1. CVE-Search
  2. CVE-2015-0326
ID CVE-2015-0326
Summary Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows attackers to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2015-0325 and CVE-2015-0328.
References
Vulnerable Configurations
  • Adobe Flash Player 13.0.0.264
    cpe:2.3:a:adobe:flash_player:13.0.0.264
  • Adobe Flash Player 14.0.0.125
    cpe:2.3:a:adobe:flash_player:14.0.0.125
  • Adobe Flash Player 14.0.0.145
    cpe:2.3:a:adobe:flash_player:14.0.0.145
  • Adobe Flash Player 14.0.0.176
    cpe:2.3:a:adobe:flash_player:14.0.0.176
  • Adobe Flash Player 15.0.0.189
    cpe:2.3:a:adobe:flash_player:15.0.0.189
  • Adobe Flash Player 15.0.0.223
    cpe:2.3:a:adobe:flash_player:15.0.0.223
  • Adobe Flash Player 15.0.0.239
    cpe:2.3:a:adobe:flash_player:15.0.0.239
  • Adobe Flash Player 15.0.0.246
    cpe:2.3:a:adobe:flash_player:15.0.0.246
  • Adobe Flash Player 16.0.0.235
    cpe:2.3:a:adobe:flash_player:16.0.0.235
  • Adobe Flash Player 16.0.0.296
    cpe:2.3:a:adobe:flash_player:16.0.0.296
  • Adobe Flash Player 16.0.0.287
    cpe:2.3:a:adobe:flash_player:16.0.0.287
  • Adobe Flash Player 16.0.0.257
    cpe:2.3:a:adobe:flash_player:16.0.0.257
  • Adobe Flash Player 14.0.0.179
    cpe:2.3:a:adobe:flash_player:14.0.0.179
  • Adobe Flash Player 15.0.0.152
    cpe:2.3:a:adobe:flash_player:15.0.0.152
  • Adobe Flash Player 15.0.0.167
    cpe:2.3:a:adobe:flash_player:15.0.0.167
  • Apple Mac OS X
    cpe:2.3:o:apple:mac_os_x
  • Microsoft Windows
    cpe:2.3:o:microsoft:windows
  • Adobe Flash Player 11.2.202.440
    cpe:2.3:a:adobe:flash_player:11.2.202.440
  • Linux Kernel
    cpe:2.3:o:linux:linux_kernel
CVSS
Base: 10.0 (as of 06-02-2015 - 10:39)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
nessus via4
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_FLASH-PLAYER-150206.NASL
    description flash-player was updated to version 11.2.202.442 to fix 18 security issues. These security issues were fixed: - Use-after-free vulnerabilities that could lead to code execution (CVE-2015-0313 / CVE-2015-0315 / CVE-2015-0320 / CVE-2015-0322). - Memory corruption vulnerabilities that could lead to code execution (CVE-2015-0314 / CVE-2015-0316 / CVE-2015-0318 / CVE-2015-0321 / CVE-2015-0329 / CVE-2015-0330). - Type confusion vulnerabilities that could lead to code execution (CVE-2015-0317 / CVE-2015-0319). - Heap buffer overflow vulnerabilities that could lead to code execution (CVE-2015-0323 / CVE-2015-0327). - Buffer overflow vulnerability that could lead to code execution (CVE-2015-0324). - NULL pointer dereference issues. (CVE-2015-0325 / CVE-2015-0326 / CVE-2015-0328) More information is available at https://helpx.adobe.com/security/products/flash-player/apsb15-04.html
    last seen 2019-02-21
    modified 2016-12-21
    plugin id 81245
    published 2015-02-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=81245
    title SuSE 11.3 Security Update : flash-player, flash-player-gnome, flash-player-kde4 (SAT Patch Number 10287)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201502-02.NASL
    description The remote host is affected by the vulnerability described in GLSA-201502-02 (Adobe Flash Player: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Adobe Flash Player. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could possibly execute arbitrary code with the privileges of the process, cause a Denial of Service condition, obtain sensitive information or bypass security restrictions. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2015-04-13
    plugin id 81225
    published 2015-02-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=81225
    title GLSA-201502-02 : Adobe Flash Player: Multiple vulnerabilities
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_GOOGLE_CHROME_40_0_2214_111.NASL
    description The version of Google Chrome installed on the remote Mac OS X host is prior to 40.0.2214.111. It is, therefore, affected by the following vulnerabilities : - Several use-after-free errors exist that allow arbitrary code execution. (CVE-2015-0313, CVE-2015-0315, CVE-2015-0320, CVE-2015-0322) - Several memory corruption errors exist that allow arbitrary code execution. (CVE-2015-0314, CVE-2015-0316, CVE-2015-0318, CVE-2015-0321, CVE-2015-0329, CVE-2015-0330) - Several type confusion errors exist that allow arbitrary code execution. (CVE-2015-0317, CVE-2015-0319) - Several heap-based buffer-overflow errors exist that allow arbitrary code execution. (CVE-2015-0323, CVE-2015-0327) - A buffer overflow error exists that allows arbitrary code execution. (CVE-2015-0324) - Several null pointer dereference errors exist that have unspecified impacts. (CVE-2015-0325, CVE-2015-0326, CVE-2015-0328). - A user-after-free error exists within the processing of invalid m3u8 playlists. A remote attacker, with a specially crafted m3u8 playlist file, can force a dangling pointer to be reused after it has been freed, allowing the execution of arbitrary code. (CVE-2015-0331) - A use-after-free error exists related to the DOM component. (CVE-2015-1209) - A cross-origin bypass error exists related to the V8 JavaScript engine bindings. (CVE-2015-1210) - A privilege escalation error exists related to service workers. (CVE-2015-1211) - Various, unspecified errors exist. (CVE-2015-1212)
    last seen 2019-02-21
    modified 2018-07-14
    plugin id 81208
    published 2015-02-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=81208
    title Google Chrome < 40.0.2214.111 Multiple Vulnerabilities (Mac OS X)
  • NASL family Windows
    NASL id FLASH_PLAYER_APSA15-02.NASL
    description According to its version, the Adobe Flash Player installed on the remote Windows host is equal or prior to 16.0.0.296. It is, therefore, affected by the following vulnerabilities : - Several use-after-free errors exist that allow arbitrary code execution. (CVE-2015-0313, CVE-2015-0315, CVE-2015-0320, CVE-2015-0322) - Several memory corruption errors exist that allow arbitrary code execution. (CVE-2015-0314, CVE-2015-0316, CVE-2015-0318, CVE-2015-0321, CVE-2015-0329, CVE-2015-0330) - Several type confusion errors exist that allow arbitrary code execution. (CVE-2015-0317, CVE-2015-0319) - Several heap-based buffer-overflow errors exist that allow arbitrary code execution. (CVE-2015-0323, CVE-2015-0327) - A buffer overflow error exists that allows arbitrary code execution. (CVE-2015-0324) - Several null pointer dereference errors exist that have unspecified impacts. (CVE-2015-0325, CVE-2015-0326, CVE-2015-0328). - A user-after-free error exists within the processing of invalid m3u8 playlists. A remote attacker, with a specially crafted m3u8 playlist file, can force a dangling pointer to be reused after it has been freed, allowing the execution of arbitrary code. (CVE-2015-0331)
    last seen 2019-02-21
    modified 2018-07-11
    plugin id 81127
    published 2015-02-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=81127
    title Flash Player <= 16.0.0.296 Unspecified Code Execution (APSA15-02 / APSB15-04)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2015-0140.NASL
    description An updated Adobe Flash Player package that fixes multiple security issues is now available for Red Hat Enterprise Linux 5 and 6 Supplementary. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities are detailed in the Adobe Security Bulletin APSB15-04 listed in the References section. Multiple flaws were found in the way flash-plugin displayed certain SWF content. An attacker could use these flaws to create a specially crafted SWF file that would cause flash-plugin to crash or, potentially, execute arbitrary code when the victim loaded a page containing the malicious SWF content. (CVE-2015-0314, CVE-2015-0315, CVE-2015-0316, CVE-2015-0317, CVE-2015-0318, CVE-2015-0319, CVE-2015-0320, CVE-2015-0321, CVE-2015-0322, CVE-2015-0323, CVE-2015-0324, CVE-2015-0325, CVE-2015-0326, CVE-2015-0327, CVE-2015-0328, CVE-2015-0329, CVE-2015-0330) All users of Adobe Flash Player should install this updated package, which upgrades Flash Player to version 11.2.202.442.
    last seen 2019-02-21
    modified 2018-12-27
    plugin id 81244
    published 2015-02-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=81244
    title RHEL 5 / 6 : flash-plugin (RHSA-2015:0140)
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_FLASH_PLAYER_APSA15-02.NASL
    description According to its version, the Adobe Flash Player installed on the remote Mac OS X host is equal or prior to 16.0.0.296. It is, therefore, affected by the following vulnerabilities : - Several use-after-free errors exist that allow arbitrary code execution. (CVE-2015-0313, CVE-2015-0315, CVE-2015-0320, CVE-2015-0322) - Several memory corruption errors exist that allow arbitrary code execution. (CVE-2015-0314, CVE-2015-0316, CVE-2015-0318, CVE-2015-0321, CVE-2015-0329, CVE-2015-0330) - Several type confusion errors exist that allow arbitrary code execution. (CVE-2015-0317, CVE-2015-0319) - Several heap-based buffer-overflow errors exist that allow arbitrary code execution. (CVE-2015-0323, CVE-2015-0327) - A buffer overflow error exists that allows arbitrary code execution. (CVE-2015-0324) - Several null pointer dereference errors exist that have unspecified impacts. (CVE-2015-0325, CVE-2015-0326, CVE-2015-0328). - A user-after-free error exists within the processing of invalid m3u8 playlists. A remote attacker, with a specially crafted m3u8 playlist file, can force a dangling pointer to be reused after it has been freed, allowing the execution of arbitrary code. (CVE-2015-0331)
    last seen 2019-02-21
    modified 2018-07-14
    plugin id 81128
    published 2015-02-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=81128
    title Flash Player For Mac <= 16.0.0.296 Unspecified Code Execution (APSA15-02 / APSB15-04)
  • NASL family Windows
    NASL id SMB_KB3021953.NASL
    description The remote host is missing KB3021953. It is, therefore, affected by the following vulnerabilities : - Several use-after-free errors exist that allow arbitrary code execution. (CVE-2015-0313, CVE-2015-0315, CVE-2015-0320, CVE-2015-0322) - Several memory corruption errors exist that allow arbitrary code execution. (CVE-2015-0314, CVE-2015-0316, CVE-2015-0318, CVE-2015-0321, CVE-2015-0329, CVE-2015-0330) - Several type confusion errors exist that allow arbitrary code execution. (CVE-2015-0317, CVE-2015-0319) - Several heap-based buffer-overflow errors exist that allow arbitrary code execution. (CVE-2015-0323, CVE-2015-0327) - A buffer overflow error exists that allows arbitrary code execution. (CVE-2015-0324) - Several null pointer dereference errors exist that have unspecified impacts. (CVE-2015-0325, CVE-2015-0326, CVE-2015-0328) - A user-after-free error exists within the processing of invalid m3u8 playlists. A remote attacker, with a specially crafted m3u8 playlist file, can force a dangling pointer to be reused after it has been freed, allowing the execution of arbitrary code. (CVE-2015-0331)
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 81209
    published 2015-02-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=81209
    title MS KB3021953: Update for Vulnerabilities in Adobe Flash Player in Internet Explorer
  • NASL family Windows
    NASL id GOOGLE_CHROME_40_0_2214_111.NASL
    description The version of Google Chrome installed on the remote Windows host is prior to 40.0.2214.111. It is, therefore, affected by the following vulnerabilities : - Several use-after-free errors exist that allow arbitrary code execution. (CVE-2015-0313, CVE-2015-0315, CVE-2015-0320, CVE-2015-0322) - Several memory corruption errors exist that allow arbitrary code execution. (CVE-2015-0314, CVE-2015-0316, CVE-2015-0318, CVE-2015-0321, CVE-2015-0329, CVE-2015-0330) - Several type confusion errors exist that allow arbitrary code execution. (CVE-2015-0317, CVE-2015-0319) - Several heap-based buffer-overflow errors exist that allow arbitrary code execution. (CVE-2015-0323, CVE-2015-0327) - A buffer overflow error exists that allows arbitrary code execution. (CVE-2015-0324) - Several null pointer dereference errors exist that have unspecified impacts. (CVE-2015-0325, CVE-2015-0326, CVE-2015-0328). - A user-after-free error exists within the processing of invalid m3u8 playlists. A remote attacker, with a specially crafted m3u8 playlist file, can force a dangling pointer to be reused after it has been freed, allowing the execution of arbitrary code. (CVE-2015-0331) - A use-after-free error exists related to the DOM component. (CVE-2015-1209) - A cross-origin bypass error exists related to the V8 JavaScript engine bindings. (CVE-2015-1210) - A privilege escalation error exists related to service workers. (CVE-2015-1211) - Various, unspecified errors exist. (CVE-2015-1212)
    last seen 2019-02-21
    modified 2018-07-12
    plugin id 81207
    published 2015-02-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=81207
    title Google Chrome < 40.0.2214.111 Multiple Vulnerabilities
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2015-118.NASL
    description flash-player was updated to version 11.2.202.442 to fix 18 security issues. These security issues were fixed : - Use-after-free vulnerabilities that could lead to code execution (CVE-2015-0313, CVE-2015-0315, CVE-2015-0320, CVE-2015-0322). - Memory corruption vulnerabilities that could lead to code execution (CVE-2015-0314, CVE-2015-0316, CVE-2015-0318, CVE-2015-0321, CVE-2015-0329, CVE-2015-0330). - Type confusion vulnerabilities that could lead to code execution (CVE-2015-0317, CVE-2015-0319). - Heap buffer overflow vulnerabilities that could lead to code execution (CVE-2015-0323, CVE-2015-0327). - Buffer overflow vulnerability that could lead to code execution (CVE-2015-0324). - NULL pointer dereference issues (CVE-2015-0325, CVE-2015-0326, CVE-2015-0328). More information is available at https://helpx.adobe.com/security/products/flash-player/apsb15-04.html
    last seen 2019-02-21
    modified 2015-11-16
    plugin id 81243
    published 2015-02-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=81243
    title openSUSE Security Update : flash-player (openSUSE-2015-118)
redhat via4
advisories
rhsa
id RHSA-2015:0140
refmap via4
bid 72514
confirm
gentoo GLSA-201502-02
sectrack 1031706
secunia
  • 62886
  • 62895
suse
  • SUSE-SU-2015:0236
  • SUSE-SU-2015:0239
  • openSUSE-SU-2015:0237
  • openSUSE-SU-2015:0238
xf adobe-flash-cve20150326-dos(100712)
Last major update 20-02-2015 - 22:02
Published 05-02-2015 - 19:59
Last modified 07-09-2017 - 21:29
Back to Top