CVE-2015-8446

2015-12-1006:00:00

CWE-119

[email protected]

web.nvd.nist.gov

cve

2015-8446

adobe flash player

buffer overflow

security vulnerability

windows

os x

linux

adobe air

mp3

comm tags

memory allocation

arbitrary code

9.3 High

AI Score

Confidence

High

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.929 High

EPSS

Percentile

99.0%

JSON

Heap-based buffer overflow in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allows attackers to execute arbitrary code via an MP3 file with COMM tags that are mishandled during memory allocation, a different vulnerability than CVE-2015-8438.

CPENameOperatorVersion
adobe:flash_playeradobe flash playerle11.2.202.548
adobe:flash_playeradobe flash playerle18.0.0.261
adobe:flash_playeradobe flash playereq19.0.0.185
adobe:flash_playeradobe flash playereq19.0.0.207
adobe:flash_playeradobe flash playereq19.0.0.226
adobe:flash_playeradobe flash playereq19.0.0.245
adobe:airadobe airle19.0.0.241
adobe:air_sdkadobe air sdkle19.0.0.241
adobe:air_sdk_\&_compileradobe air sdk \& compilerle19.0.0.241

CPE	Name	Operator	Version
adobe:flash_player	adobe flash player	le	11.2.202.548
adobe:flash_player	adobe flash player	le	18.0.0.261
adobe:flash_player	adobe flash player	eq	19.0.0.185
adobe:flash_player	adobe flash player	eq	19.0.0.207
adobe:flash_player	adobe flash player	eq	19.0.0.226
adobe:flash_player	adobe flash player	eq	19.0.0.245
adobe:air	adobe air	le	19.0.0.241
adobe:air_sdk	adobe air sdk	le	19.0.0.241
adobe:air_sdk_\&_compiler	adobe air sdk \& compiler	le	19.0.0.241