cvelistv5 - cve-2015-3097

CVE-2015-3097 (GCVE-0-2015-3097)

Vulnerability from cvelistv5

Published

2015-06-10 01:00

Modified

2024-08-06 05:39

Severity ?

CWE

Summary

Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160, Adobe AIR before 18.0.0.144, Adobe AIR SDK before 18.0.0.144, and Adobe AIR SDK & Compiler before 18.0.0.144 on 64-bit Windows 7 systems do not properly select a random memory address for the Flash heap, which makes it easier for attackers to conduct unspecified attacks by predicting this address.

References

URL

Tags

psirt@adobe.com	http://www.securityfocus.com/bid/75090
psirt@adobe.com	http://www.securitytracker.com/id/1032519
psirt@adobe.com	http://www.securitytracker.com/id/1032810
psirt@adobe.com	https://helpx.adobe.com/security/products/flash-player/apsb15-11.html	Patch, Vendor Advisory
psirt@adobe.com	https://helpx.adobe.com/security/products/flash-player/apsb15-16.html	Patch, Vendor Advisory
psirt@adobe.com	https://security.gentoo.org/glsa/201506-01
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/75090
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1032519
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1032810
af854a3a-2127-422b-91ae-364da2661108	https://helpx.adobe.com/security/products/flash-player/apsb15-11.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://helpx.adobe.com/security/products/flash-player/apsb15-16.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/201506-01

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T05:39:31.571Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://helpx.adobe.com/security/products/flash-player/apsb15-11.html"
          },
          {
            "name": "1032810",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1032810"
          },
          {
            "name": "1032519",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1032519"
          },
          {
            "name": "GLSA-201506-01",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201506-01"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://helpx.adobe.com/security/products/flash-player/apsb15-16.html"
          },
          {
            "name": "75090",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/75090"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-06-09T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160, Adobe AIR before 18.0.0.144, Adobe AIR SDK before 18.0.0.144, and Adobe AIR SDK \u0026 Compiler before 18.0.0.144 on 64-bit Windows 7 systems do not properly select a random memory address for the Flash heap, which makes it easier for attackers to conduct unspecified attacks by predicting this address."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-21T09:57:01",
        "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "shortName": "adobe"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://helpx.adobe.com/security/products/flash-player/apsb15-11.html"
        },
        {
          "name": "1032810",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1032810"
        },
        {
          "name": "1032519",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1032519"
        },
        {
          "name": "GLSA-201506-01",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201506-01"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://helpx.adobe.com/security/products/flash-player/apsb15-16.html"
        },
        {
          "name": "75090",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/75090"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@adobe.com",
          "ID": "CVE-2015-3097",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160, Adobe AIR before 18.0.0.144, Adobe AIR SDK before 18.0.0.144, and Adobe AIR SDK \u0026 Compiler before 18.0.0.144 on 64-bit Windows 7 systems do not properly select a random memory address for the Flash heap, which makes it easier for attackers to conduct unspecified attacks by predicting this address."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://helpx.adobe.com/security/products/flash-player/apsb15-11.html",
              "refsource": "CONFIRM",
              "url": "https://helpx.adobe.com/security/products/flash-player/apsb15-11.html"
            },
            {
              "name": "1032810",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1032810"
            },
            {
              "name": "1032519",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1032519"
            },
            {
              "name": "GLSA-201506-01",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201506-01"
            },
            {
              "name": "https://helpx.adobe.com/security/products/flash-player/apsb15-16.html",
              "refsource": "CONFIRM",
              "url": "https://helpx.adobe.com/security/products/flash-player/apsb15-16.html"
            },
            {
              "name": "75090",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/75090"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
    "assignerShortName": "adobe",
    "cveId": "CVE-2015-3097",
    "datePublished": "2015-06-10T01:00:00",
    "dateReserved": "2015-04-09T00:00:00",
    "dateUpdated": "2024-08-06T05:39:31.571Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2015-3097\",\"sourceIdentifier\":\"psirt@adobe.com\",\"published\":\"2015-06-10T01:59:40.703\",\"lastModified\":\"2025-04-12T10:46:40.837\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160, Adobe AIR before 18.0.0.144, Adobe AIR SDK before 18.0.0.144, and Adobe AIR SDK \u0026 Compiler before 18.0.0.144 on 64-bit Windows 7 systems do not properly select a random memory address for the Flash heap, which makes it easier for attackers to conduct unspecified attacks by predicting this address.\"},{\"lang\":\"es\",\"value\":\"Adobe Flash Player anterior a 13.0.0.292 y 14.x hasta 18.x anterior a 18.0.0.160, Adobe AIR anterior a 18.0.0.144, Adobe AIR SDK anterior a 18.0.0.144, y Adobe AIR SDK \u0026 Compiler anterior a 18.0.0.144 en los sistemas de Windows 7 de 64 bits no seleccionan correctamente una direcci\u00f3n de la memoria aleatoria para la memoria din\u00e1mica de Flash, lo que facilita a atacantes realizar ataques no especificadas mediante la predicci\u00f3n de esta direcci\u00f3n.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:N/A:N\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":true,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-200\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:air:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"17.0.0.172\",\"matchCriteriaId\":\"A4D3CA52-FE42-4B46-92FF-E8B027F586BF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:air_sdk:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"17.0.0.172\",\"matchCriteriaId\":\"7F5DDA65-B2BF-4299-9A1E-C61BB08A70FB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:air_sdk_\\\\\u0026_compiler:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"17.0.0.172\",\"matchCriteriaId\":\"2E9D89B2-3A2E-406F-8DD4-19078091E7F5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"13.0.0.289\",\"matchCriteriaId\":\"E2E515D4-87A7-4CB5-8C91-0A95BE8F283B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:14.0.0.125:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D5D7202D-56DF-400B-9F09-E7D9938222D3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:14.0.0.145:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4D4F0D21-A64B-46C1-9591-96529661DF0B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:14.0.0.176:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"86961019-3B81-458E-949F-A2F006EA55FE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:14.0.0.179:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"25895BE9-71FD-4DE7-90FC-0199470A8738\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:15.0.0.152:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4D55A950-7D48-413C-AD43-6AC64FBE790C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:15.0.0.167:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F1A22B74-453D-4A8A-B79A-2B3143A0D995\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:15.0.0.189:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3FE4B077-67D1-4B25-976E-715FB6B2A1D1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:15.0.0.223:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BFC91B68-6B35-47BD-BC02-3F836E772CF3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:15.0.0.239:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A3BE6004-C30A-46E2-9F25-785E12BBF640\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:15.0.0.246:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CFE8E51F-7A32-41A4-B03A-73E52EB64C04\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:16.0.0.235:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3E13E927-A77C-4681-AFDE-A5A14093234D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:16.0.0.257:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"27629FF0-5EB9-476F-B5B3-115F663AB65E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:16.0.0.287:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C0AB583F-3EBD-47B6-975E-7754CC32CCA7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:16.0.0.296:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B58DE1A9-0510-4B65-AB18-75F9263A7818\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:17.0.0.134:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1BC4FAD0-4A54-4EDF-BE39-28138B34E719\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:17.0.0.169:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BE1FBC20-3DE6-4426-9E97-42AFCEF8CEE4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:flash_player:17.0.0.188:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"40EF2221-DE87-4D8F-B92D-8FD21EEBEABA\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_7:*:*:*:*:*:*:x64:*\",\"matchCriteriaId\":\"DEB02D84-ADC8-4297-B388-D5BDA4EB4B82\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/75090\",\"source\":\"psirt@adobe.com\"},{\"url\":\"http://www.securitytracker.com/id/1032519\",\"source\":\"psirt@adobe.com\"},{\"url\":\"http://www.securitytracker.com/id/1032810\",\"source\":\"psirt@adobe.com\"},{\"url\":\"https://helpx.adobe.com/security/products/flash-player/apsb15-11.html\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://helpx.adobe.com/security/products/flash-player/apsb15-16.html\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/201506-01\",\"source\":\"psirt@adobe.com\"},{\"url\":\"http://www.securityfocus.com/bid/75090\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id/1032519\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id/1032810\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://helpx.adobe.com/security/products/flash-player/apsb15-11.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://helpx.adobe.com/security/products/flash-player/apsb15-16.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/201506-01\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

fkie_cve-2015-3097

Vulnerability from fkie_nvd

Published

2015-06-10 01:59

Modified

2025-04-12 10:46

Severity ?

Summary

References

URL	Tags
psirt@adobe.com	http://www.securityfocus.com/bid/75090
psirt@adobe.com	http://www.securitytracker.com/id/1032519
psirt@adobe.com	http://www.securitytracker.com/id/1032810
psirt@adobe.com	https://helpx.adobe.com/security/products/flash-player/apsb15-11.html	Patch, Vendor Advisory
psirt@adobe.com	https://helpx.adobe.com/security/products/flash-player/apsb15-16.html	Patch, Vendor Advisory
psirt@adobe.com	https://security.gentoo.org/glsa/201506-01
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/75090
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1032519
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1032810
af854a3a-2127-422b-91ae-364da2661108	https://helpx.adobe.com/security/products/flash-player/apsb15-11.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://helpx.adobe.com/security/products/flash-player/apsb15-16.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/201506-01

Impacted products

Vendor	Product	Version
adobe	air	*
adobe	air_sdk	*
adobe	air_sdk_\&_compiler	*
adobe	flash_player	*
adobe	flash_player	14.0.0.125
adobe	flash_player	14.0.0.145
adobe	flash_player	14.0.0.176
adobe	flash_player	14.0.0.179
adobe	flash_player	15.0.0.152
adobe	flash_player	15.0.0.167
adobe	flash_player	15.0.0.189
adobe	flash_player	15.0.0.223
adobe	flash_player	15.0.0.239
adobe	flash_player	15.0.0.246
adobe	flash_player	16.0.0.235
adobe	flash_player	16.0.0.257
adobe	flash_player	16.0.0.287
adobe	flash_player	16.0.0.296
adobe	flash_player	17.0.0.134
adobe	flash_player	17.0.0.169
adobe	flash_player	17.0.0.188
microsoft	windows_7	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:air:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A4D3CA52-FE42-4B46-92FF-E8B027F586BF",
              "versionEndIncluding": "17.0.0.172",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:air_sdk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F5DDA65-B2BF-4299-9A1E-C61BB08A70FB",
              "versionEndIncluding": "17.0.0.172",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:air_sdk_\\\u0026_compiler:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E9D89B2-3A2E-406F-8DD4-19078091E7F5",
              "versionEndIncluding": "17.0.0.172",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E2E515D4-87A7-4CB5-8C91-0A95BE8F283B",
              "versionEndIncluding": "13.0.0.289",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:14.0.0.125:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5D7202D-56DF-400B-9F09-E7D9938222D3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:14.0.0.145:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D4F0D21-A64B-46C1-9591-96529661DF0B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:14.0.0.176:*:*:*:*:*:*:*",
              "matchCriteriaId": "86961019-3B81-458E-949F-A2F006EA55FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:14.0.0.179:*:*:*:*:*:*:*",
              "matchCriteriaId": "25895BE9-71FD-4DE7-90FC-0199470A8738",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:15.0.0.152:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D55A950-7D48-413C-AD43-6AC64FBE790C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:15.0.0.167:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1A22B74-453D-4A8A-B79A-2B3143A0D995",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:15.0.0.189:*:*:*:*:*:*:*",
              "matchCriteriaId": "3FE4B077-67D1-4B25-976E-715FB6B2A1D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:15.0.0.223:*:*:*:*:*:*:*",
              "matchCriteriaId": "BFC91B68-6B35-47BD-BC02-3F836E772CF3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:15.0.0.239:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3BE6004-C30A-46E2-9F25-785E12BBF640",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:15.0.0.246:*:*:*:*:*:*:*",
              "matchCriteriaId": "CFE8E51F-7A32-41A4-B03A-73E52EB64C04",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:16.0.0.235:*:*:*:*:*:*:*",
              "matchCriteriaId": "3E13E927-A77C-4681-AFDE-A5A14093234D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:16.0.0.257:*:*:*:*:*:*:*",
              "matchCriteriaId": "27629FF0-5EB9-476F-B5B3-115F663AB65E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:16.0.0.287:*:*:*:*:*:*:*",
              "matchCriteriaId": "C0AB583F-3EBD-47B6-975E-7754CC32CCA7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:16.0.0.296:*:*:*:*:*:*:*",
              "matchCriteriaId": "B58DE1A9-0510-4B65-AB18-75F9263A7818",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:17.0.0.134:*:*:*:*:*:*:*",
              "matchCriteriaId": "1BC4FAD0-4A54-4EDF-BE39-28138B34E719",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:17.0.0.169:*:*:*:*:*:*:*",
              "matchCriteriaId": "BE1FBC20-3DE6-4426-9E97-42AFCEF8CEE4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:17.0.0.188:*:*:*:*:*:*:*",
              "matchCriteriaId": "40EF2221-DE87-4D8F-B92D-8FD21EEBEABA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows_7:*:*:*:*:*:*:x64:*",
              "matchCriteriaId": "DEB02D84-ADC8-4297-B388-D5BDA4EB4B82",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160, Adobe AIR before 18.0.0.144, Adobe AIR SDK before 18.0.0.144, and Adobe AIR SDK \u0026 Compiler before 18.0.0.144 on 64-bit Windows 7 systems do not properly select a random memory address for the Flash heap, which makes it easier for attackers to conduct unspecified attacks by predicting this address."
    },
    {
      "lang": "es",
      "value": "Adobe Flash Player anterior a 13.0.0.292 y 14.x hasta 18.x anterior a 18.0.0.160, Adobe AIR anterior a 18.0.0.144, Adobe AIR SDK anterior a 18.0.0.144, y Adobe AIR SDK \u0026 Compiler anterior a 18.0.0.144 en los sistemas de Windows 7 de 64 bits no seleccionan correctamente una direcci\u00f3n de la memoria aleatoria para la memoria din\u00e1mica de Flash, lo que facilita a atacantes realizar ataques no especificadas mediante la predicci\u00f3n de esta direcci\u00f3n."
    }
  ],
  "id": "CVE-2015-3097",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": true,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2015-06-10T01:59:40.703",
  "references": [
    {
      "source": "psirt@adobe.com",
      "url": "http://www.securityfocus.com/bid/75090"
    },
    {
      "source": "psirt@adobe.com",
      "url": "http://www.securitytracker.com/id/1032519"
    },
    {
      "source": "psirt@adobe.com",
      "url": "http://www.securitytracker.com/id/1032810"
    },
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://helpx.adobe.com/security/products/flash-player/apsb15-11.html"
    },
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://helpx.adobe.com/security/products/flash-player/apsb15-16.html"
    },
    {
      "source": "psirt@adobe.com",
      "url": "https://security.gentoo.org/glsa/201506-01"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/75090"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1032519"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1032810"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://helpx.adobe.com/security/products/flash-player/apsb15-11.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://helpx.adobe.com/security/products/flash-player/apsb15-16.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.gentoo.org/glsa/201506-01"
    }
  ],
  "sourceIdentifier": "psirt@adobe.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

gsd-2015-3097

Vulnerability from gsd

Modified

2023-12-13 01:20

Details

Aliases

CVE-2015-3097

Aliases

CVE-2015-3097

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2015-3097",
    "description": "Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160, Adobe AIR before 18.0.0.144, Adobe AIR SDK before 18.0.0.144, and Adobe AIR SDK \u0026 Compiler before 18.0.0.144 on 64-bit Windows 7 systems do not properly select a random memory address for the Flash heap, which makes it easier for attackers to conduct unspecified attacks by predicting this address.",
    "id": "GSD-2015-3097",
    "references": [
      "https://www.suse.com/security/cve/CVE-2015-3097.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2015-3097"
      ],
      "details": "Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160, Adobe AIR before 18.0.0.144, Adobe AIR SDK before 18.0.0.144, and Adobe AIR SDK \u0026 Compiler before 18.0.0.144 on 64-bit Windows 7 systems do not properly select a random memory address for the Flash heap, which makes it easier for attackers to conduct unspecified attacks by predicting this address.",
      "id": "GSD-2015-3097",
      "modified": "2023-12-13T01:20:07.717453Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@adobe.com",
        "ID": "CVE-2015-3097",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160, Adobe AIR before 18.0.0.144, Adobe AIR SDK before 18.0.0.144, and Adobe AIR SDK \u0026 Compiler before 18.0.0.144 on 64-bit Windows 7 systems do not properly select a random memory address for the Flash heap, which makes it easier for attackers to conduct unspecified attacks by predicting this address."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://helpx.adobe.com/security/products/flash-player/apsb15-11.html",
            "refsource": "CONFIRM",
            "url": "https://helpx.adobe.com/security/products/flash-player/apsb15-11.html"
          },
          {
            "name": "1032810",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1032810"
          },
          {
            "name": "1032519",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1032519"
          },
          {
            "name": "GLSA-201506-01",
            "refsource": "GENTOO",
            "url": "https://security.gentoo.org/glsa/201506-01"
          },
          {
            "name": "https://helpx.adobe.com/security/products/flash-player/apsb15-16.html",
            "refsource": "CONFIRM",
            "url": "https://helpx.adobe.com/security/products/flash-player/apsb15-16.html"
          },
          {
            "name": "75090",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/75090"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "13.0.0.289",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:adobe:flash_player:14.0.0.125:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:adobe:flash_player:15.0.0.223:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:adobe:flash_player:15.0.0.239:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:adobe:flash_player:17.0.0.169:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:adobe:flash_player:17.0.0.188:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:adobe:air_sdk_\\\u0026_compiler:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "17.0.0.172",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:adobe:flash_player:14.0.0.179:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:adobe:flash_player:15.0.0.152:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:adobe:flash_player:16.0.0.257:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:adobe:flash_player:16.0.0.287:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:adobe:air_sdk:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "17.0.0.172",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:adobe:air:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "17.0.0.172",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:adobe:flash_player:15.0.0.167:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:adobe:flash_player:15.0.0.189:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:adobe:flash_player:16.0.0.296:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:adobe:flash_player:17.0.0.134:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:adobe:flash_player:14.0.0.145:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:adobe:flash_player:14.0.0.176:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:adobe:flash_player:15.0.0.246:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:adobe:flash_player:16.0.0.235:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_7:*:*:*:*:*:*:x64:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@adobe.com",
          "ID": "CVE-2015-3097"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160, Adobe AIR before 18.0.0.144, Adobe AIR SDK before 18.0.0.144, and Adobe AIR SDK \u0026 Compiler before 18.0.0.144 on 64-bit Windows 7 systems do not properly select a random memory address for the Flash heap, which makes it easier for attackers to conduct unspecified attacks by predicting this address."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-200"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://helpx.adobe.com/security/products/flash-player/apsb15-11.html",
              "refsource": "CONFIRM",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "https://helpx.adobe.com/security/products/flash-player/apsb15-11.html"
            },
            {
              "name": "https://helpx.adobe.com/security/products/flash-player/apsb15-16.html",
              "refsource": "CONFIRM",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "https://helpx.adobe.com/security/products/flash-player/apsb15-16.html"
            },
            {
              "name": "75090",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/75090"
            },
            {
              "name": "GLSA-201506-01",
              "refsource": "GENTOO",
              "tags": [],
              "url": "https://security.gentoo.org/glsa/201506-01"
            },
            {
              "name": "1032519",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id/1032519"
            },
            {
              "name": "1032810",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id/1032810"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": true,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2017-09-22T01:29Z",
      "publishedDate": "2015-06-10T01:59Z"
    }
  }
}

CERTFR-2015-AVI-284

Vulnerability from certfr_avis

De multiples vulnérabilités ont été corrigées dans Adobe Flash Player. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance.

Contournement provisoire

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Adobe	N/A	AIR Desktop Runtime 18.0.0.144 et versions antérieures
Adobe	N/A	Adobe Flash Player Extended Support Release 13.0.0.296 et versions antérieures
Adobe	N/A	AIR SDK 18.0.0.144 et versions antérieures
Adobe	N/A	Adobe Flash Player Desktop Runtime 18.0.0.194 et versions antérieures
Adobe	N/A	Adobe Flash Player 11.2.202.468 et versions antérieures pour Linux
Adobe	N/A	AIR SDK & Compiler 18.0.0.144 et versions antérieures

References

Title

Publication Time

Tags

Bulletin de sécurité Adobe du 08 juillet 2015

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "AIR Desktop Runtime 18.0.0.144 et versions ant\u00e9rieures",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    },
    {
      "description": "Adobe Flash Player Extended Support Release 13.0.0.296 et versions ant\u00e9rieures",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    },
    {
      "description": "AIR SDK 18.0.0.144 et versions ant\u00e9rieures",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    },
    {
      "description": "Adobe Flash Player Desktop Runtime 18.0.0.194 et versions ant\u00e9rieures",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    },
    {
      "description": "Adobe Flash Player 11.2.202.468 et versions ant\u00e9rieures pour Linux",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    },
    {
      "description": "AIR SDK \u0026 Compiler 18.0.0.144 et versions ant\u00e9rieures",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Contournement provisoire\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2015-4431",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-4431"
    },
    {
      "name": "CVE-2015-5118",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5118"
    },
    {
      "name": "CVE-2015-3123",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3123"
    },
    {
      "name": "CVE-2015-3137",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3137"
    },
    {
      "name": "CVE-2015-3125",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3125"
    },
    {
      "name": "CVE-2015-3119",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3119"
    },
    {
      "name": "CVE-2015-3117",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3117"
    },
    {
      "name": "CVE-2015-3122",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3122"
    },
    {
      "name": "CVE-2015-4432",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-4432"
    },
    {
      "name": "CVE-2015-3134",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3134"
    },
    {
      "name": "CVE-2015-5119",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5119"
    },
    {
      "name": "CVE-2015-3127",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3127"
    },
    {
      "name": "CVE-2015-3129",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3129"
    },
    {
      "name": "CVE-2015-3097",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3097"
    },
    {
      "name": "CVE-2015-4430",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-4430"
    },
    {
      "name": "CVE-2015-3135",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3135"
    },
    {
      "name": "CVE-2015-4429",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-4429"
    },
    {
      "name": "CVE-2015-3120",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3120"
    },
    {
      "name": "CVE-2015-3114",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3114"
    },
    {
      "name": "CVE-2015-3132",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3132"
    },
    {
      "name": "CVE-2015-3130",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3130"
    },
    {
      "name": "CVE-2015-3116",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3116"
    },
    {
      "name": "CVE-2015-5116",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5116"
    },
    {
      "name": "CVE-2015-5117",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5117"
    },
    {
      "name": "CVE-2015-3133",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3133"
    },
    {
      "name": "CVE-2015-3131",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3131"
    },
    {
      "name": "CVE-2015-3128",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3128"
    },
    {
      "name": "CVE-2015-4428",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-4428"
    },
    {
      "name": "CVE-2015-3124",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3124"
    },
    {
      "name": "CVE-2015-3118",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3118"
    },
    {
      "name": "CVE-2015-4433",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-4433"
    },
    {
      "name": "CVE-2015-0578",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0578"
    },
    {
      "name": "CVE-2015-3126",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3126"
    },
    {
      "name": "CVE-2015-3121",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3121"
    },
    {
      "name": "CVE-2015-3115",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3115"
    },
    {
      "name": "CVE-2015-3136",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3136"
    }
  ],
  "initial_release_date": "2015-07-08T00:00:00",
  "last_revision_date": "2015-07-08T00:00:00",
  "links": [],
  "reference": "CERTFR-2015-AVI-284",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2015-07-08T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eAdobe Flash Player\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Adobe Flash Player",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Adobe du 08 juillet 2015",
      "url": "https://helpx.adobe.com/security/products/flash-player/apsb15-16.html"
    }
  ]
}

CERTFR-2015-AVI-253

Vulnerability from certfr_avis

De multiples vulnérabilités ont été corrigées dans Adobe Flash Player. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une atteinte à l'intégrité des données et une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Adobe	N/A	Adobe Flash Player version 11.2.202.460 et antérieures (pour linux)
	Adobe	N/A	Adobe Flash Player version 17.0.0.188 et antérieures

References

Title

Publication Time

Tags

Bulletin de sécurité Adobe apsb15-11 du 09 juin 2015

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Adobe Flash Player version 11.2.202.460 et ant\u00e9rieures (pour linux)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    },
    {
      "description": "Adobe Flash Player version 17.0.0.188 et ant\u00e9rieures",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2015-3108",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3108"
    },
    {
      "name": "CVE-2015-3098",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3098"
    },
    {
      "name": "CVE-2015-3103",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3103"
    },
    {
      "name": "CVE-2015-3099",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3099"
    },
    {
      "name": "CVE-2015-3096",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3096"
    },
    {
      "name": "CVE-2015-3104",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3104"
    },
    {
      "name": "CVE-2015-3097",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3097"
    },
    {
      "name": "CVE-2015-3102",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3102"
    },
    {
      "name": "CVE-2015-3106",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3106"
    },
    {
      "name": "CVE-2015-3107",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3107"
    },
    {
      "name": "CVE-2015-3101",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3101"
    },
    {
      "name": "CVE-2015-3100",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3100"
    },
    {
      "name": "CVE-2015-3105",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3105"
    }
  ],
  "initial_release_date": "2015-06-11T00:00:00",
  "last_revision_date": "2015-06-11T00:00:00",
  "links": [],
  "reference": "CERTFR-2015-AVI-253",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2015-06-11T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eAdobe Flash Player\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une\natteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es et une atteinte \u00e0 la confidentialit\u00e9\ndes donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Adobe Flash Player",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Adobe apsb15-11 du 09 juin 2015",
      "url": "https://helpx.adobe.com/security/products/flash-player/apsb15-11.html"
    }
  ]
}

cnvd-2015-03777

Vulnerability from cnvd

Title

Adobe Flash Player ASLR防护绕过漏洞

Description

Adobe Flash Player是一款Flash文件处理程序。 Adobe Flash Player存在安全漏洞，允许远程攻击者利用漏洞绕过Flash堆内存的内存地址随机化限制，可执行未授权操作。 64的windows 7系统受此漏洞影响。

Severity

中

Patch Name

Adobe Flash Player ASLR防护绕过漏洞的补丁

Patch Description

Adobe Flash Player是一款Flash文件处理程序。 Adobe Flash Player存在安全漏洞，允许远程攻击者利用漏洞绕过Flash堆内存的内存地址随机化限制，可执行未授权操作。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

用户可参考如下厂商提供的安全公告获取补丁以修复该漏洞： https://helpx.adobe.com/security/products/flash-player/apsb15-11.html

Reference

https://helpx.adobe.com/security/products/flash-player/apsb15-11.html

Impacted products

Name
['Adobe Flash Player(for Windows and Macintosh) <= 17.0.0.188', 'Adobe Flash Player 13.0.0.289', 'Adobe Flash Player(for Windows and Macintosh) < 13.x', 'Adobe Flash Player 11.2.202.460', 'Adobe Flash Player（for Linux） < 11.x', 'Adobe AIR desktop runtime 17.0.0.172', 'Adobe AIR( for Android) 17.0.0.144', 'Adobe AIR SDK and SDK & Compiler 17.0.0.172']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2015-3097"
    }
  },
  "description": "Adobe Flash Player\u662f\u4e00\u6b3eFlash\u6587\u4ef6\u5904\u7406\u7a0b\u5e8f\u3002\r\n\r\nAdobe Flash Player\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u5141\u8bb8\u8fdc\u7a0b\u653b\u51fb\u8005\u5229\u7528\u6f0f\u6d1e\u7ed5\u8fc7Flash\u5806\u5185\u5b58\u7684\u5185\u5b58\u5730\u5740\u968f\u673a\u5316\u9650\u5236\uff0c\u53ef\u6267\u884c\u672a\u6388\u6743\u64cd\u4f5c\u3002\r\n64\u7684windows 7\u7cfb\u7edf\u53d7\u6b64\u6f0f\u6d1e\u5f71\u54cd\u3002",
  "discovererName": "Chris Evans of Google Project Zero",
  "formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u5382\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u516c\u544a\u83b7\u53d6\u8865\u4e01\u4ee5\u4fee\u590d\u8be5\u6f0f\u6d1e\uff1a\r\nhttps://helpx.adobe.com/security/products/flash-player/apsb15-11.html",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2015-03777",
  "openTime": "2015-06-12",
  "patchDescription": "Adobe Flash Player\u662f\u4e00\u6b3eFlash\u6587\u4ef6\u5904\u7406\u7a0b\u5e8f\u3002 \r\n\r\nAdobe Flash Player\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u5141\u8bb8\u8fdc\u7a0b\u653b\u51fb\u8005\u5229\u7528\u6f0f\u6d1e\u7ed5\u8fc7Flash\u5806\u5185\u5b58\u7684\u5185\u5b58\u5730\u5740\u968f\u673a\u5316\u9650\u5236\uff0c\u53ef\u6267\u884c\u672a\u6388\u6743\u64cd\u4f5c\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Adobe Flash Player ASLR\u9632\u62a4\u7ed5\u8fc7\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Adobe Flash Player(for Windows and Macintosh) \u003c= 17.0.0.188",
      "Adobe Flash Player 13.0.0.289",
      "Adobe Flash Player(for Windows and Macintosh) \u003c 13.x",
      "Adobe Flash Player 11.2.202.460",
      "Adobe Flash Player\uff08for Linux\uff09 \u003c 11.x",
      "Adobe AIR desktop runtime 17.0.0.172",
      "Adobe AIR( for Android) 17.0.0.144",
      "Adobe AIR SDK and SDK \u0026 Compiler 17.0.0.172"
    ]
  },
  "referenceLink": "https://helpx.adobe.com/security/products/flash-player/apsb15-11.html",
  "serverity": "\u4e2d",
  "submitTime": "2015-06-10",
  "title": "Adobe Flash Player ASLR\u9632\u62a4\u7ed5\u8fc7\u6f0f\u6d1e"
}

ghsa-5g7h-j329-988v

Vulnerability from github

Published

2022-05-17 00:49

Modified

2022-05-17 00:49

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2015-3097"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-200"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2015-06-10T01:59:00Z",
    "severity": "MODERATE"
  },
  "details": "Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160, Adobe AIR before 18.0.0.144, Adobe AIR SDK before 18.0.0.144, and Adobe AIR SDK \u0026 Compiler before 18.0.0.144 on 64-bit Windows 7 systems do not properly select a random memory address for the Flash heap, which makes it easier for attackers to conduct unspecified attacks by predicting this address.",
  "id": "GHSA-5g7h-j329-988v",
  "modified": "2022-05-17T00:49:47Z",
  "published": "2022-05-17T00:49:47Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-3097"
    },
    {
      "type": "WEB",
      "url": "https://helpx.adobe.com/security/products/flash-player/apsb15-11.html"
    },
    {
      "type": "WEB",
      "url": "https://helpx.adobe.com/security/products/flash-player/apsb15-16.html"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/201506-01"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/75090"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1032519"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1032810"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2015-3097 (GCVE-0-2015-3097)

Vulnerability from cvelistv5

fkie_cve-2015-3097

Vulnerability from fkie_nvd

gsd-2015-3097

Vulnerability from gsd

CERTFR-2015-AVI-284

Vulnerability from certfr_avis

Contournement provisoire

CERTFR-2015-AVI-253

Vulnerability from certfr_avis

Solution

cnvd-2015-03777

Vulnerability from cnvd

ghsa-5g7h-j329-988v

Vulnerability from github

Tags

Sightings

Nomenclature