Lucene search

[email protected]CVE-2015-3123

HistoryJul 09, 2015 - 4:59 p.m.

CVE-2015-3123

2015-07-0916:59:10

CWE-119

[email protected]

web.nvd.nist.gov

adobe flash player

adobe air

cve-2015-3123

memory corruption

arbitrary code execution

denial of service

nvd

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

7.7 High

AI Score

Confidence

Low

0.605 Medium

EPSS

Percentile

97.8%

JSON

Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0.0.203 on Windows and OS X and before 11.2.202.481 on Linux, Adobe AIR before 18.0.0.180, Adobe AIR SDK before 18.0.0.180, and Adobe AIR SDK & Compiler before 18.0.0.180 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-3117, CVE-2015-3130, CVE-2015-3133, CVE-2015-3134, and CVE-2015-4431.

Affected configurations

NVD

Node

adobeflash_playerRange≤11.2.202.468

AND

linuxlinux_kernelMatch-

Node

adobeflash_playerRange≤13.0.0.289

adobeflash_playerMatch14.0.0.125

adobeflash_playerMatch14.0.0.145

adobeflash_playerMatch14.0.0.176

adobeflash_playerMatch14.0.0.179

adobeflash_playerMatch15.0.0.152

adobeflash_playerMatch15.0.0.167

adobeflash_playerMatch15.0.0.189

adobeflash_playerMatch15.0.0.223

adobeflash_playerMatch15.0.0.239

adobeflash_playerMatch15.0.0.246

adobeflash_playerMatch16.0.0.235

adobeflash_playerMatch16.0.0.257

adobeflash_playerMatch16.0.0.287

adobeflash_playerMatch16.0.0.296

adobeflash_playerMatch17.0.0.134

adobeflash_playerMatch17.0.0.169

adobeflash_playerMatch17.0.0.188

adobeflash_playerMatch17.0.0.190

adobeflash_playerMatch18.0.0.160

adobeflash_playerMatch18.0.0.194

AND

applemac_os_xMatch-

microsoftwindowsMatch-

Node

adobeairRange≤18.0.0.144

adobeair_sdkRange≤18.0.0.144

adobeair_sdk_\&_compilerRange≤18.0.0.144

CPENameOperatorVersion
adobe:flash_playeradobe flash playerle11.2.202.468

CPE	Name	Operator	Version
adobe:flash_player	adobe flash player	le	11.2.202.468

References

lists.opensuse.org/opensuse-security-announce/2015-07/msg00017.html

lists.opensuse.org/opensuse-security-announce/2015-07/msg00018.html

rhn.redhat.com/errata/RHSA-2015-1214.html

www.securityfocus.com/bid/75591

www.securitytracker.com/id/1032810

helpx.adobe.com/security/products/flash-player/apsb15-16.html

security.gentoo.org/glsa/201507-13

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

7.7 High

AI Score

Confidence

Low

0.605 Medium

EPSS

Percentile

97.8%

JSON

Related for CVE-2015-3123

cvelist7 nvd7 cve6 ubuntucve7 prion7 checkpoint_advisories6 redhat1 nessus15 suse2 altlinux2 openvas8 mageia1 gentoo1 kaspersky1 securityvulns1