Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
kasperskyKaspersky LabKLA10574
HistoryMay 12, 2015 - 12:00 a.m.

KLA10574 Multiple vulnerabilities in Adobe Flash Player

2015-05-1200:00:00
Kaspersky Lab
threats.kaspersky.com
42

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:P/A:P

0.1 Low

EPSS

Percentile

94.8%

JSON

Detect date:

05/12/2015

Severity:

Critical

Description:

Multiple serious vulnerabilities have been found in Adobe products. Malicious users can exploit these vulnerabilities to write local files, bypass security restrictions, execute arbitrary code or obtain sensitive information.

Affected products:

Adobe Flash Player versions earlier than 17.0.0.188 for OS X and Windows
Adobe Flash Player ESR versions earlier than 13.0.0.289
Adobe Flash Player versions earlier than 11.2.202.460 for Linux
Adobe AIR runtime, SDK and Compiler versions earlier than 17.0.0.172

Solution:

Update to the latest version
Get Flash Player
Get AIR

Original advisories:

Adobe bulletin

Impacts:

ACE

Related products:

Adobe Flash Player ActiveX

CVE-IDS:

CVE-2015-30445.0Critical
CVE-2015-30915.0Critical
CVE-2015-30795.0Critical
CVE-2015-30814.3Warning
CVE-2015-30925.0Critical
CVE-2015-30856.4High
CVE-2015-30836.4High
CVE-2015-30826.4High

Exploitation:

Public exploits exist for this vulnerability.

References

Related

kaspersky 1
cve 8
prion 8
ubuntucve 8
securityvulns 1
suse 7
nessus 28
freebsd 2
checkpoint_advisories 7
altlinux 4
mageia 2
openvas 15
gentoo 2
hackerone 2
redhat 2
zdi 1
zdt 3
archlinux 1
kaspersky
kaspersky
KLA10576 Flash Player update for Google Chrome
2015-05-12 00:00:00
cve
cve
CVE-2015-3082
2015-05-13 11:00:00
CVE-2015-3085
2015-05-13 11:00:00
CVE-2015-3083
2015-05-13 11:00:00
prion
prion
Design/Logic Flaw
2015-05-13 11:00:00
Design/Logic Flaw
2015-05-13 11:00:00
Design/Logic Flaw
2015-05-13 11:00:00
ubuntucve
ubuntucve
CVE-2015-3083
2015-05-13 00:00:00
CVE-2015-3085
2015-05-13 00:00:00
CVE-2015-3082
2015-05-13 00:00:00
securityvulns
securityvulns
Adobe Flash Player multiple security vulnerabilities
2015-05-13 00:00:00
suse
suse
Security update for flash-player (important)
2015-05-16 00:05:04
Security update for flash-player (important)
2015-05-14 20:04:55
Security update for flash-player (important)
2015-05-19 17:04:53
nessus
nessus
MS KB3061904: Update for Vulnerabilities in Adobe Flash Player in Internet Explorer
2015-05-12 00:00:00
FreeBSD : Adobe Flash Player -- critical vulnerabilities (e206df57-f97b-11e4-b799-c485083ca99c)
2015-05-14 00:00:00
Flash Player < 13.0.0.289 / 17.0.0.188 Multiple Vulnerabilities (APSB15-09)
2015-07-10 00:00:00
freebsd
freebsd
Adobe Flash Player -- critical vulnerabilities
2015-05-12 00:00:00
Adobe Flash Player -- critical vulnerabilities
2015-04-14 00:00:00
checkpoint_advisories
checkpoint_advisories
Adobe Flash Player Validation Bypass (APSB15-09: CVE-2015-3085; CVE-2015-3082)
2015-06-02 00:00:00
Adobe Flash Player Memory Leak (APSB15-09: CVE-2015-3091)
2015-06-09 00:00:00
Adobe Flash Player Validation Bypass (APSB15-09: CVE-2015-3083)
2015-06-02 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 7 package adobe-flash-player version 3:11-alt44
2015-05-15 00:00:00
Security fix for the ALT Linux 6 package adobe-flash-player version 3:11-alt44
2015-05-15 00:00:00
Security fix for the ALT Linux 6 package adobe-flash-player version 3:11-alt43
2015-04-15 00:00:00
mageia
mageia
Updated flash-player-plugin packages fix security vulnerabilities
2015-05-12 22:37:48
Updated flash-player-plugin packages fix security vulnerabilities
2015-04-15 12:01:28
openvas
openvas
SUSE: Security Advisory for flash-player (SUSE-SU-2015:0878-1)
2015-10-16 00:00:00
Mageia: Security Advisory (MGASA-2015-0218)
2022-01-28 00:00:00
Gentoo Security Advisory GLSA 201505-02
2015-09-29 00:00:00
gentoo
gentoo
Adobe Flash Player: Multiple vulnerabilities
2015-05-31 00:00:00
Adobe Flash Player: Multiple vulnerabilities
2015-04-17 00:00:00
hackerone
hackerone
Internet Bug Bounty: Internet-based attacker can run Flash apps in local sandboxes by using special URL schemes (PSIRT-3299, CVE-2015-3079)
2015-06-30 14:33:56
Internet Bug Bounty: Flash Player information disclosure (etc.) CVE-2015-3044, PSIRT-3298
2015-05-21 19:39:15
redhat
redhat
(RHSA-2015:1005) Critical: flash-plugin security update
2015-05-13 00:00:00
(RHSA-2015:0813) Critical: flash-plugin security update
2015-04-15 00:00:00
zdi
zdi
(Pwn2Own) Adobe Flash Player BrokerCreateFile Broker Method Path Traversal Sandbox Escape Vulnerability
2015-05-12 00:00:00
zdt
zdt
Flash Broker-Based Sandbox Escape via Unexpected Directory Lock Exploit
2015-08-19 00:00:00
Flash Broker-Based Sandbox Escape via Forward Slash Instead of Backslash Exploit
2015-08-19 00:00:00
Flash Broker-Based Sandbox Escape via Timing Attack Against File Moving Exploit
2015-08-19 00:00:00
archlinux
archlinux
flashplugin: multiple issues
2015-04-17 00:00:00

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:P/A:P

0.1 Low

EPSS

Percentile

94.8%

JSON
Related for KLA10574
kaspersky1cve8prion8ubuntucve8securityvulns1suse7nessus28freebsd2checkpoint_advisories7altlinux4mageia2openvas15gentoo2hackerone2redhat2zdi1zdt3archlinux1