Lucene search

[email protected]CVE-2015-8658

HistoryMar 04, 2016 - 11:59 p.m.

CVE-2015-8658

2016-03-0423:59:07

CWE-787

[email protected]

web.nvd.nist.gov

cve-2015-8658

adobe flash player

adobe air

code execution

denial of service

memory corruption

vulnerability

security advisory

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

9 High

AI Score

Confidence

High

9.3 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.062 Low

EPSS

Percentile

93.6%

JSON

Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allow attackers to execute arbitrary code or cause a denial of service (uninitialized pointer dereference and memory corruption) via crafted MPEG-4 data, a different vulnerability than CVE-2015-8045, CVE-2015-8047, CVE-2015-8060, CVE-2015-8408, CVE-2015-8416, CVE-2015-8417, CVE-2015-8418, CVE-2015-8419, CVE-2015-8443, CVE-2015-8444, CVE-2015-8451, CVE-2015-8455, CVE-2015-8652, CVE-2015-8654, CVE-2015-8656, CVE-2015-8657, and CVE-2015-8820.

Affected configurations

NVD

Node

adobeflash_playerRange≤11.2.202.548

AND

linuxlinux_kernelMatch-

Node

adobeflash_player_desktop_runtimeRange≤19.0.0.245

AND

applemac_os_xMatch-

microsoftwindowsMatch-

Node

adobeflash_playerRange≤18.0.0.261esr

AND

applemac_os_xMatch-

microsoftwindowsMatch-

Node

microsoftwindows_10Match-

microsoftwindows_8Match-

microsoftwindows_8.1Match-

AND

adobeflash_playerRange≤19.0.0.245internet_explorer

Node

adobeflash_playerRange≤19.0.0.245chrome

AND

applemac_os_xMatch-

googlechrome_osMatch-

linuxlinux_kernelMatch-

microsoftwindowsMatch-

Node

microsoftwindows_10Match-

AND

adobeflash_playerRange≤19.0.0.245edge

Node

adobeair_desktop_runtimeRange≤19.0.0.241

AND

applemac_os_xMatch-

microsoftwindowsMatch-

Node

adobeair_sdkRange≤19.0.0.241

AND

appleiphone_osMatch-

applemac_os_xMatch-

googleandroidMatch-

microsoftwindowsMatch-

Node

adobeair_sdk_\&_compilerRange≤19.0.0.241

AND

appleiphone_osMatch-

applemac_os_xMatch-

googleandroidMatch-

microsoftwindowsMatch-

Node

adobeairRange≤19.0.0.241

AND

googleandroidMatch-

CPENameOperatorVersion
adobe:flash_playeradobe flash playerle11.2.202.548

CPE	Name	Operator	Version
adobe:flash_player	adobe flash player	le	11.2.202.548

References

www.securityfocus.com/bid/84160

www.zerodayinitiative.com/advisories/ZDI-15-662

helpx.adobe.com/security/products/flash-player/apsb15-32.html

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

9 High

AI Score

Confidence

High

9.3 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.062 Low

EPSS

Percentile

93.6%

JSON

Related for CVE-2015-8658

prion18 ubuntucve18 cvelist18 nvd18 cve17 zdi7 checkpoint_advisories7 exploitpack1 redhat1 openvas8 nessus16 altlinux2 exploitdb1 archlinux1 suse3 kaspersky2 mageia1 freebsd1 gentoo1