CVE-2015-4432

2015-07-0916:59:00

CWE-119

[email protected]

web.nvd.nist.gov

cve-2015-4432

buffer overflow

adobe flash player

adobe air

windows

os x

linux

arbitrary code execution

7.7 High

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.601 Medium

EPSS

Percentile

97.8%

JSON

Heap-based buffer overflow in Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0.0.203 on Windows and OS X and before 11.2.202.481 on Linux, Adobe AIR before 18.0.0.180, Adobe AIR SDK before 18.0.0.180, and Adobe AIR SDK & Compiler before 18.0.0.180 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-3135 and CVE-2015-5118.

CPENameOperatorVersion
adobe:airadobe airle18.0.0.144
adobe:air_sdkadobe air sdkle18.0.0.144
adobe:air_sdk_\&_compileradobe air sdk \& compilerle18.0.0.144
adobe:flash_playeradobe flash playerle11.2.202.468
adobe:flash_playeradobe flash playerle13.0.0.289
adobe:flash_playeradobe flash playereq14.0.0.125
adobe:flash_playeradobe flash playereq14.0.0.145
adobe:flash_playeradobe flash playereq14.0.0.176
adobe:flash_playeradobe flash playereq14.0.0.179
adobe:flash_playeradobe flash playereq15.0.0.152

CPE	Name	Operator	Version
adobe:air	adobe air	le	18.0.0.144
adobe:air_sdk	adobe air sdk	le	18.0.0.144
adobe:air_sdk_\&_compiler	adobe air sdk \& compiler	le	18.0.0.144
adobe:flash_player	adobe flash player	le	11.2.202.468
adobe:flash_player	adobe flash player	le	13.0.0.289
adobe:flash_player	adobe flash player	eq	14.0.0.125
adobe:flash_player	adobe flash player	eq	14.0.0.145
adobe:flash_player	adobe flash player	eq	14.0.0.176
adobe:flash_player	adobe flash player	eq	14.0.0.179
adobe:flash_player	adobe flash player	eq	15.0.0.152