ID CVE-2015-0331
Summary Use-after-free vulnerability in Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-0313, CVE-2015-0315, CVE-2015-0320, and CVE-2015-0322.
References
Vulnerable Configurations
  • Adobe Flash Player 13.0.0.264
    cpe:2.3:a:adobe:flash_player:13.0.0.264
  • Adobe Flash Player 14.0.0.125
    cpe:2.3:a:adobe:flash_player:14.0.0.125
  • Adobe Flash Player 14.0.0.145
    cpe:2.3:a:adobe:flash_player:14.0.0.145
  • cpe:2.3:a:adobe:flash_player:14.0.0.176
    cpe:2.3:a:adobe:flash_player:14.0.0.176
  • Adobe Flash Player 15.0.0.189
    cpe:2.3:a:adobe:flash_player:15.0.0.189
  • cpe:2.3:a:adobe:flash_player:15.0.0.223
    cpe:2.3:a:adobe:flash_player:15.0.0.223
  • Adobe Flash Player 15.0.0.239
    cpe:2.3:a:adobe:flash_player:15.0.0.239
  • cpe:2.3:a:adobe:flash_player:15.0.0.246
    cpe:2.3:a:adobe:flash_player:15.0.0.246
  • cpe:2.3:a:adobe:flash_player:16.0.0.235
    cpe:2.3:a:adobe:flash_player:16.0.0.235
  • Adobe Flash Player 16.0.0.296
    cpe:2.3:a:adobe:flash_player:16.0.0.296
  • Adobe Flash Player 16.0.0.287
    cpe:2.3:a:adobe:flash_player:16.0.0.287
  • Adobe Flash Player 16.0.0.257
    cpe:2.3:a:adobe:flash_player:16.0.0.257
  • cpe:2.3:a:adobe:flash_player:14.0.0.179
    cpe:2.3:a:adobe:flash_player:14.0.0.179
  • cpe:2.3:a:adobe:flash_player:15.0.0.152
    cpe:2.3:a:adobe:flash_player:15.0.0.152
  • cpe:2.3:a:adobe:flash_player:15.0.0.167
    cpe:2.3:a:adobe:flash_player:15.0.0.167
  • Apple Mac OS X
    cpe:2.3:o:apple:mac_os_x
  • Microsoft Windows
    cpe:2.3:o:microsoft:windows
  • Adobe Flash Player 11.2.202.440
    cpe:2.3:a:adobe:flash_player:11.2.202.440
  • Linux Kernel
    cpe:2.3:o:linux:linux_kernel
CVSS
Base: 10.0 (as of 23-02-2015 - 13:27)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
nessus via4
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_GOOGLE_CHROME_40_0_2214_111.NASL
    description The version of Google Chrome installed on the remote Mac OS X host is prior to 40.0.2214.111. It is, therefore, affected by the following vulnerabilities : - Several use-after-free errors exist that allow arbitrary code execution. (CVE-2015-0313, CVE-2015-0315, CVE-2015-0320, CVE-2015-0322) - Several memory corruption errors exist that allow arbitrary code execution. (CVE-2015-0314, CVE-2015-0316, CVE-2015-0318, CVE-2015-0321, CVE-2015-0329, CVE-2015-0330) - Several type confusion errors exist that allow arbitrary code execution. (CVE-2015-0317, CVE-2015-0319) - Several heap-based buffer-overflow errors exist that allow arbitrary code execution. (CVE-2015-0323, CVE-2015-0327) - A buffer overflow error exists that allows arbitrary code execution. (CVE-2015-0324) - Several null pointer dereference errors exist that have unspecified impacts. (CVE-2015-0325, CVE-2015-0326, CVE-2015-0328). - A user-after-free error exists within the processing of invalid m3u8 playlists. A remote attacker, with a specially crafted m3u8 playlist file, can force a dangling pointer to be reused after it has been freed, allowing the execution of arbitrary code. (CVE-2015-0331) - A use-after-free error exists related to the DOM component. (CVE-2015-1209) - A cross-origin bypass error exists related to the V8 JavaScript engine bindings. (CVE-2015-1210) - A privilege escalation error exists related to service workers. (CVE-2015-1211) - Various, unspecified errors exist. (CVE-2015-1212)
    last seen 2019-02-21
    modified 2018-07-14
    plugin id 81208
    published 2015-02-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=81208
    title Google Chrome < 40.0.2214.111 Multiple Vulnerabilities (Mac OS X)
  • NASL family Windows
    NASL id FLASH_PLAYER_APSA15-02.NASL
    description According to its version, the Adobe Flash Player installed on the remote Windows host is equal or prior to 16.0.0.296. It is, therefore, affected by the following vulnerabilities : - Several use-after-free errors exist that allow arbitrary code execution. (CVE-2015-0313, CVE-2015-0315, CVE-2015-0320, CVE-2015-0322) - Several memory corruption errors exist that allow arbitrary code execution. (CVE-2015-0314, CVE-2015-0316, CVE-2015-0318, CVE-2015-0321, CVE-2015-0329, CVE-2015-0330) - Several type confusion errors exist that allow arbitrary code execution. (CVE-2015-0317, CVE-2015-0319) - Several heap-based buffer-overflow errors exist that allow arbitrary code execution. (CVE-2015-0323, CVE-2015-0327) - A buffer overflow error exists that allows arbitrary code execution. (CVE-2015-0324) - Several null pointer dereference errors exist that have unspecified impacts. (CVE-2015-0325, CVE-2015-0326, CVE-2015-0328). - A user-after-free error exists within the processing of invalid m3u8 playlists. A remote attacker, with a specially crafted m3u8 playlist file, can force a dangling pointer to be reused after it has been freed, allowing the execution of arbitrary code. (CVE-2015-0331)
    last seen 2019-02-21
    modified 2018-07-11
    plugin id 81127
    published 2015-02-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=81127
    title Flash Player <= 16.0.0.296 Unspecified Code Execution (APSA15-02 / APSB15-04)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2015-0140.NASL
    description An updated Adobe Flash Player package that fixes multiple security issues is now available for Red Hat Enterprise Linux 5 and 6 Supplementary. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities are detailed in the Adobe Security Bulletin APSB15-04 listed in the References section. Multiple flaws were found in the way flash-plugin displayed certain SWF content. An attacker could use these flaws to create a specially crafted SWF file that would cause flash-plugin to crash or, potentially, execute arbitrary code when the victim loaded a page containing the malicious SWF content. (CVE-2015-0314, CVE-2015-0315, CVE-2015-0316, CVE-2015-0317, CVE-2015-0318, CVE-2015-0319, CVE-2015-0320, CVE-2015-0321, CVE-2015-0322, CVE-2015-0323, CVE-2015-0324, CVE-2015-0325, CVE-2015-0326, CVE-2015-0327, CVE-2015-0328, CVE-2015-0329, CVE-2015-0330) All users of Adobe Flash Player should install this updated package, which upgrades Flash Player to version 11.2.202.442.
    last seen 2019-02-21
    modified 2018-12-27
    plugin id 81244
    published 2015-02-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=81244
    title RHEL 5 / 6 : flash-plugin (RHSA-2015:0140)
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_FLASH_PLAYER_APSA15-02.NASL
    description According to its version, the Adobe Flash Player installed on the remote Mac OS X host is equal or prior to 16.0.0.296. It is, therefore, affected by the following vulnerabilities : - Several use-after-free errors exist that allow arbitrary code execution. (CVE-2015-0313, CVE-2015-0315, CVE-2015-0320, CVE-2015-0322) - Several memory corruption errors exist that allow arbitrary code execution. (CVE-2015-0314, CVE-2015-0316, CVE-2015-0318, CVE-2015-0321, CVE-2015-0329, CVE-2015-0330) - Several type confusion errors exist that allow arbitrary code execution. (CVE-2015-0317, CVE-2015-0319) - Several heap-based buffer-overflow errors exist that allow arbitrary code execution. (CVE-2015-0323, CVE-2015-0327) - A buffer overflow error exists that allows arbitrary code execution. (CVE-2015-0324) - Several null pointer dereference errors exist that have unspecified impacts. (CVE-2015-0325, CVE-2015-0326, CVE-2015-0328). - A user-after-free error exists within the processing of invalid m3u8 playlists. A remote attacker, with a specially crafted m3u8 playlist file, can force a dangling pointer to be reused after it has been freed, allowing the execution of arbitrary code. (CVE-2015-0331)
    last seen 2019-02-21
    modified 2018-07-14
    plugin id 81128
    published 2015-02-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=81128
    title Flash Player For Mac <= 16.0.0.296 Unspecified Code Execution (APSA15-02 / APSB15-04)
  • NASL family Windows
    NASL id SMB_KB3021953.NASL
    description The remote host is missing KB3021953. It is, therefore, affected by the following vulnerabilities : - Several use-after-free errors exist that allow arbitrary code execution. (CVE-2015-0313, CVE-2015-0315, CVE-2015-0320, CVE-2015-0322) - Several memory corruption errors exist that allow arbitrary code execution. (CVE-2015-0314, CVE-2015-0316, CVE-2015-0318, CVE-2015-0321, CVE-2015-0329, CVE-2015-0330) - Several type confusion errors exist that allow arbitrary code execution. (CVE-2015-0317, CVE-2015-0319) - Several heap-based buffer-overflow errors exist that allow arbitrary code execution. (CVE-2015-0323, CVE-2015-0327) - A buffer overflow error exists that allows arbitrary code execution. (CVE-2015-0324) - Several null pointer dereference errors exist that have unspecified impacts. (CVE-2015-0325, CVE-2015-0326, CVE-2015-0328) - A user-after-free error exists within the processing of invalid m3u8 playlists. A remote attacker, with a specially crafted m3u8 playlist file, can force a dangling pointer to be reused after it has been freed, allowing the execution of arbitrary code. (CVE-2015-0331)
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 81209
    published 2015-02-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=81209
    title MS KB3021953: Update for Vulnerabilities in Adobe Flash Player in Internet Explorer
  • NASL family Windows
    NASL id GOOGLE_CHROME_40_0_2214_111.NASL
    description The version of Google Chrome installed on the remote Windows host is prior to 40.0.2214.111. It is, therefore, affected by the following vulnerabilities : - Several use-after-free errors exist that allow arbitrary code execution. (CVE-2015-0313, CVE-2015-0315, CVE-2015-0320, CVE-2015-0322) - Several memory corruption errors exist that allow arbitrary code execution. (CVE-2015-0314, CVE-2015-0316, CVE-2015-0318, CVE-2015-0321, CVE-2015-0329, CVE-2015-0330) - Several type confusion errors exist that allow arbitrary code execution. (CVE-2015-0317, CVE-2015-0319) - Several heap-based buffer-overflow errors exist that allow arbitrary code execution. (CVE-2015-0323, CVE-2015-0327) - A buffer overflow error exists that allows arbitrary code execution. (CVE-2015-0324) - Several null pointer dereference errors exist that have unspecified impacts. (CVE-2015-0325, CVE-2015-0326, CVE-2015-0328). - A user-after-free error exists within the processing of invalid m3u8 playlists. A remote attacker, with a specially crafted m3u8 playlist file, can force a dangling pointer to be reused after it has been freed, allowing the execution of arbitrary code. (CVE-2015-0331) - A use-after-free error exists related to the DOM component. (CVE-2015-1209) - A cross-origin bypass error exists related to the V8 JavaScript engine bindings. (CVE-2015-1210) - A privilege escalation error exists related to service workers. (CVE-2015-1211) - Various, unspecified errors exist. (CVE-2015-1212)
    last seen 2019-02-21
    modified 2018-07-12
    plugin id 81207
    published 2015-02-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=81207
    title Google Chrome < 40.0.2214.111 Multiple Vulnerabilities
redhat via4
advisories
bugzilla
id 1190068
title flash-plugin: multiple code execution flaws (APSB15-04)
oval
OR
  • AND
    • comment Red Hat Enterprise Linux 5 is installed
      oval oval:com.redhat.rhsa:tst:20070055001
    • comment flash-plugin is earlier than 0:11.2.202.442-1.el5
      oval oval:com.redhat.rhsa:tst:20150140002
    • comment flash-plugin is signed with Red Hat redhatrelease key
      oval oval:com.redhat.rhsa:tst:20070696003
  • AND
    • comment flash-plugin is earlier than 0:11.2.202.442-1.el6
      oval oval:com.redhat.rhsa:tst:20150140008
    • comment flash-plugin is signed with Red Hat redhatrelease2 key
      oval oval:com.redhat.rhsa:tst:20100867006
    • OR
      • comment Red Hat Enterprise Linux 6 Client is installed
        oval oval:com.redhat.rhsa:tst:20100842001
      • comment Red Hat Enterprise Linux 6 Server is installed
        oval oval:com.redhat.rhsa:tst:20100842002
      • comment Red Hat Enterprise Linux 6 Workstation is installed
        oval oval:com.redhat.rhsa:tst:20100842003
      • comment Red Hat Enterprise Linux 6 ComputeNode is installed
        oval oval:com.redhat.rhsa:tst:20100842004
rhsa
id RHSA-2015:0140
released 2015-02-06
severity Critical
title RHSA-2015:0140: flash-plugin security update (Critical)
rpms
  • flash-plugin-0:11.2.202.442-1.el5
  • flash-plugin-0:11.2.202.442-1.el6
refmap via4
bid 72698
confirm https://helpx.adobe.com/security/products/flash-player/apsb15-04.html
suse openSUSE-SU-2015:0725
Last major update 02-01-2017 - 21:59
Published 21-02-2015 - 06:59
Back to Top