same origin policy

remote attackers

security vulnerability

nvd

os x

windows

linux

6.4 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.005 Low

EPSS

Percentile

75.9%

JSON

Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160 on Windows and OS X and before 11.2.202.466 on Linux, Adobe AIR before 18.0.0.144 on Windows and before 18.0.0.143 on OS X and Android, Adobe AIR SDK before 18.0.0.144 on Windows and before 18.0.0.143 on OS X, and Adobe AIR SDK & Compiler before 18.0.0.144 on Windows and before 18.0.0.143 on OS X allow remote attackers to bypass the Same Origin Policy via unspecified vectors, a different vulnerability than CVE-2015-3098 and CVE-2015-3099.

CPENameOperatorVersion
adobe:airadobe airle17.0.0.144
google:androidgoogle androideq*
adobe:airadobe airle17.0.0.172
adobe:air_sdkadobe air sdkle17.0.0.172
adobe:air_sdk_\&_compileradobe air sdk \& compilerle17.0.0.172
adobe:flash_playeradobe flash playerle11.2.202.460
adobe:flash_playeradobe flash playerle13.0.0.289
adobe:flash_playeradobe flash playereq14.0.0.125
adobe:flash_playeradobe flash playereq14.0.0.145
adobe:flash_playeradobe flash playereq14.0.0.176

CPE	Name	Operator	Version
adobe:air	adobe air	le	17.0.0.144
google:android	google android	eq	*
adobe:air	adobe air	le	17.0.0.172
adobe:air_sdk	adobe air sdk	le	17.0.0.172
adobe:air_sdk_\&_compiler	adobe air sdk \& compiler	le	17.0.0.172
adobe:flash_player	adobe flash player	le	11.2.202.460
adobe:flash_player	adobe flash player	le	13.0.0.289
adobe:flash_player	adobe flash player	eq	14.0.0.125
adobe:flash_player	adobe flash player	eq	14.0.0.145
adobe:flash_player	adobe flash player	eq	14.0.0.176