Lucene search

[email protected]CVE-2015-6677

HistorySep 22, 2015 - 10:59 a.m.

CVE-2015-6677

2015-09-2210:59:19

CWE-119

[email protected]

web.nvd.nist.gov

cve-2015-6677

adobe flash player

adobe air

arbitrary code execution

denial of service

memory corruption

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

7.8 High

AI Score

Confidence

Low

0.077 Low

EPSS

Percentile

94.2%

JSON

Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5575, CVE-2015-5577, CVE-2015-5578, CVE-2015-5580, CVE-2015-5582, and CVE-2015-5588.

Affected configurations

NVD

Node

adobeflash_playerRange≤11.2.202.508

AND

linuxlinux_kernelMatch-

Node

adobeairRange≤18.0.0.199

adobeair_sdkRange≤18.0.0.199

adobeair_sdk_\&_compilerRange≤18.0.0.180

AND

applemac_os_xMatch-

microsoftwindowsMatch-

Node

adobeairRange≤18.0.0.143

AND

googleandroid

Node

adobeflash_playerRange≤13.0.0.289

adobeflash_playerMatch14.0.0.125

adobeflash_playerMatch14.0.0.145

adobeflash_playerMatch14.0.0.176

adobeflash_playerMatch14.0.0.179

adobeflash_playerMatch15.0.0.152

adobeflash_playerMatch15.0.0.167

adobeflash_playerMatch15.0.0.189

adobeflash_playerMatch15.0.0.223

adobeflash_playerMatch15.0.0.239

adobeflash_playerMatch15.0.0.246

adobeflash_playerMatch16.0.0.235

adobeflash_playerMatch16.0.0.257

adobeflash_playerMatch16.0.0.287

adobeflash_playerMatch16.0.0.296

adobeflash_playerMatch17.0.0.134

adobeflash_playerMatch17.0.0.169

adobeflash_playerMatch17.0.0.188

adobeflash_playerMatch17.0.0.190

adobeflash_playerMatch17.0.0.191

adobeflash_playerMatch18.0.0.160

adobeflash_playerMatch18.0.0.194

adobeflash_playerMatch18.0.0.203

adobeflash_playerMatch18.0.0.209

adobeflash_playerMatch18.0.0.232

AND

applemac_os_xMatch-

microsoftwindowsMatch-

CPENameOperatorVersion
adobe:flash_playeradobe flash playerle11.2.202.508

CPE	Name	Operator	Version
adobe:flash_player	adobe flash player	le	11.2.202.508

References

lists.opensuse.org/opensuse-security-announce/2015-09/msg00022.html

lists.opensuse.org/opensuse-security-announce/2015-09/msg00023.html

lists.opensuse.org/opensuse-security-announce/2015-09/msg00024.html

lists.opensuse.org/opensuse-security-announce/2015-10/msg00018.html

rhn.redhat.com/errata/RHSA-2015-1814.html

www.securityfocus.com/bid/76799

www.securitytracker.com/id/1033629

h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04939841

h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388

h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680

h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722

helpx.adobe.com/security/products/flash-player/apsb15-23.html

security.gentoo.org/glsa/201509-07

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

7.8 High

AI Score

Confidence

Low

0.077 Low

EPSS

Percentile

94.2%

JSON

Related for CVE-2015-6677

ubuntucve7 nvd7 cve6 prion7 cvelist7 thn1 nessus17 kaspersky2 openvas8 altlinux2 archlinux1 freebsd1 suse4 redhat1 gentoo1 mageia1 checkpoint_advisories5