Memory corruption

2015-12-2823:59:00

PRIOn knowledge base

www.prio-n.com

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

9 High

AI Score

Confidence

High

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.026 Low

EPSS

Percentile

90.0%

JSON

Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR SDK before 20.0.0.233, and Adobe AIR SDK & Compiler before 20.0.0.233 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-8459, CVE-2015-8460, and CVE-2015-8636.

CPENameOperatorVersion
airle20.0.0.204
air_sdkle20.0.0.204
air_sdk_\\&_compilerle20.0.0.204
flash_playerle11.2.202.554
flash_playerle18.0.0.268
flash_playereq19.0.0.185
flash_playereq19.0.0.207
flash_playereq19.0.0.226
flash_playereq19.0.0.245
flash_playereq20.0.0.228

Name	Operator	Version
air	le	20.0.0.204
air_sdk	le	20.0.0.204
air_sdk_\\&_compiler	le	20.0.0.204
flash_player	le	11.2.202.554
flash_player	le	18.0.0.268
flash_player	eq	19.0.0.185
flash_player	eq	19.0.0.207
flash_player	eq	19.0.0.226
flash_player	eq	19.0.0.245
flash_player	eq	20.0.0.228