Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2015-0310

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2015-0310
Last Modified 13 Feb 2015 09:59:59
Published 23 Jan 2015 04:59:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2015-0310

Summary

Adobe Flash Player before 13.0.0.262 and 14.x through 16.x before 16.0.0.287 on Windows and OS X and before 11.2.202.438 on Linux does not properly restrict discovery of memory addresses, which allows attackers to bypass the ASLR protection mechanism on Windows, and have an unspecified impact on other platforms, via unknown vectors, as exploited in the wild in January 2015.

Vulnerable Systems

Application

  • Adobe Flash Player 11.2.202.429

  • Adobe Flash Player 13.0.0.260

  • Adobe Flash Player 14.0.0.125

  • Adobe Flash Player 14.0.0.145

  • Adobe Flash Player 14.0.0.176

  • Adobe Flash Player 14.0.0.179

  • Adobe Flash Player 15.0.0.152

  • Adobe Flash Player 15.0.0.167

  • Adobe Flash Player 15.0.0.189

  • Adobe Flash Player 15.0.0.223

  • Adobe Flash Player 15.0.0.239

  • Adobe Flash Player 15.0.0.246

  • Adobe Flash Player 16.0.0.235

  • Adobe Flash Player 16.0.0.257


References

CONFIRM - http://helpx.adobe.com/security/products/flash-player/apsb15-02.html

SECTRACK - 1031609

BID - 72261

SECUNIA - 62740

SECUNIA - 62660

SECUNIA - 62601

SECUNIA - 62452

GENTOO - GLSA-201502-02

Related Patches

APSB15-02 Adobe Flash Player 13.0.0.262 ESR for Mac OS X (See Notes)

APSB15-02 Adobe Flash Player 16.0.0.287 for Mac OS X (See Notes)


Last Updated: 27 May 2016 10:55:46