Lucene search

[email protected]CVE-2015-3104

HistoryJun 10, 2015 - 1:59 a.m.

CVE-2015-3104

2015-06-1001:59:46

CWE-189

[email protected]

web.nvd.nist.gov

cve-2015-3104

adobe flash player

integer overflow

arbitrary code execution

security vulnerability

nvd

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

7.7 High

AI Score

Confidence

Low

0.016 Low

EPSS

Percentile

87.5%

JSON

Integer overflow in Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160 on Windows and OS X and before 11.2.202.466 on Linux, Adobe AIR before 18.0.0.144 on Windows and before 18.0.0.143 on OS X and Android, Adobe AIR SDK before 18.0.0.144 on Windows and before 18.0.0.143 on OS X, and Adobe AIR SDK & Compiler before 18.0.0.144 on Windows and before 18.0.0.143 on OS X allows attackers to execute arbitrary code via unspecified vectors.

Affected configurations

NVD

Node

adobeairRange≤17.0.0.144

AND

googleandroid

Node

adobeairRange≤17.0.0.172

adobeair_sdkRange≤17.0.0.172

adobeair_sdk_\&_compilerRange≤17.0.0.172

AND

applemac_os_xMatch-

microsoftwindowsMatch-

Node

adobeflash_playerRange≤11.2.202.460

AND

linuxlinux_kernelMatch-

Node

adobeflash_playerRange≤13.0.0.289

adobeflash_playerMatch14.0.0.125

adobeflash_playerMatch14.0.0.145

adobeflash_playerMatch14.0.0.176

adobeflash_playerMatch14.0.0.179

adobeflash_playerMatch15.0.0.152

adobeflash_playerMatch15.0.0.167

adobeflash_playerMatch15.0.0.189

adobeflash_playerMatch15.0.0.223

adobeflash_playerMatch15.0.0.239

adobeflash_playerMatch15.0.0.246

adobeflash_playerMatch16.0.0.235

adobeflash_playerMatch16.0.0.257

adobeflash_playerMatch16.0.0.287

adobeflash_playerMatch16.0.0.296

adobeflash_playerMatch17.0.0.134

adobeflash_playerMatch17.0.0.169

adobeflash_playerMatch17.0.0.188

AND

applemac_os_xMatch-

microsoftwindowsMatch-

CPENameOperatorVersion
adobe:airadobe airle17.0.0.144
google:androidgoogle androideq*

CPE	Name	Operator	Version
adobe:air	adobe air	le	17.0.0.144
google:android	google android	eq	*

References

lists.opensuse.org/opensuse-security-announce/2015-06/msg00005.html

lists.opensuse.org/opensuse-security-announce/2015-06/msg00009.html

lists.opensuse.org/opensuse-security-announce/2015-06/msg00011.html

rhn.redhat.com/errata/RHSA-2015-1086.html

www.securityfocus.com/bid/75081

www.securitytracker.com/id/1032519

helpx.adobe.com/security/products/flash-player/apsb15-11.html

security.gentoo.org/glsa/201506-01

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

7.7 High

AI Score

Confidence

Low

0.016 Low

EPSS

Percentile

87.5%

JSON

Related for CVE-2015-3104

exploitdb1 checkpoint_advisories1 prion1 cvelist1 nvd1 ubuntucve1 redhat1 nessus17 openvas8 suse3 kaspersky2 altlinux2 gentoo1 mageia1 freebsd1