Lucene search

[email protected]CVE-2015-8456

HistoryDec 10, 2015 - 6:00 a.m.

CVE-2015-8456

2015-12-1006:00:22

[email protected]

web.nvd.nist.gov

cve

2015

8456

adobe flash player

windows

os x

linux

adobe air

arbitrary code

type confusion

nvd

8.9 High

AI Score

Confidence

High

9.3 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.022 Low

EPSS

Percentile

89.4%

JSON

Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allow attackers to execute arbitrary code by leveraging an unspecified “type confusion,” a different vulnerability than CVE-2015-8439.

Affected configurations

NVD

Node

adobeflash_playerRange≤18.0.0.261

adobeflash_playerMatch19.0.0.185

adobeflash_playerMatch19.0.0.207

adobeflash_playerMatch19.0.0.226

adobeflash_playerMatch19.0.0.245

AND

applemac_os_x

microsoftwindows

Node

adobeflash_playerRange≤11.2.202.548

AND

linuxlinux_kernel

Node

adobeairRange≤19.0.0.241

AND

applemac_os_x

microsoftwindows

Node

adobeair_sdkRange≤19.0.0.241

adobeair_sdk_\&_compilerRange≤19.0.0.241

AND

appleiphone_os

applemac_os_x

googleandroid

microsoftwindows

CPENameOperatorVersion
adobe:flash_playeradobe flash playerle18.0.0.261
adobe:flash_playeradobe flash playereq19.0.0.185
adobe:flash_playeradobe flash playereq19.0.0.207
adobe:flash_playeradobe flash playereq19.0.0.226
adobe:flash_playeradobe flash playereq19.0.0.245

CPE	Name	Operator	Version
adobe:flash_player	adobe flash player	le	18.0.0.261
adobe:flash_player	adobe flash player	eq	19.0.0.185
adobe:flash_player	adobe flash player	eq	19.0.0.207
adobe:flash_player	adobe flash player	eq	19.0.0.226
adobe:flash_player	adobe flash player	eq	19.0.0.245