Adobe Flash Bad Write in XML When Callback Modifies XML Tree During Property Delete
2015-08-19T00:00:00
ID EDB-ID:37872 Type exploitdb Reporter Google Security Research Modified 2015-08-19T00:00:00
Description
Adobe Flash Bad Write in XML When Callback Modifies XML Tree During Property Delete. CVE-2015-5549. Dos exploits for multiple platform
Source: https://code.google.com/p/google-security-research/issues/detail?id=404&can=1&q=label%3AProduct-Flash%20modified-after%3A2015%2F8%2F17&sort=id
Source file and compiled PoC attached.
Looking at https://github.com/adobe-flash/avmplus/blob/master/core/XMLListObject.cpp:
bool XMLListObject::delUintProperty(uint32_t index)
...
if (index >= _length()) [1]
{
return true;
}
...
px->childChanges(core->knodeRemoved, r->atom()); [2]
...
m_children.removeAt(index); [3]
In [1], the passed in index is validated. In [2], the callback can run actionscript, which might shrink the size of the current XMLList. In [3], the pre-validated index is used but it might now be invalid due to shrinking at [2]. Unfortunately, removeAt() does not behave well in the presence of an out-of-bounds index.
The PoC works by triggering a wild copy in order to demonstrate the crash. But other side-effects are possible such as decrementing the refcount of an out-of-bounds index.
Proof of Concept:
https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/37872.zip
{"hash": "64d8f552caed9b4cfdce9e71a62dff41f726cbfae2d9603b273ddaef27577104", "id": "EDB-ID:37872", "lastseen": "2016-02-04T06:45:42", "enchantments": {"vulnersScore": 5.0}, "bulletinFamily": "exploit", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "edition": 1, "history": [], "type": "exploitdb", "sourceHref": "https://www.exploit-db.com/download/37872/", "description": "Adobe Flash Bad Write in XML When Callback Modifies XML Tree During Property Delete. CVE-2015-5549. Dos exploits for multiple platform", "title": "Adobe Flash Bad Write in XML When Callback Modifies XML Tree During Property Delete", "sourceData": "Source: https://code.google.com/p/google-security-research/issues/detail?id=404&can=1&q=label%3AProduct-Flash%20modified-after%3A2015%2F8%2F17&sort=id\r\n\r\nSource file and compiled PoC attached.\r\n\r\nLooking at https://github.com/adobe-flash/avmplus/blob/master/core/XMLListObject.cpp:\r\n\r\nbool XMLListObject::delUintProperty(uint32_t index)\r\n...\r\nif (index >= _length()) [1]\r\n {\r\n return true;\r\n }\r\n...\r\n px->childChanges(core->knodeRemoved, r->atom()); [2]\r\n...\r\n m_children.removeAt(index); [3]\r\n\r\nIn [1], the passed in index is validated. In [2], the callback can run actionscript, which might shrink the size of the current XMLList. In [3], the pre-validated index is used but it might now be invalid due to shrinking at [2]. Unfortunately, removeAt() does not behave well in the presence of an out-of-bounds index.\r\n\r\nThe PoC works by triggering a wild copy in order to demonstrate the crash. But other side-effects are possible such as decrementing the refcount of an out-of-bounds index.\r\n\r\nProof of Concept:\r\nhttps://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/37872.zip\r\n\r\n", "objectVersion": "1.0", "cvelist": ["CVE-2015-5549"], "published": "2015-08-19T00:00:00", "osvdbidlist": [], "references": [], "reporter": "Google Security Research", "modified": "2015-08-19T00:00:00", "href": "https://www.exploit-db.com/exploits/37872/"}
{"result": {"cve": [{"id": "CVE-2015-5549", "type": "cve", "title": "CVE-2015-5549", "description": "Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linux, Adobe AIR before 18.0.0.199, Adobe AIR SDK before 18.0.0.199, and Adobe AIR SDK & Compiler before 18.0.0.199 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5544, CVE-2015-5545, CVE-2015-5546, CVE-2015-5547, CVE-2015-5548, CVE-2015-5552, and CVE-2015-5553.", "published": "2015-08-13T21:59:34", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-5549", "cvelist": ["CVE-2015-5549"], "lastseen": "2018-01-05T11:51:46"}], "nessus": [{"id": "GENTOO_GLSA-201508-01.NASL", "type": "nessus", "title": "GLSA-201508-01 : Adobe Flash Player: Multiple vulnerabilities", "description": "The remote host is affected by the vulnerability described in GLSA-201508-01 (Adobe Flash Player: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Adobe Flash Player.\n Please review the CVE identifiers referenced below for details.\n Impact :\n\n A remote attacker could possibly execute arbitrary code with the privileges of the process, cause a Denial of Service condition, obtain sensitive information, or bypass security restrictions.\n Workaround :\n\n There is no known workaround at this time.", "published": "2015-09-23T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=86089", "cvelist": ["CVE-2015-5127", "CVE-2015-5553", "CVE-2015-5124", "CVE-2015-5539", "CVE-2015-5556", "CVE-2015-5130", "CVE-2015-5965", "CVE-2015-5563", "CVE-2015-5123", "CVE-2015-5133", "CVE-2015-5557", "CVE-2015-5134", "CVE-2015-5561", "CVE-2015-5541", "CVE-2015-5551", "CVE-2015-5540", "CVE-2015-5564", "CVE-2015-5555", "CVE-2015-5554", "CVE-2015-5549", "CVE-2015-5544", "CVE-2015-5122", "CVE-2015-3107", "CVE-2015-5131", "CVE-2015-5562", "CVE-2015-5558", "CVE-2015-5547", "CVE-2015-5552", "CVE-2015-5545", "CVE-2015-5560", "CVE-2015-5550", "CVE-2015-5132", "CVE-2015-5548", "CVE-2015-5559", "CVE-2015-5129", "CVE-2015-5546", "CVE-2015-5125"], "lastseen": "2017-10-29T13:41:25"}, {"id": "SUSE_SU-2015-1373-1.NASL", "type": "nessus", "title": "SUSE SLED11 Security Update : flash-player (SUSE-SU-2015:1373-1)", "description": "This security update to 11.2.202.508 (bsc#941239) fixes the following issues :\n\n - APSB15-19: CVE-2015-3107, CVE-2015-5124, CVE-2015-5125, CVE-2015-5127, CVE-2015-5128, CVE-2015-5129, CVE-2015-5130, CVE-2015-5131, CVE-2015-5132, CVE-2015-5133, CVE-2015-5134, CVE-2015-5539, CVE-2015-5540, CVE-2015-5541, CVE-2015-5544, CVE-2015-5545, CVE-2015-5546, CVE-2015-5547, CVE-2015-5548, CVE-2015-5549, CVE-2015-5550, CVE-2015-5551, CVE-2015-5552, CVE-2015-5553, CVE-2015-5554, CVE-2015-5555, CVE-2015-5556, CVE-2015-5557, CVE-2015-5558, CVE-2015-5559, CVE-2015-5560, CVE-2015-5561, CVE-2015-5562, CVE-2015-5563\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2015-08-13T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=85377", "cvelist": ["CVE-2015-5127", "CVE-2015-5553", "CVE-2015-5124", "CVE-2015-5539", "CVE-2015-5556", "CVE-2015-5130", "CVE-2015-5563", "CVE-2015-5133", "CVE-2015-5557", "CVE-2015-5134", "CVE-2015-5561", "CVE-2015-5541", "CVE-2015-5551", "CVE-2015-5540", "CVE-2015-5555", "CVE-2015-5554", "CVE-2015-5549", "CVE-2015-5544", "CVE-2015-3107", "CVE-2015-5131", "CVE-2015-5562", "CVE-2015-5558", "CVE-2015-5547", "CVE-2015-5552", "CVE-2015-5545", "CVE-2015-5560", "CVE-2015-5550", "CVE-2015-5132", "CVE-2015-5548", "CVE-2015-5559", "CVE-2015-5128", "CVE-2015-5129", "CVE-2015-5546", "CVE-2015-5125"], "lastseen": "2017-10-29T13:43:50"}, {"id": "OPENSUSE-2015-545.NASL", "type": "nessus", "title": "openSUSE Security Update : flash-player (openSUSE-2015-545)", "description": "Security update to 11.2.202.508 (bsc#941239) :\n\n - APSB15-19: CVE-2015-3107, CVE-2015-5124, CVE-2015-5125, CVE-2015-5127, CVE-2015-5128, CVE-2015-5129, CVE-2015-5130, CVE-2015-5131, CVE-2015-5132, CVE-2015-5133, CVE-2015-5134, CVE-2015-5539, CVE-2015-5540, CVE-2015-5541, CVE-2015-5544, CVE-2015-5545, CVE-2015-5546, CVE-2015-5547, CVE-2015-5548, CVE-2015-5549, CVE-2015-5550, CVE-2015-5551, CVE-2015-5552, CVE-2015-5553, CVE-2015-5554, CVE-2015-5555, CVE-2015-5556, CVE-2015-5557, CVE-2015-5558, CVE-2015-5559, CVE-2015-5560, CVE-2015-5561, CVE-2015-5562, CVE-2015-5563", "published": "2015-08-17T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=85434", "cvelist": ["CVE-2015-5127", "CVE-2015-5553", "CVE-2015-5124", "CVE-2015-5539", "CVE-2015-5556", "CVE-2015-5130", "CVE-2015-5563", "CVE-2015-5133", "CVE-2015-5557", "CVE-2015-5134", "CVE-2015-5561", "CVE-2015-5541", "CVE-2015-5551", "CVE-2015-5540", "CVE-2015-5555", "CVE-2015-5554", "CVE-2015-5549", "CVE-2015-5544", "CVE-2015-3107", "CVE-2015-5131", "CVE-2015-5562", "CVE-2015-5558", "CVE-2015-5547", "CVE-2015-5552", "CVE-2015-5545", "CVE-2015-5560", "CVE-2015-5550", "CVE-2015-5132", "CVE-2015-5548", "CVE-2015-5559", "CVE-2015-5128", "CVE-2015-5129", "CVE-2015-5546", "CVE-2015-5125"], "lastseen": "2017-10-29T13:41:45"}, {"id": "OPENSUSE-2015-546.NASL", "type": "nessus", "title": "openSUSE Security Update : flash-player (openSUSE-2015-546)", "description": "- Security update to 11.2.202.508 (bsc#941239) :\n\n - APSB15-19: CVE-2015-3107, CVE-2015-5124, CVE-2015-5125, CVE-2015-5127, CVE-2015-5128, CVE-2015-5129, CVE-2015-5130, CVE-2015-5131, CVE-2015-5132, CVE-2015-5133, CVE-2015-5134, CVE-2015-5539, CVE-2015-5540, CVE-2015-5541, CVE-2015-5544, CVE-2015-5545, CVE-2015-5546, CVE-2015-5547, CVE-2015-5548, CVE-2015-5549, CVE-2015-5550, CVE-2015-5551, CVE-2015-5552, CVE-2015-5553, CVE-2015-5554, CVE-2015-5555, CVE-2015-5556, CVE-2015-5557, CVE-2015-5558, CVE-2015-5559, CVE-2015-5560, CVE-2015-5561, CVE-2015-5562, CVE-2015-5563", "published": "2015-08-17T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=85435", "cvelist": ["CVE-2015-5127", "CVE-2015-5553", "CVE-2015-5124", "CVE-2015-5539", "CVE-2015-5556", "CVE-2015-5130", "CVE-2015-5563", "CVE-2015-5133", "CVE-2015-5557", "CVE-2015-5134", "CVE-2015-5561", "CVE-2015-5541", "CVE-2015-5551", "CVE-2015-5540", "CVE-2015-5555", "CVE-2015-5554", "CVE-2015-5549", "CVE-2015-5544", "CVE-2015-3107", "CVE-2015-5131", "CVE-2015-5562", "CVE-2015-5558", "CVE-2015-5547", "CVE-2015-5552", "CVE-2015-5545", "CVE-2015-5560", "CVE-2015-5550", "CVE-2015-5132", "CVE-2015-5548", "CVE-2015-5559", "CVE-2015-5128", "CVE-2015-5129", "CVE-2015-5546", "CVE-2015-5125"], "lastseen": "2017-10-29T13:36:28"}, {"id": "MACOSX_ADOBE_AIR_APSB15-19.NASL", "type": "nessus", "title": "Adobe AIR for Mac <= 18.0.0.180 Multiple Vulnerabilities (APSB15-16)", "description": "According to its version, the installation of Adobe AIR on the remote Mac OS X host is equal or prior to 18.0.0.180. It is, therefore, affected by multiple vulnerabilities :\n\n - Multiple type confusion errors exist that allow an attacker to execute arbitrary code. (CVE-2015-5128, CVE-2015-5554, CVE-2015-5555, CVE-2015-5558, CVE-2015-5562)\n\n - An unspecified vulnerability exists related to vector length corruptions. (CVE-2015-5125)\n\n - Multiple user-after-free errors exist that allow an attacker to execute arbitrary code. (CVE-2015-5550, CVE-2015-5551, CVE-2015-3107, CVE-2015-5556, CVE-2015-5130, CVE-2015-5134, CVE-2015-5539, CVE-2015-5540, CVE-2015-5557, CVE-2015-5559, CVE-2015-5127, CVE-2015-5563, CVE-2015-5561, CVE-2015-5564, CVE-2015-5565, CVE-2015-5566) \n - Multiple heap buffer overflow conditions exist that allow an attacker to execute arbitrary code.\n (CVE-2015-5129, CVE-2015-5541)\n\n - Multiple buffer overflow conditions exist that allow an attacker to execute arbitrary code. (CVE-2015-5131, CVE-2015-5132, CVE-2015-5133) \n - Multiple memory corruption issues exist that allow an attacker to execute arbitrary code. (CVE-2015-5544, CVE-2015-5545, CVE-2015-5546, CVE-2015-5547, CVE-2015-5548, CVE-2015-5549, CVE-2015-5552, CVE-2015-5553)\n\n - An integer overflow condition exists that allows an attacker to execute arbitrary code. (CVE-2015-5560)", "published": "2015-08-11T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=85327", "cvelist": ["CVE-2015-5127", "CVE-2015-5553", "CVE-2015-5539", "CVE-2015-5556", "CVE-2015-5130", "CVE-2015-5563", "CVE-2015-5565", "CVE-2015-5133", "CVE-2015-5557", "CVE-2015-5134", "CVE-2015-5561", "CVE-2015-5541", "CVE-2015-5551", "CVE-2015-5540", "CVE-2015-5564", "CVE-2015-5555", "CVE-2015-5554", "CVE-2015-5549", "CVE-2015-5544", "CVE-2015-3107", "CVE-2015-5131", "CVE-2015-5562", "CVE-2015-5558", "CVE-2015-5547", "CVE-2015-5552", "CVE-2015-5545", "CVE-2015-5560", "CVE-2015-5566", "CVE-2015-5550", "CVE-2015-5132", "CVE-2015-5548", "CVE-2015-5559", "CVE-2015-5128", "CVE-2015-5129", "CVE-2015-5546", "CVE-2015-5125"], "lastseen": "2017-10-29T13:39:20"}, {"id": "MACOSX_GOOGLE_CHROME_44_0_2403_155.NASL", "type": "nessus", "title": "Google Chrome < 44.0.2403.155 Multiple Vulnerabilities (Mac OS X)", "description": "The version of Google Chrome installed on the remote Mac OS X host is prior to 44.0.2403.155. It is, therefore, affected by multiple vulnerabilities :\n\n - Multiple type confusion errors exist that allow an attacker to execute arbitrary code. (CVE-2015-5128, CVE-2015-5554, CVE-2015-5555, CVE-2015-5558, CVE-2015-5562)\n\n - An unspecified vulnerability exists related to vector length corruptions. (CVE-2015-5125)\n\n - Multiple user-after-free errors exist that allow an attacker to execute arbitrary code. (CVE-2015-5550, CVE-2015-5551, CVE-2015-3107, CVE-2015-5556, CVE-2015-5130, CVE-2015-5134, CVE-2015-5539, CVE-2015-5540, CVE-2015-5557, CVE-2015-5559, CVE-2015-5127, CVE-2015-5563, CVE-2015-5561, CVE-2015-5564, CVE-2015-5565, CVE-2015-5566)\n\n - Multiple heap buffer overflow conditions exist that allow an attacker to execute arbitrary code.\n (CVE-2015-5129, CVE-2015-5541)\n\n - Multiple buffer overflow conditions exist that allow an attacker to execute arbitrary code. (CVE-2015-5131, CVE-2015-5132, CVE-2015-5133)\n\n - Multiple memory corruption issues exist that allow an attacker to execute arbitrary code. (CVE-2015-5544, CVE-2015-5545, CVE-2015-5546, CVE-2015-5547, CVE-2015-5548, CVE-2015-5549, CVE-2015-5552, CVE-2015-5553)\n\n - An integer overflow condition exists that allows an attacker to execute arbitrary code. (CVE-2015-5560)", "published": "2015-08-20T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=85568", "cvelist": ["CVE-2015-5127", "CVE-2015-5553", "CVE-2015-5539", "CVE-2015-5556", "CVE-2015-5130", "CVE-2015-5563", "CVE-2015-5565", "CVE-2015-5133", "CVE-2015-5557", "CVE-2015-5134", "CVE-2015-5561", "CVE-2015-5541", "CVE-2015-5551", "CVE-2015-5540", "CVE-2015-5564", "CVE-2015-5555", "CVE-2015-5554", "CVE-2015-5549", "CVE-2015-5544", "CVE-2015-3107", "CVE-2015-5131", "CVE-2015-5562", "CVE-2015-5558", "CVE-2015-5547", "CVE-2015-5552", "CVE-2015-5545", "CVE-2015-5560", "CVE-2015-5566", "CVE-2015-5550", "CVE-2015-5132", "CVE-2015-5548", "CVE-2015-5559", "CVE-2015-5128", "CVE-2015-5129", "CVE-2015-5546", "CVE-2015-5125"], "lastseen": "2017-10-29T13:36:59"}, {"id": "GOOGLE_CHROME_44_0_2403_155.NASL", "type": "nessus", "title": "Google Chrome < 44.0.2403.155 Multiple Vulnerabilities", "description": "The version of Google Chrome installed on the remote Windows host is prior to 44.0.2403.155. It is, therefore, affected by multiple vulnerabilities :\n\n - Multiple type confusion errors exist that allow an attacker to execute arbitrary code. (CVE-2015-5128, CVE-2015-5554, CVE-2015-5555, CVE-2015-5558, CVE-2015-5562)\n\n - An unspecified vulnerability exists related to vector length corruptions. (CVE-2015-5125)\n\n - Multiple user-after-free errors exist that allow an attacker to execute arbitrary code. (CVE-2015-5550, CVE-2015-5551, CVE-2015-3107, CVE-2015-5556, CVE-2015-5130, CVE-2015-5134, CVE-2015-5539, CVE-2015-5540, CVE-2015-5557, CVE-2015-5559, CVE-2015-5127, CVE-2015-5563, CVE-2015-5561, CVE-2015-5564, CVE-2015-5565, CVE-2015-5566)\n\n - Multiple heap buffer overflow conditions exist that allow an attacker to execute arbitrary code.\n (CVE-2015-5129, CVE-2015-5541)\n\n - Multiple buffer overflow conditions exist that allow an attacker to execute arbitrary code. (CVE-2015-5131, CVE-2015-5132, CVE-2015-5133)\n\n - Multiple memory corruption issues exist that allow an attacker to execute arbitrary code. (CVE-2015-5544, CVE-2015-5545, CVE-2015-5546, CVE-2015-5547, CVE-2015-5548, CVE-2015-5549, CVE-2015-5552, CVE-2015-5553)\n\n - An integer overflow condition exists that allows an attacker to execute arbitrary code. (CVE-2015-5560)", "published": "2015-08-20T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=85567", "cvelist": ["CVE-2015-5127", "CVE-2015-5553", "CVE-2015-5539", "CVE-2015-5556", "CVE-2015-5130", "CVE-2015-5563", "CVE-2015-5565", "CVE-2015-5133", "CVE-2015-5557", "CVE-2015-5134", "CVE-2015-5561", "CVE-2015-5541", "CVE-2015-5551", "CVE-2015-5540", "CVE-2015-5564", "CVE-2015-5555", "CVE-2015-5554", "CVE-2015-5549", "CVE-2015-5544", "CVE-2015-3107", "CVE-2015-5131", "CVE-2015-5562", "CVE-2015-5558", "CVE-2015-5547", "CVE-2015-5552", "CVE-2015-5545", "CVE-2015-5560", "CVE-2015-5566", "CVE-2015-5550", "CVE-2015-5132", "CVE-2015-5548", "CVE-2015-5559", "CVE-2015-5128", "CVE-2015-5129", "CVE-2015-5546", "CVE-2015-5125"], "lastseen": "2017-10-29T13:35:21"}, {"id": "SMB_KB3087916.NASL", "type": "nessus", "title": "MS KB3087916: Update for Vulnerabilities in Adobe Flash Player in Internet Explorer", "description": "The remote Windows host is missing KB3087916. It is, therefore, affected by multiple remote code execution vulnerabilities :\n\n - Multiple type confusion errors exist that allow an attacker to execute arbitrary code. (CVE-2015-5128, CVE-2015-5554, CVE-2015-5555, CVE-2015-5558, CVE-2015-5562)\n\n - An unspecified vulnerability exists related to vector length corruptions. (CVE-2015-5125)\n\n - Multiple user-after-free errors exist that allow an attacker to execute arbitrary code. (CVE-2015-5550, CVE-2015-5551, CVE-2015-3107, CVE-2015-5556, CVE-2015-5130, CVE-2015-5134, CVE-2015-5539, CVE-2015-5540, CVE-2015-5557, CVE-2015-5559, CVE-2015-5127, CVE-2015-5563, CVE-2015-5561, CVE-2015-5564, CVE-2015-5565, CVE-2015-5566) \n - Multiple heap buffer overflow conditions exist that allow an attacker to execute arbitrary code.\n (CVE-2015-5129, CVE-2015-5541)\n\n - Multiple buffer overflow conditions exist that allow an attacker to execute arbitrary code. (CVE-2015-5131, CVE-2015-5132, CVE-2015-5133) \n - Multiple memory corruption issues exist that allow an attacker to execute arbitrary code. (CVE-2015-5544, CVE-2015-5545, CVE-2015-5546, CVE-2015-5547, CVE-2015-5548, CVE-2015-5549, CVE-2015-5552, CVE-2015-5553)\n\n - An integer overflow condition exists that allows an attacker to execute arbitrary code. (CVE-2015-5560)", "published": "2015-08-11T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=85329", "cvelist": ["CVE-2015-5127", "CVE-2015-5553", "CVE-2015-5539", "CVE-2015-5556", "CVE-2015-5130", "CVE-2015-5563", "CVE-2015-5565", "CVE-2015-5133", "CVE-2015-5557", "CVE-2015-5134", "CVE-2015-5561", "CVE-2015-5541", "CVE-2015-5551", "CVE-2015-5540", "CVE-2015-5564", "CVE-2015-5555", "CVE-2015-5554", "CVE-2015-5549", "CVE-2015-5544", "CVE-2015-3107", "CVE-2015-5131", "CVE-2015-5562", "CVE-2015-5558", "CVE-2015-5547", "CVE-2015-5552", "CVE-2015-5545", "CVE-2015-5560", "CVE-2015-5566", "CVE-2015-5550", "CVE-2015-5132", "CVE-2015-5548", "CVE-2015-5559", "CVE-2015-5128", "CVE-2015-5129", "CVE-2015-5546", "CVE-2015-5125"], "lastseen": "2017-10-29T13:39:57"}, {"id": "FLASH_PLAYER_APSB15-19.NASL", "type": "nessus", "title": "Adobe Flash Player <= 18.0.0.209 Multiple Vulnerabilities (APSB15-19)", "description": "The version of Adobe Flash Player installed on the remote Windows host is equal or prior to version 18.0.0.209. It is, therefore, affected by the following vulnerabilities :\n\n - Multiple type confusion errors exist that allow an attacker to execute arbitrary code. (CVE-2015-5128, CVE-2015-5554, CVE-2015-5555, CVE-2015-5558, CVE-2015-5562)\n\n - An unspecified vulnerability exists related to vector length corruptions. (CVE-2015-5125)\n\n - Multiple user-after-free errors exist that allow an attacker to execute arbitrary code. (CVE-2015-5550, CVE-2015-5551, CVE-2015-3107, CVE-2015-5556, CVE-2015-5130, CVE-2015-5134, CVE-2015-5539, CVE-2015-5540, CVE-2015-5557, CVE-2015-5559, CVE-2015-5127, CVE-2015-5563, CVE-2015-5561, CVE-2015-5564, CVE-2015-5565, CVE-2015-5566) \n - Multiple heap buffer overflow conditions exist that allow an attacker to execute arbitrary code.\n (CVE-2015-5129, CVE-2015-5541)\n\n - Multiple buffer overflow conditions exist that allow an attacker to execute arbitrary code. (CVE-2015-5131, CVE-2015-5132, CVE-2015-5133) \n - Multiple memory corruption issues exist that allow an attacker to execute arbitrary code. (CVE-2015-5544, CVE-2015-5545, CVE-2015-5546, CVE-2015-5547, CVE-2015-5548, CVE-2015-5549, CVE-2015-5552, CVE-2015-5553)\n\n - An integer overflow condition exists that allows an attacker to execute arbitrary code. (CVE-2015-5560)", "published": "2015-08-11T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=85326", "cvelist": ["CVE-2015-5127", "CVE-2015-5553", "CVE-2015-5539", "CVE-2015-5556", "CVE-2015-5130", "CVE-2015-5563", "CVE-2015-5565", "CVE-2015-5133", "CVE-2015-5557", "CVE-2015-5134", "CVE-2015-5561", "CVE-2015-5541", "CVE-2015-5551", "CVE-2015-5540", "CVE-2015-5564", "CVE-2015-5555", "CVE-2015-5554", "CVE-2015-5549", "CVE-2015-5544", "CVE-2015-3107", "CVE-2015-5131", "CVE-2015-5562", "CVE-2015-5558", "CVE-2015-5547", "CVE-2015-5552", "CVE-2015-5545", "CVE-2015-5560", "CVE-2015-5566", "CVE-2015-5550", "CVE-2015-5132", "CVE-2015-5548", "CVE-2015-5559", "CVE-2015-5128", "CVE-2015-5129", "CVE-2015-5546", "CVE-2015-5125"], "lastseen": "2017-10-29T13:42:22"}, {"id": "FREEBSD_PKG_F3778328D2884B3986A465877331EAF7.NASL", "type": "nessus", "title": "FreeBSD : Adobe Flash Player -- critical vulnerabilities (f3778328-d288-4b39-86a4-65877331eaf7)", "description": "Adobe reports :\n\nAdobe has released security updates for Adobe Flash Player. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system.\n\nThese updates resolve type confusion vulnerabilities that could lead to code execution (CVE-2015-5128, CVE-2015-5554, CVE-2015-5555, CVE-2015-5558, CVE-2015-5562).\n\nThese updates include further hardening to a mitigation introduced in version 18.0.0.209 to defend against vector length corruptions (CVE-2015-5125).\n\nThese updates resolve use-after-free vulnerabilities that could lead to code execution (CVE-2015-5550, CVE-2015-5551, CVE-2015-3107, CVE-2015-5556, CVE-2015-5130, CVE-2015-5134, CVE-2015-5539, CVE-2015-5540, CVE-2015-5557, CVE-2015-5559, CVE-2015-5127, CVE-2015-5563, CVE-2015-5561, CVE-2015-5124, CVE-2015-5564).\n\nThese updates resolve heap buffer overflow vulnerabilities that could lead to code execution (CVE-2015-5129, CVE-2015-5541).\n\nThese updates resolve buffer overflow vulnerabilities that could lead to code execution (CVE-2015-5131, CVE-2015-5132, CVE-2015-5133).\n\nThese updates resolve memory corruption vulnerabilities that could lead to code execution (CVE-2015-5544, CVE-2015-5545, CVE-2015-5546, CVE-2015-5547, CVE-2015-5548, CVE-2015-5549, CVE-2015-5552, CVE-2015-5553).\n\nThese updates resolve an integer overflow vulnerability that could lead to code execution (CVE-2015-5560).", "published": "2015-08-13T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=85370", "cvelist": ["CVE-2015-5127", "CVE-2015-5553", "CVE-2015-5124", "CVE-2015-5539", "CVE-2015-5556", "CVE-2015-5130", "CVE-2015-5563", "CVE-2015-5133", "CVE-2015-5557", "CVE-2015-5134", "CVE-2015-5561", "CVE-2015-5541", "CVE-2015-5551", "CVE-2015-5540", "CVE-2015-5564", "CVE-2015-5555", "CVE-2015-5554", "CVE-2015-5549", "CVE-2015-5544", "CVE-2015-3107", "CVE-2015-5131", "CVE-2015-5562", "CVE-2015-5558", "CVE-2015-5547", "CVE-2015-5552", "CVE-2015-5545", "CVE-2015-5560", "CVE-2015-5550", "CVE-2015-5132", "CVE-2015-5548", "CVE-2015-5559", "CVE-2015-5128", "CVE-2015-5129", "CVE-2015-5546", "CVE-2015-5125"], "lastseen": "2017-10-29T13:34:15"}], "openvas": [{"id": "OPENVAS:1361412562310851073", "type": "openvas", "title": "SuSE Update for flash-player SUSE-SU-2015:1374-1 (flash-player)", "description": "Check the version of flash-player", "published": "2015-10-16T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851073", "cvelist": ["CVE-2015-5127", "CVE-2015-5553", "CVE-2015-5124", "CVE-2015-5539", "CVE-2015-5556", "CVE-2015-5130", "CVE-2015-5563", "CVE-2015-5133", "CVE-2015-5557", "CVE-2015-5134", "CVE-2015-5561", "CVE-2015-5541", "CVE-2015-5551", "CVE-2015-5540", "CVE-2015-5555", "CVE-2015-5554", "CVE-2015-5549", "CVE-2015-5544", "CVE-2015-3107", "CVE-2015-5131", "CVE-2015-5562", "CVE-2015-5558", "CVE-2015-5547", "CVE-2015-5552", "CVE-2015-5545", "CVE-2015-5560", "CVE-2015-5550", "CVE-2015-5132", "CVE-2015-5548", "CVE-2015-5559", "CVE-2015-5128", "CVE-2015-5129", "CVE-2015-5546", "CVE-2015-5125"], "lastseen": "2017-12-12T11:15:32"}, {"id": "OPENVAS:1361412562310805954", "type": "openvas", "title": "Adobe Flash Player Multiple Vulnerabilities -01 Aug15 (Windows)", "description": "This host is installed with Adobe Flash\n Player and is prone to multiple vulnerabilities.", "published": "2015-08-18T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310805954", "cvelist": ["CVE-2015-5127", "CVE-2015-5553", "CVE-2015-5124", "CVE-2015-5539", "CVE-2015-5556", "CVE-2015-5130", "CVE-2015-5563", "CVE-2015-5565", "CVE-2015-5133", "CVE-2015-5557", "CVE-2015-5134", "CVE-2015-5561", "CVE-2015-5541", "CVE-2015-5551", "CVE-2015-5540", "CVE-2015-5564", "CVE-2015-5555", "CVE-2015-5554", "CVE-2015-5549", "CVE-2015-5544", "CVE-2015-5131", "CVE-2015-5562", "CVE-2015-5558", "CVE-2015-5547", "CVE-2015-5552", "CVE-2015-5545", "CVE-2015-5560", "CVE-2015-5566", "CVE-2015-5550", "CVE-2015-5132", "CVE-2015-5548", "CVE-2015-5559", "CVE-2015-5129", "CVE-2015-5546", "CVE-2015-5125"], "lastseen": "2017-12-20T13:24:41"}, {"id": "OPENVAS:1361412562310121404", "type": "openvas", "title": "Gentoo Linux Local Check: https://security.gentoo.org/glsa/201508-01", "description": "Gentoo Linux Local Security Checks https://security.gentoo.org/glsa/201508-01", "published": "2015-09-29T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310121404", "cvelist": ["CVE-2015-5127", "CVE-2015-5553", "CVE-2015-5124", "CVE-2015-5539", "CVE-2015-5556", "CVE-2015-5130", "CVE-2015-5965", "CVE-2015-5563", "CVE-2015-5123", "CVE-2015-5133", "CVE-2015-5557", "CVE-2015-5134", "CVE-2015-5561", "CVE-2015-5541", "CVE-2015-5551", "CVE-2015-5540", "CVE-2015-5564", "CVE-2015-5555", "CVE-2015-5554", "CVE-2015-5549", "CVE-2015-5544", "CVE-2015-5122", "CVE-2015-3107", "CVE-2015-5131", "CVE-2015-5562", "CVE-2015-5558", "CVE-2015-5547", "CVE-2015-5552", "CVE-2015-5545", "CVE-2015-5560", "CVE-2015-5550", "CVE-2015-5132", "CVE-2015-5548", "CVE-2015-5559", "CVE-2015-5129", "CVE-2015-5546", "CVE-2015-5125"], "lastseen": "2018-04-09T11:26:19"}, {"id": "OPENVAS:1361412562310805956", "type": "openvas", "title": "Adobe Flash Player Multiple Vulnerabilities -01 Aug15 (Linux)", "description": "This host is installed with Adobe Flash\n Player and is prone to multiple vulnerabilities.", "published": "2015-08-18T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310805956", "cvelist": ["CVE-2015-5127", "CVE-2015-5553", "CVE-2015-5124", "CVE-2015-5539", "CVE-2015-5556", "CVE-2015-5130", "CVE-2015-5563", "CVE-2015-5565", "CVE-2015-5133", "CVE-2015-5557", "CVE-2015-5134", "CVE-2015-5561", "CVE-2015-5541", "CVE-2015-5551", "CVE-2015-5540", "CVE-2015-5564", "CVE-2015-5555", "CVE-2015-5554", "CVE-2015-5549", "CVE-2015-5544", "CVE-2015-5131", "CVE-2015-5562", "CVE-2015-5558", "CVE-2015-5547", "CVE-2015-5552", "CVE-2015-5545", "CVE-2015-5560", "CVE-2015-5566", "CVE-2015-5550", "CVE-2015-5132", "CVE-2015-5548", "CVE-2015-5559", "CVE-2015-5129", "CVE-2015-5546", "CVE-2015-5125"], "lastseen": "2017-07-14T10:51:47"}, {"id": "OPENVAS:1361412562310130068", "type": "openvas", "title": "Mageia Linux Local Check: mgasa-2015-0311", "description": "Mageia Linux Local Security Checks mgasa-2015-0311", "published": "2015-10-15T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310130068", "cvelist": ["CVE-2015-5127", "CVE-2015-5553", "CVE-2015-5124", "CVE-2015-5539", "CVE-2015-5556", "CVE-2015-5130", "CVE-2015-5563", "CVE-2015-5133", "CVE-2015-5557", "CVE-2015-5134", "CVE-2015-5561", "CVE-2015-5541", "CVE-2015-5551", "CVE-2015-5540", "CVE-2015-5555", "CVE-2015-5554", "CVE-2015-5549", "CVE-2015-5544", "CVE-2015-3107", "CVE-2015-5131", "CVE-2015-5562", "CVE-2015-5558", "CVE-2015-5547", "CVE-2015-5552", "CVE-2015-5545", "CVE-2015-5560", "CVE-2015-5550", "CVE-2015-5132", "CVE-2015-5548", "CVE-2015-5559", "CVE-2015-5128", "CVE-2015-5129", "CVE-2015-5546", "CVE-2015-5125"], "lastseen": "2017-07-24T12:53:48"}, {"id": "OPENVAS:1361412562310805957", "type": "openvas", "title": "Adobe Air Multiple Vulnerabilities-01 Aug15 (Windows)", "description": "This host is installed with Adobe Air and\n is prone to multiple vulnerabilities.", "published": "2015-08-18T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310805957", "cvelist": ["CVE-2015-5127", "CVE-2015-5553", "CVE-2015-5124", "CVE-2015-5539", "CVE-2015-5556", "CVE-2015-5130", "CVE-2015-5563", "CVE-2015-5565", "CVE-2015-5133", "CVE-2015-5557", "CVE-2015-5134", "CVE-2015-5561", "CVE-2015-5541", "CVE-2015-5551", "CVE-2015-5540", "CVE-2015-5564", "CVE-2015-5555", "CVE-2015-5554", "CVE-2015-5549", "CVE-2015-5544", "CVE-2015-5131", "CVE-2015-5562", "CVE-2015-5558", "CVE-2015-5547", "CVE-2015-5552", "CVE-2015-5545", "CVE-2015-5560", "CVE-2015-5566", "CVE-2015-5550", "CVE-2015-5132", "CVE-2015-5548", "CVE-2015-5559", "CVE-2015-5129", "CVE-2015-5546", "CVE-2015-5125"], "lastseen": "2017-12-20T13:23:55"}, {"id": "OPENVAS:1361412562310805958", "type": "openvas", "title": "Adobe Air Multiple Vulnerabilities-01 Aug15 (Mac OS X)", "description": "This host is installed with Adobe Air and\n is prone to multiple vulnerabilities.", "published": "2015-08-18T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310805958", "cvelist": ["CVE-2015-5127", "CVE-2015-5553", "CVE-2015-5124", "CVE-2015-5539", "CVE-2015-5556", "CVE-2015-5130", "CVE-2015-5563", "CVE-2015-5565", "CVE-2015-5133", "CVE-2015-5557", "CVE-2015-5134", "CVE-2015-5561", "CVE-2015-5541", "CVE-2015-5551", "CVE-2015-5540", "CVE-2015-5564", "CVE-2015-5555", "CVE-2015-5554", "CVE-2015-5549", "CVE-2015-5544", "CVE-2015-5131", "CVE-2015-5562", "CVE-2015-5558", "CVE-2015-5547", "CVE-2015-5552", "CVE-2015-5545", "CVE-2015-5560", "CVE-2015-5566", "CVE-2015-5550", "CVE-2015-5132", "CVE-2015-5548", "CVE-2015-5559", "CVE-2015-5129", "CVE-2015-5546", "CVE-2015-5125"], "lastseen": "2017-07-17T10:52:36"}, {"id": "OPENVAS:1361412562310805955", "type": "openvas", "title": "Adobe Flash Player Multiple Vulnerabilities -01 Aug15 (Mac OS X)", "description": "This host is installed with Adobe Flash\n Player and is prone to multiple vulnerabilities.", "published": "2015-08-18T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310805955", "cvelist": ["CVE-2015-5127", "CVE-2015-5553", "CVE-2015-5124", "CVE-2015-5539", "CVE-2015-5556", "CVE-2015-5130", "CVE-2015-5563", "CVE-2015-5565", "CVE-2015-5133", "CVE-2015-5557", "CVE-2015-5134", "CVE-2015-5561", "CVE-2015-5541", "CVE-2015-5551", "CVE-2015-5540", "CVE-2015-5564", "CVE-2015-5555", "CVE-2015-5554", "CVE-2015-5549", "CVE-2015-5544", "CVE-2015-5131", "CVE-2015-5562", "CVE-2015-5558", "CVE-2015-5547", "CVE-2015-5552", "CVE-2015-5545", "CVE-2015-5560", "CVE-2015-5566", "CVE-2015-5550", "CVE-2015-5132", "CVE-2015-5548", "CVE-2015-5559", "CVE-2015-5129", "CVE-2015-5546", "CVE-2015-5125"], "lastseen": "2017-07-02T21:12:15"}], "gentoo": [{"id": "GLSA-201508-01", "type": "gentoo", "title": "Adobe Flash Player: Multiple vulnerabilities", "description": "### Background\n\nThe Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. \n\n### Description\n\nMultiple vulnerabilities have been discovered in Adobe Flash Player. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker could possibly execute arbitrary code with the privileges of the process, cause a Denial of Service condition, obtain sensitive information, or bypass security restrictions. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Adobe Flash Player users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=www-plugins/adobe-flash-11.2.202.508\"", "published": "2015-08-15T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://security.gentoo.org/glsa/201508-01", "cvelist": ["CVE-2015-5127", "CVE-2015-5553", "CVE-2015-5124", "CVE-2015-5539", "CVE-2015-5556", "CVE-2015-5130", "CVE-2015-5965", "CVE-2015-5563", "CVE-2015-5123", "CVE-2015-5133", "CVE-2015-5557", "CVE-2015-5134", "CVE-2015-5561", "CVE-2015-5541", "CVE-2015-5551", "CVE-2015-5540", "CVE-2015-5564", "CVE-2015-5555", "CVE-2015-5554", "CVE-2015-5549", "CVE-2015-5544", "CVE-2015-5122", "CVE-2015-3107", "CVE-2015-5131", "CVE-2015-5562", "CVE-2015-5558", "CVE-2015-5547", "CVE-2015-5552", "CVE-2015-5545", "CVE-2015-5560", "CVE-2015-5550", "CVE-2015-5132", "CVE-2015-5548", "CVE-2015-5559", "CVE-2015-5129", "CVE-2015-5546", "CVE-2015-5125"], "lastseen": "2016-09-06T19:46:24"}], "freebsd": [{"id": "F3778328-D288-4B39-86A4-65877331EAF7", "type": "freebsd", "title": "Adobe Flash Player -- critical vulnerabilities", "description": "\nAdobe reports:\n\nAdobe has released security updates for Adobe Flash Player.\n\t These updates address critical vulnerabilities that could\n\t potentially allow an attacker to take control of the affected\n\t system.\nThese updates resolve type confusion vulnerabilities that could\n\t lead to code execution (CVE-2015-5128, CVE-2015-5554,\n\t CVE-2015-5555, CVE-2015-5558, CVE-2015-5562).\nThese updates include further hardening to a mitigation\n\t introduced in version 18.0.0.209 to defend against vector\n\t length corruptions (CVE-2015-5125).\nThese updates resolve use-after-free vulnerabilities that could\n\t lead to code execution (CVE-2015-5550, CVE-2015-5551,\n\t CVE-2015-3107, CVE-2015-5556, CVE-2015-5130, CVE-2015-5134,\n\t CVE-2015-5539, CVE-2015-5540, CVE-2015-5557, CVE-2015-5559,\n\t CVE-2015-5127, CVE-2015-5563, CVE-2015-5561, CVE-2015-5124,\n\t CVE-2015-5564).\nThese updates resolve heap buffer overflow vulnerabilities\n\t that could lead to code execution (CVE-2015-5129,\n\t CVE-2015-5541).\nThese updates resolve buffer overflow vulnerabilities that\n\t could lead to code execution (CVE-2015-5131, CVE-2015-5132,\n\t CVE-2015-5133).\nThese updates resolve memory corruption vulnerabilities that\n\t could lead to code execution (CVE-2015-5544, CVE-2015-5545,\n\t CVE-2015-5546, CVE-2015-5547, CVE-2015-5548, CVE-2015-5549,\n\t CVE-2015-5552, CVE-2015-5553).\nThese updates resolve an integer overflow vulnerability that\n\t could lead to code execution (CVE-2015-5560).\n\n", "published": "2015-08-11T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://vuxml.freebsd.org/freebsd/f3778328-d288-4b39-86a4-65877331eaf7.html", "cvelist": ["CVE-2015-5127", "CVE-2015-5553", "CVE-2015-5124", "CVE-2015-5539", "CVE-2015-5556", "CVE-2015-5130", "CVE-2015-5563", "CVE-2015-5133", "CVE-2015-5557", "CVE-2015-5134", "CVE-2015-5561", "CVE-2015-5541", "CVE-2015-5551", "CVE-2015-5540", "CVE-2015-5564", "CVE-2015-5555", "CVE-2015-5554", "CVE-2015-5549", "CVE-2015-5544", "CVE-2015-3107", "CVE-2015-5131", "CVE-2015-5562", "CVE-2015-5558", "CVE-2015-5547", "CVE-2015-5552", "CVE-2015-5545", "CVE-2015-5560", "CVE-2015-5550", "CVE-2015-5132", "CVE-2015-5548", "CVE-2015-5559", "CVE-2015-5128", "CVE-2015-5129", "CVE-2015-5546", "CVE-2015-5125"], "lastseen": "2016-09-26T17:24:16"}], "suse": [{"id": "OPENSUSE-SU-2015:1391-1", "type": "suse", "title": "Security update for flash-player (critical)", "description": "- Security update to 11.2.202.508 (bsc#941239):\n * APSB15-19: CVE-2015-3107, CVE-2015-5124, CVE-2015-5125, CVE-2015-5127,\n CVE-2015-5128, CVE-2015-5129, CVE-2015-5130, CVE-2015-5131,\n CVE-2015-5132, CVE-2015-5133, CVE-2015-5134, CVE-2015-5539,\n CVE-2015-5540, CVE-2015-5541, CVE-2015-5544, CVE-2015-5545,\n CVE-2015-5546, CVE-2015-5547, CVE-2015-5548, CVE-2015-5549,\n CVE-2015-5550, CVE-2015-5551, CVE-2015-5552, CVE-2015-5553,\n CVE-2015-5554, CVE-2015-5555, CVE-2015-5556, CVE-2015-5557,\n CVE-2015-5558, CVE-2015-5559, CVE-2015-5560, CVE-2015-5561,\n CVE-2015-5562, CVE-2015-5563\n\n", "published": "2015-08-14T19:10:30", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00016.html", "cvelist": ["CVE-2015-5127", "CVE-2015-5553", "CVE-2015-5124", "CVE-2015-5539", "CVE-2015-5556", "CVE-2015-5130", "CVE-2015-5563", "CVE-2015-5133", "CVE-2015-5557", "CVE-2015-5134", "CVE-2015-5561", "CVE-2015-5541", "CVE-2015-5551", "CVE-2015-5540", "CVE-2015-5555", "CVE-2015-5554", "CVE-2015-5549", "CVE-2015-5544", "CVE-2015-3107", "CVE-2015-5131", "CVE-2015-5562", "CVE-2015-5558", "CVE-2015-5547", "CVE-2015-5552", "CVE-2015-5545", "CVE-2015-5560", "CVE-2015-5550", "CVE-2015-5132", "CVE-2015-5548", "CVE-2015-5559", "CVE-2015-5128", "CVE-2015-5129", "CVE-2015-5546", "CVE-2015-5125"], "lastseen": "2016-09-04T11:37:36"}, {"id": "SUSE-SU-2015:1374-1", "type": "suse", "title": "Security update for flash-player (critical)", "description": "This security update to 11.2.202.508 (bsc#941239) fixes the following\n issues:\n\n * APSB15-19: CVE-2015-3107, CVE-2015-5124, CVE-2015-5125, CVE-2015-5127,\n CVE-2015-5128, CVE-2015-5129, CVE-2015-5130, CVE-2015-5131,\n CVE-2015-5132, CVE-2015-5133, CVE-2015-5134, CVE-2015-5539,\n CVE-2015-5540, CVE-2015-5541, CVE-2015-5544, CVE-2015-5545,\n CVE-2015-5546, CVE-2015-5547, CVE-2015-5548, CVE-2015-5549,\n CVE-2015-5550, CVE-2015-5551, CVE-2015-5552, CVE-2015-5553,\n CVE-2015-5554, CVE-2015-5555, CVE-2015-5556, CVE-2015-5557,\n CVE-2015-5558, CVE-2015-5559, CVE-2015-5560, CVE-2015-5561,\n CVE-2015-5562, CVE-2015-5563\n\n", "published": "2015-08-12T16:09:53", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00005.html", "cvelist": ["CVE-2015-5127", "CVE-2015-5553", "CVE-2015-5124", "CVE-2015-5539", "CVE-2015-5556", "CVE-2015-5130", "CVE-2015-5563", "CVE-2015-5133", "CVE-2015-5557", "CVE-2015-5134", "CVE-2015-5561", "CVE-2015-5541", "CVE-2015-5551", "CVE-2015-5540", "CVE-2015-5555", "CVE-2015-5554", "CVE-2015-5549", "CVE-2015-5544", "CVE-2015-3107", "CVE-2015-5131", "CVE-2015-5562", "CVE-2015-5558", "CVE-2015-5547", "CVE-2015-5552", "CVE-2015-5545", "CVE-2015-5560", "CVE-2015-5550", "CVE-2015-5132", "CVE-2015-5548", "CVE-2015-5559", "CVE-2015-5128", "CVE-2015-5129", "CVE-2015-5546", "CVE-2015-5125"], "lastseen": "2016-09-04T12:47:50"}, {"id": "OPENSUSE-SU-2015:1388-1", "type": "suse", "title": "Security update for flash-player (critical)", "description": "Security update to 11.2.202.508 (bsc#941239):\n * APSB15-19: CVE-2015-3107, CVE-2015-5124, CVE-2015-5125, CVE-2015-5127,\n CVE-2015-5128, CVE-2015-5129, CVE-2015-5130, CVE-2015-5131,\n CVE-2015-5132, CVE-2015-5133, CVE-2015-5134, CVE-2015-5539,\n CVE-2015-5540, CVE-2015-5541, CVE-2015-5544, CVE-2015-5545,\n CVE-2015-5546, CVE-2015-5547, CVE-2015-5548, CVE-2015-5549,\n CVE-2015-5550, CVE-2015-5551, CVE-2015-5552, CVE-2015-5553,\n CVE-2015-5554, CVE-2015-5555, CVE-2015-5556, CVE-2015-5557,\n CVE-2015-5558, CVE-2015-5559, CVE-2015-5560, CVE-2015-5561,\n CVE-2015-5562, CVE-2015-5563\n\n", "published": "2015-08-14T19:09:22", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00013.html", "cvelist": ["CVE-2015-5127", "CVE-2015-5553", "CVE-2015-5124", "CVE-2015-5539", "CVE-2015-5556", "CVE-2015-5130", "CVE-2015-5563", "CVE-2015-5133", "CVE-2015-5557", "CVE-2015-5134", "CVE-2015-5561", "CVE-2015-5541", "CVE-2015-5551", "CVE-2015-5540", "CVE-2015-5555", "CVE-2015-5554", "CVE-2015-5549", "CVE-2015-5544", "CVE-2015-3107", "CVE-2015-5131", "CVE-2015-5562", "CVE-2015-5558", "CVE-2015-5547", "CVE-2015-5552", "CVE-2015-5545", "CVE-2015-5560", "CVE-2015-5550", "CVE-2015-5132", "CVE-2015-5548", "CVE-2015-5559", "CVE-2015-5128", "CVE-2015-5129", "CVE-2015-5546", "CVE-2015-5125"], "lastseen": "2016-09-04T11:18:18"}, {"id": "SUSE-SU-2015:1373-1", "type": "suse", "title": "Security update for flash-player (critical)", "description": "This security update to 11.2.202.508 (bsc#941239) fixes the following\n issues:\n\n * APSB15-19: CVE-2015-3107, CVE-2015-5124, CVE-2015-5125, CVE-2015-5127,\n CVE-2015-5128, CVE-2015-5129, CVE-2015-5130, CVE-2015-5131,\n CVE-2015-5132, CVE-2015-5133, CVE-2015-5134, CVE-2015-5539,\n CVE-2015-5540, CVE-2015-5541, CVE-2015-5544, CVE-2015-5545,\n CVE-2015-5546, CVE-2015-5547, CVE-2015-5548, CVE-2015-5549,\n CVE-2015-5550, CVE-2015-5551, CVE-2015-5552, CVE-2015-5553,\n CVE-2015-5554, CVE-2015-5555, CVE-2015-5556, CVE-2015-5557,\n CVE-2015-5558, CVE-2015-5559, CVE-2015-5560, CVE-2015-5561,\n CVE-2015-5562, CVE-2015-5563\n\n", "published": "2015-08-12T16:09:33", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00004.html", "cvelist": ["CVE-2015-5127", "CVE-2015-5553", "CVE-2015-5124", "CVE-2015-5539", "CVE-2015-5556", "CVE-2015-5130", "CVE-2015-5563", "CVE-2015-5133", "CVE-2015-5557", "CVE-2015-5134", "CVE-2015-5561", "CVE-2015-5541", "CVE-2015-5551", "CVE-2015-5540", "CVE-2015-5555", "CVE-2015-5554", "CVE-2015-5549", "CVE-2015-5544", "CVE-2015-3107", "CVE-2015-5131", "CVE-2015-5562", "CVE-2015-5558", "CVE-2015-5547", "CVE-2015-5552", "CVE-2015-5545", "CVE-2015-5560", "CVE-2015-5550", "CVE-2015-5132", "CVE-2015-5548", "CVE-2015-5559", "CVE-2015-5128", "CVE-2015-5129", "CVE-2015-5546", "CVE-2015-5125"], "lastseen": "2016-09-04T11:23:40"}, {"id": "OPENSUSE-SU-2015:1781-1", "type": "suse", "title": "Security update for flash-player (critical)", "description": "This security issue was fixed:\n - CVE-2015-7645: Critical vulnerability affecting 11.2.202.535 used in\n Pawn Storm (APSA15-05) (bsc#950474).\n\n", "published": "2015-10-19T19:09:31", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00018.html", "cvelist": ["CVE-2015-5127", "CVE-2015-5553", "CVE-2015-6677", "CVE-2015-5124", "CVE-2015-5539", "CVE-2015-5556", "CVE-2015-5130", "CVE-2015-6676", "CVE-2015-5588", "CVE-2015-5563", "CVE-2015-5584", "CVE-2015-7634", "CVE-2015-7625", "CVE-2015-5133", "CVE-2015-5575", "CVE-2015-5557", "CVE-2015-5134", "CVE-2015-5561", "CVE-2015-5541", "CVE-2015-5569", "CVE-2015-7627", "CVE-2015-5573", "CVE-2015-7633", "CVE-2015-7630", "CVE-2015-5587", "CVE-2015-7629", "CVE-2015-5551", "CVE-2015-5540", "CVE-2015-5555", "CVE-2015-5554", "CVE-2015-5549", "CVE-2015-5580", "CVE-2015-5544", "CVE-2015-6682", "CVE-2015-5568", "CVE-2015-7626", "CVE-2015-6678", "CVE-2015-5572", "CVE-2015-3107", "CVE-2015-5131", "CVE-2015-5562", "CVE-2015-5558", "CVE-2015-5571", "CVE-2015-5547", "CVE-2015-5552", "CVE-2015-5576", "CVE-2015-7643", "CVE-2015-5545", "CVE-2015-5560", "CVE-2015-7628", "CVE-2015-5577", "CVE-2015-5581", "CVE-2015-6679", "CVE-2015-5567", "CVE-2015-5574", "CVE-2015-5550", "CVE-2015-7645", "CVE-2015-5578", "CVE-2015-7632", "CVE-2015-5582", "CVE-2015-5132", "CVE-2015-5548", "CVE-2015-7631", "CVE-2015-5559", "CVE-2015-7644", "CVE-2015-5128", "CVE-2015-5129", "CVE-2015-5579", "CVE-2015-5546", "CVE-2015-5570", "CVE-2015-5125"], "lastseen": "2016-09-04T12:37:53"}], "kaspersky": [{"id": "KLA10650", "type": "kaspersky", "title": "\r KLA10650Multiple vulnerabilities in Adobe products\t\t\t ", "description": "### *CVSS*:\n10.0\n\n### *Detect date*:\n08/11/2015\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple serious vulnerabilities have been found in Adobe products. Malicious users can exploit these vulnerabilities to cause denial of service or execute arbitrary code.\n\n### *Affected products*:\nAdobe Flash Player for Windows and OS X versions earlier than 18.0.0.232 \nAdobe Flash Player ESR versions earlier than 18.0.0.232 \nAdobe Flash Player for Linux versions earlier than 11.2.202.508 \nAdobe flash player at Google Chrome for Linux and Chrome OS versions earlier than 18.0.0.233 \nAdobe AIR versions earlier than 18.0.0.199 \n \n\n\n### *Solution*:\nUpdate to the latest version \n[Get Flash Player](<https://get.adobe.com/flashplayer/>) \n[Get AIR](<https://get.adobe.com/air/>)\n\n### *Original advisories*:\n[Adobe Security bulletin](<https://helpx.adobe.com/security/products/flash-player/apsb15-19.html>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Adobe Flash Player PPAPI](<https://threats.kaspersky.com/en/product/Adobe-Flash-Player-PPAPI/>)\n\n### *CVE-IDS*:\n[CVE-2015-5566](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5566>) \n[CVE-2015-5133](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5133>) \n[CVE-2015-5132](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5132>) \n[CVE-2015-5131](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5131>) \n[CVE-2015-5130](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5130>) \n[CVE-2015-5129](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5129>) \n[CVE-2015-5127](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5127>) \n[CVE-2015-5125](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5125>) \n[CVE-2015-5134](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5134>) \n[CVE-2015-5539](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5539>) \n[CVE-2015-5540](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5540>) \n[CVE-2015-5541](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5541>) \n[CVE-2015-5544](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5544>) \n[CVE-2015-5545](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5545>) \n[CVE-2015-5546](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5546>) \n[CVE-2015-5547](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5547>) \n[CVE-2015-5548](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5548>) \n[CVE-2015-5549](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5549>) \n[CVE-2015-5550](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5550>) \n[CVE-2015-5551](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5551>) \n[CVE-2015-5552](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5552>) \n[CVE-2015-5553](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5553>) \n[CVE-2015-5554](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5554>) \n[CVE-2015-5555](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5555>) \n[CVE-2015-5556](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5556>) \n[CVE-2015-5557](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5557>) \n[CVE-2015-5558](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5558>) \n[CVE-2015-5559](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5559>) \n[CVE-2015-5560](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5560>) \n[CVE-2015-5561](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5561>) \n[CVE-2015-5562](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5562>) \n[CVE-2015-5563](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5563>) \n[CVE-2015-5564](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5564>) \n[CVE-2015-5565](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5565>) \n[CVE-2015-5124](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5124>)", "published": "2015-08-11T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://threats.kaspersky.com/en/vulnerability/KLA10650", "cvelist": ["CVE-2015-5127", "CVE-2015-5553", "CVE-2015-5124", "CVE-2015-5539", "CVE-2015-5556", "CVE-2015-5130", "CVE-2015-5563", "CVE-2015-5565", "CVE-2015-5133", "CVE-2015-5557", "CVE-2015-5134", "CVE-2015-5561", "CVE-2015-5541", "CVE-2015-5551", "CVE-2015-5540", "CVE-2015-5564", "CVE-2015-5555", "CVE-2015-5554", "CVE-2015-5549", "CVE-2015-5544", "CVE-2015-5131", "CVE-2015-5562", "CVE-2015-5558", "CVE-2015-5547", "CVE-2015-5552", "CVE-2015-5545", "CVE-2015-5560", "CVE-2015-5566", "CVE-2015-5550", "CVE-2015-5132", "CVE-2015-5548", "CVE-2015-5559", "CVE-2015-5129", "CVE-2015-5546", "CVE-2015-5125"], "lastseen": "2018-03-30T14:11:41"}], "redhat": [{"id": "RHSA-2015:1603", "type": "redhat", "title": "(RHSA-2015:1603) Critical: flash-plugin security update", "description": "The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash\nPlayer web browser plug-in.\n\nThis update fixes multiple vulnerabilities in Adobe Flash Player. These\nvulnerabilities are detailed in the Adobe Security Bulletin APSB15-19\nlisted in the References section.\n\nMultiple flaws were found in the way flash-plugin displayed certain SWF\ncontent. An attacker could use these flaws to create a specially crafted\nSWF file that would cause flash-plugin to crash or, potentially, execute\narbitrary code when the victim loaded a page containing the malicious SWF\ncontent. (CVE-2015-5127, CVE-2015-5128, CVE-2015-5129, CVE-2015-5130,\nCVE-2015-5131, CVE-2015-5132, CVE-2015-5133, CVE-2015-5134, CVE-2015-5539,\nCVE-2015-5540, CVE-2015-5541, CVE-2015-5544, CVE-2015-5545, CVE-2015-5546,\nCVE-2015-5547, CVE-2015-5548, CVE-2015-5549, CVE-2015-5550, CVE-2015-5551,\nCVE-2015-5552, CVE-2015-5553, CVE-2015-5554, CVE-2015-5555, CVE-2015-5556,\nCVE-2015-5557, CVE-2015-5558, CVE-2015-5559, CVE-2015-5560, CVE-2015-5561,\nCVE-2015-5562, CVE-2015-5563, CVE-2015-5564)\n\nAll users of Adobe Flash Player should install this updated package, which\nupgrades Flash Player to version 11.2.202.508.\n", "published": "2015-08-12T04:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2015:1603", "cvelist": ["CVE-2015-5127", "CVE-2015-5128", "CVE-2015-5129", "CVE-2015-5130", "CVE-2015-5131", "CVE-2015-5132", "CVE-2015-5133", "CVE-2015-5134", "CVE-2015-5539", "CVE-2015-5540", "CVE-2015-5541", "CVE-2015-5544", "CVE-2015-5545", "CVE-2015-5546", "CVE-2015-5547", "CVE-2015-5548", "CVE-2015-5549", "CVE-2015-5550", "CVE-2015-5551", "CVE-2015-5552", "CVE-2015-5553", "CVE-2015-5554", "CVE-2015-5555", "CVE-2015-5556", "CVE-2015-5557", "CVE-2015-5558", "CVE-2015-5559", "CVE-2015-5560", "CVE-2015-5561", "CVE-2015-5562", "CVE-2015-5563", "CVE-2015-5564", "CVE-2015-5565", "CVE-2015-5566"], "lastseen": "2017-09-09T07:20:38"}]}}
