ID CVE-2015-0312
Summary Double free vulnerability in Adobe Flash Player before 13.0.0.264 and 14.x through 16.x before 16.0.0.296 on Windows and OS X and before 11.2.202.440 on Linux allows attackers to execute arbitrary code via unspecified vectors.
References
Vulnerable Configurations
  • Adobe Flash Player 11.0
    cpe:2.3:a:adobe:flash_player:11.0
  • Adobe Flash Player 11.0.1.152
    cpe:2.3:a:adobe:flash_player:11.0.1.152
  • Adobe Flash Player 11.0.1.152 x64 (64-bit)
    cpe:2.3:a:adobe:flash_player:11.0.1.152:-:-:-:-:-:x64
  • Adobe Flash Player 11.0.1.153
    cpe:2.3:a:adobe:flash_player:11.0.1.153
  • Adobe Flash Player 11.1
    cpe:2.3:a:adobe:flash_player:11.1
  • Adobe Flash Player 11.1.102.55
    cpe:2.3:a:adobe:flash_player:11.1.102.55
  • Adobe Flash Player 11.1.102.55 (x64) 64-bit
    cpe:2.3:a:adobe:flash_player:11.1.102.55:-:-:-:-:-:x64
  • Adobe Flash Player 11.1.102.59
    cpe:2.3:a:adobe:flash_player:11.1.102.59
  • Adobe Flash Player 11.1.102.62
    cpe:2.3:a:adobe:flash_player:11.1.102.62
  • Adobe Flash Player 11.1.102.63
    cpe:2.3:a:adobe:flash_player:11.1.102.63
  • Adobe Flash Player 11.1.111.44
    cpe:2.3:a:adobe:flash_player:11.1.111.44
  • Adobe Flash Player 11.1.111.50
    cpe:2.3:a:adobe:flash_player:11.1.111.50
  • Adobe Flash Player 11.1.111.54
    cpe:2.3:a:adobe:flash_player:11.1.111.54
  • Adobe Flash Player 11.1.111.64
    cpe:2.3:a:adobe:flash_player:11.1.111.64
  • Adobe Flash Player 11.1.111.73
    cpe:2.3:a:adobe:flash_player:11.1.111.73
  • Adobe Flash Player 11.1.111.8
    cpe:2.3:a:adobe:flash_player:11.1.111.8
  • Adobe Flash Player 11.1.115.34
    cpe:2.3:a:adobe:flash_player:11.1.115.34
  • Adobe Flash Player 11.1.115.48
    cpe:2.3:a:adobe:flash_player:11.1.115.48
  • Adobe Flash Player 11.1.115.54
    cpe:2.3:a:adobe:flash_player:11.1.115.54
  • Adobe Flash Player 11.1.115.58
    cpe:2.3:a:adobe:flash_player:11.1.115.58
  • Adobe Flash Player 11.1.115.59
    cpe:2.3:a:adobe:flash_player:11.1.115.59
  • Adobe Flash Player 11.1.115.63
    cpe:2.3:a:adobe:flash_player:11.1.115.63
  • Adobe Flash Player 11.1.115.69
    cpe:2.3:a:adobe:flash_player:11.1.115.69
  • Adobe Flash Player 11.1.115.7
    cpe:2.3:a:adobe:flash_player:11.1.115.7
  • Adobe Flash Player 11.1.115.81
    cpe:2.3:a:adobe:flash_player:11.1.115.81
  • Adobe Flash Player 11.2.202.223
    cpe:2.3:a:adobe:flash_player:11.2.202.223
  • Adobe Flash Player 11.2.202.228
    cpe:2.3:a:adobe:flash_player:11.2.202.228
  • Adobe Flash Player 11.2.202.233
    cpe:2.3:a:adobe:flash_player:11.2.202.233
  • Adobe Flash Player 11.2.202.235
    cpe:2.3:a:adobe:flash_player:11.2.202.235
  • Adobe Flash Player 11.2.202.236
    cpe:2.3:a:adobe:flash_player:11.2.202.236
  • Adobe Flash Player 11.2.202.238
    cpe:2.3:a:adobe:flash_player:11.2.202.238
  • Adobe Flash Player 11.2.202.243
    cpe:2.3:a:adobe:flash_player:11.2.202.243
  • Adobe Flash Player 11.2.202.251
    cpe:2.3:a:adobe:flash_player:11.2.202.251
  • Adobe Flash Player 11.2.202.258
    cpe:2.3:a:adobe:flash_player:11.2.202.258
  • Adobe Flash Player 11.2.202.261
    cpe:2.3:a:adobe:flash_player:11.2.202.261
  • Adobe Flash Player 11.2.202.262
    cpe:2.3:a:adobe:flash_player:11.2.202.262
  • Adobe Flash Player 11.2.202.270
    cpe:2.3:a:adobe:flash_player:11.2.202.270
  • Adobe Flash Player 11.2.202.273
    cpe:2.3:a:adobe:flash_player:11.2.202.273
  • Adobe Flash Player 11.2.202.275
    cpe:2.3:a:adobe:flash_player:11.2.202.275
  • Adobe Flash Player 11.2.202.280
    cpe:2.3:a:adobe:flash_player:11.2.202.280
  • Adobe Flash Player 11.2.202.285
    cpe:2.3:a:adobe:flash_player:11.2.202.285
  • Adobe Flash Player 11.2.202.291
    cpe:2.3:a:adobe:flash_player:11.2.202.291
  • Adobe Flash Player 11.2.202.297
    cpe:2.3:a:adobe:flash_player:11.2.202.297
  • Adobe Flash Player 11.2.202.310
    cpe:2.3:a:adobe:flash_player:11.2.202.310
  • Adobe Flash Player 11.2.202.327
    cpe:2.3:a:adobe:flash_player:11.2.202.327
  • Adobe Flash Player 11.2.202.332
    cpe:2.3:a:adobe:flash_player:11.2.202.332
  • Adobe Flash Player 11.2.202.335
    cpe:2.3:a:adobe:flash_player:11.2.202.335
  • Adobe Flash Player 11.2.202.336
    cpe:2.3:a:adobe:flash_player:11.2.202.336
  • Adobe Flash Player 11.2.202.341
    cpe:2.3:a:adobe:flash_player:11.2.202.341
  • Adobe Flash Player 11.2.202.346
    cpe:2.3:a:adobe:flash_player:11.2.202.346
  • Adobe Flash Player 11.2.202.350
    cpe:2.3:a:adobe:flash_player:11.2.202.350
  • Adobe Flash Player 11.2.202.356
    cpe:2.3:a:adobe:flash_player:11.2.202.356
  • Adobe Flash Player 11.2.202.359
    cpe:2.3:a:adobe:flash_player:11.2.202.359
  • Adobe Flash Player 11.2.202.378
    cpe:2.3:a:adobe:flash_player:11.2.202.378
  • Adobe Flash Player 11.2.202.394
    cpe:2.3:a:adobe:flash_player:11.2.202.394
  • Adobe Flash Player 11.2.202.429
    cpe:2.3:a:adobe:flash_player:11.2.202.429
  • Adobe Flash Player 11.2.202.438
    cpe:2.3:a:adobe:flash_player:11.2.202.438
  • Linux Kernel
    cpe:2.3:o:linux:linux_kernel
  • Adobe Flash Player 16.0.0.287
    cpe:2.3:a:adobe:flash_player:16.0.0.287
  • Adobe Flash Player 16.0.0.257
    cpe:2.3:a:adobe:flash_player:16.0.0.257
  • Adobe Flash Player 16.0.0.235
    cpe:2.3:a:adobe:flash_player:16.0.0.235
  • Adobe Flash Player 16.0.0.234
    cpe:2.3:a:adobe:flash_player:16.0.0.234
  • cpe:2.3:a:adobe:flash_player:15.0.0.144
    cpe:2.3:a:adobe:flash_player:15.0.0.144
  • Adobe Flash Player 15.0.0.152
    cpe:2.3:a:adobe:flash_player:15.0.0.152
  • Adobe Flash Player 15.0.0.167
    cpe:2.3:a:adobe:flash_player:15.0.0.167
  • Adobe Flash Player 15.0.0.189
    cpe:2.3:a:adobe:flash_player:15.0.0.189
  • Adobe Flash Player 15.0.0.223
    cpe:2.3:a:adobe:flash_player:15.0.0.223
  • cpe:2.3:a:adobe:flash_player:15.0.0.238
    cpe:2.3:a:adobe:flash_player:15.0.0.238
  • Adobe Flash Player 15.0.0.239
    cpe:2.3:a:adobe:flash_player:15.0.0.239
  • Adobe Flash Player 15.0.0.246
    cpe:2.3:a:adobe:flash_player:15.0.0.246
  • Adobe Flash Player 14.0.0.179
    cpe:2.3:a:adobe:flash_player:14.0.0.179
  • Adobe Flash Player 14.0.0.176
    cpe:2.3:a:adobe:flash_player:14.0.0.176
  • Adobe Flash Player 14.0.0.125
    cpe:2.3:a:adobe:flash_player:14.0.0.125
  • Adobe Flash Player 14.0.0.145
    cpe:2.3:a:adobe:flash_player:14.0.0.145
  • Adobe Flash Player 13.0.0.182
    cpe:2.3:a:adobe:flash_player:13.0.0.182
  • Adobe Flash Player 13.0.0.201
    cpe:2.3:a:adobe:flash_player:13.0.0.201
  • Adobe Flash Player 13.0.0.206
    cpe:2.3:a:adobe:flash_player:13.0.0.206
  • Adobe Flash Player 13.0.0.214
    cpe:2.3:a:adobe:flash_player:13.0.0.214
  • Adobe Flash Player 13.0.0.223
    cpe:2.3:a:adobe:flash_player:13.0.0.223
  • Adobe Flash Player 13.0.0.231
    cpe:2.3:a:adobe:flash_player:13.0.0.231
  • Adobe Flash Player 13.0.0.260
    cpe:2.3:a:adobe:flash_player:13.0.0.260
  • Adobe Flash Player 13.0.0.262
    cpe:2.3:a:adobe:flash_player:13.0.0.262
  • Microsoft Windows
    cpe:2.3:o:microsoft:windows
  • Apple Mac OS X
    cpe:2.3:o:apple:mac_os_x
CVSS
Base: 10.0 (as of 29-01-2015 - 12:36)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
nessus via4
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_FLASH_PLAYER_16_0_0_296.NASL
    description According to its version, the Adobe Flash Player installed on the remote Mac OS X host is equal or prior to 16.0.0.287. It is, therefore, affected by the following vulnerabilities : - A use-after-free error exists that allows an attacker to crash the application or execute arbitrary code. (CVE-2015-0311) - A double-free error exists that allows an attacker to crash the application or possibly execute arbitrary code. (CVE-2015-0312)
    last seen 2019-02-21
    modified 2018-07-14
    plugin id 80999
    published 2015-01-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=80999
    title Flash Player For Mac <= 16.0.0.287 Unspecified Code Execution (APSA15-01)
  • NASL family Windows
    NASL id GOOGLE_CHROME_40_0_2214_93.NASL
    description The version of Google Chrome installed on the remote Windows host is prior to 40.0.2214.93. It is, therefore, affected by the following vulnerabilities : - A use-after-free error exists that allows an attacker to crash the application or execute arbitrary code. (CVE-2015-0311) - A double-free error exists that allows an attacker to crash the application or possibly execute arbitrary code. (CVE-2015-0312)
    last seen 2019-02-21
    modified 2018-07-12
    plugin id 81020
    published 2015-01-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=81020
    title Google Chrome < 40.0.2214.93 Flash Player Multiple Remote Code Execution
  • NASL family Windows
    NASL id FLASH_PLAYER_APSA15-01.NASL
    description According to its version, the Adobe Flash Player installed on the remote Windows host is equal or prior to 16.0.0.287. It is, therefore, affected by the following vulnerabilities : - A use-after-free error exists that allows an attacker to crash the application or execute arbitrary code. (CVE-2015-0311) - A double-free error exists that allows an attacker to crash the application or possibly execute arbitrary code. (CVE-2015-0312)
    last seen 2019-02-21
    modified 2018-07-11
    plugin id 80998
    published 2015-01-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=80998
    title Flash Player <= 16.0.0.287 Unspecified Code Execution (APSA15-01 / APSB15-03)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2015-0094.NASL
    description An updated Adobe Flash Player package that fixes multiple security issues is now available for Red Hat Enterprise Linux 5 and 6 Supplementary. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities are detailed in the Adobe Security Bulletin APSB15-02, and APSB15-03, listed in the References section. Multiple flaws were found in the way flash-plugin displayed certain SWF content. An attacker could use these flaws to create a specially crafted SWF file that would cause flash-plugin to crash or, potentially, execute arbitrary code when the victim loaded a page containing the malicious SWF content. (CVE-2015-0310, CVE-2015-0311, CVE-2015-0312) All users of Adobe Flash Player should install this updated package, which upgrades Flash Player to version 11.2.202.440.
    last seen 2019-02-21
    modified 2018-12-27
    plugin id 81036
    published 2015-01-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=81036
    title RHEL 5 / 6 : flash-plugin (RHSA-2015:0094)
  • NASL family Windows
    NASL id SMB_KB3035034.NASL
    description The remote host is missing KB3035034. It is, therefore, affected by the following vulnerabilities : - A use-after-free error exists that allows an attacker to crash the application or execute arbitrary code. (CVE-2015-0311) - A double-free error exists that allows an attacker to crash the application or execute arbitrary code. (CVE-2015-0312)
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 81046
    published 2015-01-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=81046
    title MS KB3035034: Update for Vulnerabilities in Adobe Flash Player in Internet Explorer
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_GOOGLE_CHROME_40_0_2214_93.NASL
    description The version of Google Chrome installed on the remote Mac OS X host is prior to 40.0.2214.93. It is, therefore, affected by the following vulnerabilities : - A use-after-free error exists that allows an attacker to crash the application or execute arbitrary code. (CVE-2015-0311) - A double-free error exists that allows an attacker to crash the application or possibly execute arbitrary code. (CVE-2015-0312)
    last seen 2019-02-21
    modified 2018-07-14
    plugin id 81021
    published 2015-01-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=81021
    title Google Chrome < 40.0.2214.93 Flash Player Multiple Remote Code Execution (Mac OS X)
refmap via4
bid 72343
confirm
sectrack 1031634
secunia
  • 62432
  • 62543
  • 62660
xf adobe-flash-cve20150312-code-exec(100394)
Last major update 18-02-2015 - 22:01
Published 28-01-2015 - 17:59
Last modified 07-09-2017 - 21:29
Back to Top