Lucene search

Tenable9040.PRM

HistoryJan 08, 2016 - 12:00 a.m.

Flash Player < 20.0.0.228 Multiple Vulnerabilities (APSB15-32)

2016-01-0800:00:00

Tenable

www.tenable.com

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

10 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.929 High

EPSS

Percentile

99.0%

JSON

Versions of Adobe Flash Player prior to 20.0.0.228 are outdated and thus unpatched for the following vulnerabilities :

Multiple heap buffer overflow conditions exist that allow an attacker to execute arbitrary code. (CVE-2015-8438, CVE-2015-8446)
Multiple memory corruption issues exist that allow an attacker to execute arbitrary code. (CVE-2015-8045, CVE-2015-8047, CVE-2015-8060, CVE-2015-8408, CVE-2015-8416, CVE-2015-8417, CVE-2015-8418, CVE-2015-8419, CVE-2015-8443, CVE-2015-8444, CVE-2015-8451, CVE-2015-8455)
Multiple security bypass vulnerabilities exist that allow an attacker to write arbitrary data to the file system under user permissions. (CVE-2015-8453, CVE-2015-8440, CVE-2015-8409)
A stack buffer overflow condition exists that allows an attacker to execute arbitrary code. (CVE-2015-8407, CVE-2015-8457)
A type confusion error exists that allows an attacker to execute arbitrary code. (CVE-2015-8439, CVE-2015-8456)
An integer overflow condition exists that allows an attacker to execute arbitrary code. (CVE-2015-8445)
A buffer overflow condition exists that allows an attacker to execute arbitrary code. (CVE-2015-8415)
Multiple use-after-free errors exist that allow an attacker to execute arbitrary code. (CVE-2015-8048, CVE-2015-8049, CVE-2015-8050, CVE-2015-8055, CVE-2015-8056, CVE-2015-8057, CVE-2015-8058, CVE-2015-8059, CVE-2015-8061, CVE-2015-8062, CVE-2015-8063, CVE-2015-8064, CVE-2015-8065, CVE-2015-8066, CVE-2015-8067, CVE-2015-8068, CVE-2015-8069, CVE-2015-8070, CVE-2015-8071, CVE-2015-8401, CVE-2015-8402, CVE-2015-8403, CVE-2015-8404, CVE-2015-8405, CVE-2015-8406, CVE-2015-8410, CVE-2015-8411, CVE-2015-8412, CVE-2015-8413, CVE-2015-8414, CVE-2015-8420, CVE-2015-8421, CVE-2015-8422, CVE-2015-8423, CVE-2015-8424, CVE-2015-8425, CVE-2015-8426, CVE-2015-8427, CVE-2015-8428, CVE-2015-8429, CVE-2015-8430, CVE-2015-8431, CVE-2015-8432, CVE-2015-8433, CVE-2015-8434, CVE-2015-8435, CVE-2015-8436, CVE-2015-8437, CVE-2015-8441, CVE-2015-8442, CVE-2015-8447, CVE-2015-8448, CVE-2015-8449, CVE-2015-8450, CVE-2015-8452, CVE-2015-8454)
An out-of-bounds access flaw exists that is triggered when handling a specially crafted MP4 file. This may potentially allow a context-dependent attacker to execute arbitrary code. (CVE-2015-8652, CVE-2015-8654, CVE-2015-8655, CVE-2015-8656, CVE-2015-8657, CVE-2015-8820)
A use-after-free flaw exists that is triggered when handling a specially crafted MP4 file. This may allow a context-dependent attacker to dereference and already freed memory and potentially execute arbitrary code. (CVE-2015-8653, CVE-2015-8822, CVE-2015-8821)
A flaw exists that is triggered when handling a specially crafted MP4 file. This may allow a context-dependent attacker to dereference an uninitialized pointer and potentially execute arbitrary code.(CVE-2015-8658)

Binary data 9040.prm

VendorProductVersionCPE
adobeflash_playercpe:/a:adobe:flash_player

Vendor	Product	Version	CPE
adobe	flash_player		cpe:/a:adobe:flash_player

References

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8045

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8047

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8048

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8049

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8050

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8055

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8056

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8057

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8058

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8059

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8060

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8061

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8062

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8063

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8064

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8065

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8066

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8067

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8068

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8069

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8070

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8071

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8401

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8402

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8403

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8404

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8405

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8406

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8407

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8408

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8409

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8410

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8411

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8412

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8413

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8414

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8415

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8416

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8417

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8418

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8419

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8420

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8421

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8422

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8423

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8424

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8425

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8426

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8427

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8428

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8429

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8430

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8431

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8432

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8433

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8434

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8435

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8436

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8437

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8438

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8439

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8440

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8441

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8442

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8443

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8444

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8445

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8446

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8447

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8448

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8449

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8450

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8451

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8452

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8453

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8454

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8455

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8456

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8457

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8652

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8653

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8654

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8655

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8656

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8657

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8658

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8820

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8821

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8822

www.nessus.org/u?0cb17c10

www.nessus.org/u?80926ccd

helpx.adobe.com/security/products/flash-player/apsb15-32.html

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

10 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.929 High

EPSS

Percentile

99.0%

JSON

Related for 9040.PRM