Lucene search

K
cve[email protected]CVE-2015-5576
HistorySep 22, 2015 - 10:59 a.m.

CVE-2015-5576

2015-09-2210:59:08
CWE-200
web.nvd.nist.gov
37
cve-2015-5576
adobe flash player
security vulnerability
aslr bypass
nvd

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

6.4 Medium

AI Score

Confidence

Low

0.071 Low

EPSS

Percentile

94.0%

Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 do not properly restrict discovery of memory addresses, which allows attackers to bypass the ASLR protection mechanism via unspecified vectors.

Affected configurations

NVD
Node
adobeairRange18.0.0.199
OR
adobeair_sdkRange18.0.0.199
OR
adobeair_sdk_\&_compilerRange18.0.0.180
AND
applemac_os_x
OR
microsoftwindows
Node
adobeflash_playerRange13.0.0.289
OR
adobeflash_playerMatch14.0.0.125
OR
adobeflash_playerMatch14.0.0.145
OR
adobeflash_playerMatch14.0.0.176
OR
adobeflash_playerMatch14.0.0.179
OR
adobeflash_playerMatch15.0.0.152
OR
adobeflash_playerMatch15.0.0.167
OR
adobeflash_playerMatch15.0.0.189
OR
adobeflash_playerMatch15.0.0.223
OR
adobeflash_playerMatch15.0.0.239
OR
adobeflash_playerMatch15.0.0.246
OR
adobeflash_playerMatch16.0.0.235
OR
adobeflash_playerMatch16.0.0.257
OR
adobeflash_playerMatch16.0.0.287
OR
adobeflash_playerMatch16.0.0.296
OR
adobeflash_playerMatch17.0.0.134
OR
adobeflash_playerMatch17.0.0.169
OR
adobeflash_playerMatch17.0.0.188
OR
adobeflash_playerMatch17.0.0.190
OR
adobeflash_playerMatch17.0.0.191
OR
adobeflash_playerMatch18.0.0.160
OR
adobeflash_playerMatch18.0.0.194
OR
adobeflash_playerMatch18.0.0.203
OR
adobeflash_playerMatch18.0.0.209
OR
adobeflash_playerMatch18.0.0.232
AND
applemac_os_x
OR
microsoftwindows
Node
adobeflash_playerRange11.2.202.508
AND
linuxlinux_kernel
Node
adobeairRange18.0.0.143
AND
googleandroid

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

6.4 Medium

AI Score

Confidence

Low

0.071 Low

EPSS

Percentile

94.0%