Lucene search

[email protected]CVE-2015-7643

HistoryOct 15, 2015 - 12:00 a.m.

CVE-2015-7643

2015-10-1500:00:11

[email protected]

web.nvd.nist.gov

cve-2015-7643

adobe flash player

use-after-free vulnerability

arbitrary code execution

security vulnerability

adobe air

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

7.3

Confidence

Low

EPSS

0.032

Percentile

91.2%

JSON

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.252 and 19.x before 19.0.0.207 on Windows and OS X and before 11.2.202.535 on Linux, Adobe AIR before 19.0.0.213, Adobe AIR SDK before 19.0.0.213, and Adobe AIR SDK & Compiler before 19.0.0.213 allows attackers to execute arbitrary code via a Video object with a crafted deblocking property, a different vulnerability than CVE-2015-7629, CVE-2015-7631, and CVE-2015-7644.

Affected configurations

NVD

Node

adobeflash_playerRange≤19.0.0.185

AND

applemac_os_xMatch-

microsoftwindowsMatch-

Node

adobeairRange≤19.0.0.190

AND

googleandroid

Node

adobeflash_playerRange≤11.2.202.521

AND

linuxlinux_kernelMatch-

Node

adobeairRange≤19.0.0.190

adobeair_sdkRange≤19.0.0.190

adobeair_sdk_\&_compilerRange≤19.0.0.190

AND

applemac_os_xMatch-

microsoftwindowsMatch-

VendorProductVersionCPE
adobeflash_playercpe:/a:adobe:flash_player::::

Vendor	Product	Version	CPE
adobe	flash_player		cpe:/a:adobe:flash_player::::

References

lists.opensuse.org/opensuse-security-announce/2015-10/msg00011.html

lists.opensuse.org/opensuse-security-announce/2015-10/msg00012.html

lists.opensuse.org/opensuse-security-announce/2015-10/msg00013.html

lists.opensuse.org/opensuse-security-announce/2015-10/msg00018.html

rhn.redhat.com/errata/RHSA-2015-1893.html

rhn.redhat.com/errata/RHSA-2015-2024.html

www.securityfocus.com/bid/77061

www.securitytracker.com/id/1033797

www.zerodayinitiative.com/advisories/ZDI-15-511

helpx.adobe.com/security/products/flash-player/apsb15-25.html

security.gentoo.org/glsa/201511-02

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

7.3

Confidence

Low

EPSS

0.032

Percentile

91.2%

JSON

Related for CVE-2015-7643

prion12 nvd12 cve11 ubuntucve12 cvelist12 zdi3 nessus14 suse4 altlinux2 redhat2 freebsd1 openvas8 archlinux1 mageia1 checkpoint_advisories3 kaspersky1 gentoo1