ID CVE-2015-8823
Summary Use-after-free vulnerability in the TextField object implementation in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allows attackers to execute arbitrary code via crafted text property, a different vulnerability than CVE-2015-8048, CVE-2015-8049, CVE-2015-8050, CVE-2015-8055, CVE-2015-8056, CVE-2015-8057, CVE-2015-8058, CVE-2015-8059, CVE-2015-8061, CVE-2015-8062, CVE-2015-8063, CVE-2015-8064, CVE-2015-8065, CVE-2015-8066, CVE-2015-8067, CVE-2015-8068, CVE-2015-8069, CVE-2015-8070, CVE-2015-8071, CVE-2015-8401, CVE-2015-8402, CVE-2015-8403, CVE-2015-8404, CVE-2015-8405, CVE-2015-8406, CVE-2015-8410, CVE-2015-8411, CVE-2015-8412, CVE-2015-8413, CVE-2015-8414, CVE-2015-8420, CVE-2015-8421, CVE-2015-8422, CVE-2015-8423, CVE-2015-8424, CVE-2015-8425, CVE-2015-8426, CVE-2015-8427, CVE-2015-8428, CVE-2015-8429, CVE-2015-8430, CVE-2015-8431, CVE-2015-8432, CVE-2015-8433, CVE-2015-8434, CVE-2015-8435, CVE-2015-8436, CVE-2015-8437, CVE-2015-8441, CVE-2015-8442, CVE-2015-8447, CVE-2015-8448, CVE-2015-8449, CVE-2015-8450, CVE-2015-8452, CVE-2015-8454, CVE-2015-8653, CVE-2015-8655, CVE-2015-8821, and CVE-2015-8822.
References
Vulnerable Configurations
  • cpe:2.3:o:microsoft:windows_8.0
    cpe:2.3:o:microsoft:windows_8.0
  • cpe:2.3:o:microsoft:windows_8.1
    cpe:2.3:o:microsoft:windows_8.1
  • Adobe Flash Player 19.0.0.245 for Internet Explorer
    cpe:2.3:a:adobe:flash_player:19.0.0.245:-:-:-:-:internet_explorer
  • Adobe Air 19.0.0.241
    cpe:2.3:a:adobe:air:19.0.0.241
  • Apple Mac OS X
    cpe:2.3:o:apple:mac_os_x
  • Microsoft Windows
    cpe:2.3:o:microsoft:windows
  • Adobe Flash Player Extended Support Release (ESR) 18.0.0.261
    cpe:2.3:a:adobe:flash_player:18.0.0.261:-:-:-:esr
  • Apple Mac OS X
    cpe:2.3:o:apple:mac_os_x
  • Microsoft Windows
    cpe:2.3:o:microsoft:windows
  • Adobe Flash Player 19.0.0.185
    cpe:2.3:a:adobe:flash_player:19.0.0.185
  • Adobe Flash Player 19.0.0.207
    cpe:2.3:a:adobe:flash_player:19.0.0.207
  • Adobe Flash Player 19.0.0.226
    cpe:2.3:a:adobe:flash_player:19.0.0.226
  • Adobe Flash Player 19.0.0.245
    cpe:2.3:a:adobe:flash_player:19.0.0.245
  • Microsoft Windows
    cpe:2.3:o:microsoft:windows
  • Apple Mac OS X
    cpe:2.3:o:apple:mac_os_x
  • Adobe AIR19.0.0.241 for Android
    cpe:2.3:a:adobe:air:19.0.0.241:-:-:-:-:android
  • Adobe Flash Player 19.0.0.245 for Chrome
    cpe:2.3:a:adobe:flash_player:19.0.0.245:-:-:-:-:chrome
  • cpe:2.3:o:google:chrome_os
    cpe:2.3:o:google:chrome_os
  • Linux Kernel
    cpe:2.3:o:linux:linux_kernel
  • Microsoft Windows
    cpe:2.3:o:microsoft:windows
  • Apple Mac OS X
    cpe:2.3:o:apple:mac_os_x
  • Adobe Flash Player 11.2.202.554
    cpe:2.3:a:adobe:flash_player:11.2.202.554
  • Linux Kernel
    cpe:2.3:o:linux:linux_kernel
  • cpe:2.3:o:microsoft:windows_10
    cpe:2.3:o:microsoft:windows_10
  • Adobe Flash Player 19.0.0.245 for Internet Explorer
    cpe:2.3:a:adobe:flash_player:19.0.0.245:-:-:-:-:internet_explorer
  • Adobe Flash Player 19.0.0.245 for Edge
    cpe:2.3:a:adobe:flash_player:19.0.0.245:-:-:-:-:edge
  • Adobe Air SDK 19.0.0.241
    cpe:2.3:a:adobe:air_sdk:19.0.0.241
  • cpe:2.3:o:apple:iphone_os
    cpe:2.3:o:apple:iphone_os
  • Google Android Operating System
    cpe:2.3:o:google:android
  • Apple Mac OS X
    cpe:2.3:o:apple:mac_os_x
  • Microsoft Windows
    cpe:2.3:o:microsoft:windows
  • Adobe Air SDK & Compiler 19.0.0.241
    cpe:2.3:a:adobe:air_sdk_%26_compiler:19.0.0.241
  • cpe:2.3:o:apple:iphone_os
    cpe:2.3:o:apple:iphone_os
  • Google Android Operating System
    cpe:2.3:o:google:android
  • Apple Mac OS X
    cpe:2.3:o:apple:mac_os_x
  • Microsoft Windows
    cpe:2.3:o:microsoft:windows
CVSS
Base: 9.3 (as of 26-05-2016 - 11:45)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
nessus via4
NASL family Red Hat Local Security Checks
NASL id REDHAT-RHSA-2015-2593.NASL
description An updated Adobe Flash Player package that fixes multiple security issues is now available for Red Hat Enterprise Linux 5 and 6 Supplementary. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities, detailed in the Adobe Security Bulletin APSB15-32 listed in the References section, could allow an attacker to create a specially crafted SWF file that would cause flash-plugin to crash, execute arbitrary code, or disclose sensitive information when the victim loaded a page containing the malicious SWF content. (CVE-2015-8045, CVE-2015-8047, CVE-2015-8048, CVE-2015-8049, CVE-2015-8050, CVE-2015-8055, CVE-2015-8056, CVE-2015-8057, CVE-2015-8058, CVE-2015-8059, CVE-2015-8060, CVE-2015-8061, CVE-2015-8062, CVE-2015-8063, CVE-2015-8064, CVE-2015-8065, CVE-2015-8066, CVE-2015-8067, CVE-2015-8068, CVE-2015-8069, CVE-2015-8070, CVE-2015-8071, CVE-2015-8401, CVE-2015-8402, CVE-2015-8403, CVE-2015-8404, CVE-2015-8405, CVE-2015-8406, CVE-2015-8407, CVE-2015-8408, CVE-2015-8409, CVE-2015-8410, CVE-2015-8411, CVE-2015-8412, CVE-2015-8413, CVE-2015-8414, CVE-2015-8415, CVE-2015-8416, CVE-2015-8417, CVE-2015-8418, CVE-2015-8419, CVE-2015-8420, CVE-2015-8421, CVE-2015-8422, CVE-2015-8423, CVE-2015-8424, CVE-2015-8425, CVE-2015-8426, CVE-2015-8427, CVE-2015-8428, CVE-2015-8429, CVE-2015-8430, CVE-2015-8431, CVE-2015-8432, CVE-2015-8433, CVE-2015-8434, CVE-2015-8435, CVE-2015-8436, CVE-2015-8437, CVE-2015-8438, CVE-2015-8439, CVE-2015-8440, CVE-2015-8441, CVE-2015-8442, CVE-2015-8443, CVE-2015-8444, CVE-2015-8445, CVE-2015-8446, CVE-2015-8447, CVE-2015-8448, CVE-2015-8449, CVE-2015-8450, CVE-2015-8451, CVE-2015-8452, CVE-2015-8453, CVE-2015-8454, CVE-2015-8455) All users of Adobe Flash Player should install this updated package, which upgrades Flash Player to version 11.2.202.554.
last seen 2019-02-21
modified 2018-12-27
plugin id 87304
published 2015-12-10
reporter Tenable
source https://www.tenable.com/plugins/index.php?view=single&id=87304
title RHEL 5 / 6 : flash-plugin (RHSA-2015:2593)
redhat via4
advisories
bugzilla
id 1289771
title flash-plugin: multiple code execution issues fixed in APSB15-32
oval
OR
  • AND
    • comment Red Hat Enterprise Linux 5 is installed
      oval oval:com.redhat.rhsa:tst:20070055001
    • comment flash-plugin is earlier than 0:11.2.202.554-1.el5
      oval oval:com.redhat.rhsa:tst:20152593002
    • comment flash-plugin is signed with Red Hat redhatrelease key
      oval oval:com.redhat.rhsa:tst:20070696003
  • AND
    • comment flash-plugin is earlier than 0:11.2.202.554-1.el6_7
      oval oval:com.redhat.rhsa:tst:20152593008
    • comment flash-plugin is signed with Red Hat redhatrelease2 key
      oval oval:com.redhat.rhsa:tst:20100867006
    • OR
      • comment Red Hat Enterprise Linux 6 Client is installed
        oval oval:com.redhat.rhsa:tst:20100842001
      • comment Red Hat Enterprise Linux 6 Server is installed
        oval oval:com.redhat.rhsa:tst:20100842002
      • comment Red Hat Enterprise Linux 6 Workstation is installed
        oval oval:com.redhat.rhsa:tst:20100842003
      • comment Red Hat Enterprise Linux 6 ComputeNode is installed
        oval oval:com.redhat.rhsa:tst:20100842004
rhsa
id RHSA-2015:2593
released 2015-12-09
severity Critical
title RHSA-2015:2593: flash-plugin security update (Critical)
rpms
  • flash-plugin-0:11.2.202.554-1.el5
  • flash-plugin-0:11.2.202.554-1.el6_7
refmap via4
confirm https://helpx.adobe.com/security/products/flash-player/apsb15-32.html
misc http://www.zerodayinitiative.com/advisories/ZDI-15-665
Last major update 26-05-2016 - 13:32
Published 22-04-2016 - 14:59
Back to Top