var-201508-0071
Vulnerability from variot
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linux, Adobe AIR before 18.0.0.199, Adobe AIR SDK before 18.0.0.199, and Adobe AIR SDK & Compiler before 18.0.0.199 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-5127, CVE-2015-5130, CVE-2015-5134, CVE-2015-5539, CVE-2015-5540, CVE-2015-5550, CVE-2015-5551, CVE-2015-5556, CVE-2015-5557, CVE-2015-5559, CVE-2015-5561, CVE-2015-5563, CVE-2015-5564, and CVE-2015-5565. This vulnerability CVE-2015-5127 , CVE-2015-5130 , CVE-2015-5134 , CVE-2015-5539 , CVE-2015-5540 , CVE-2015-5550 , CVE-2015-5551 , CVE-2015-5556 , CVE-2015-5557 , CVE-2015-5559 , CVE-2015-5561 , CVE-2015-5563 , CVE-2015-5564 ,and CVE-2015-5565 Is a different vulnerability. Supplementary information : CWE Vulnerability type by CWE-416: Use-after-free ( Use of freed memory ) Has been identified. http://cwe.mitre.org/data/definitions/416.htmlAn attacker could execute arbitrary code. A use-after-free vulnerability exists in several Adobe products. The following products and versions are affected: Adobe Flash Player Desktop Runtime 18.0.0.209 and earlier versions and Adobe Flash Player Extended Support Release 13.0.0.309 and earlier versions based on Windows and Macintosh platforms, Adobe Flash Player for Windows, Macintosh and Linux platforms Google Chrome 18.0.0.209 and earlier, Adobe Flash Player for Microsoft Edge and Internet Explorer 11 on Windows 10 18.0.0.209 and earlier, Adobe Flash Player for Internet Explorer 10 and 11 18.0.0.209 on Windows 8.0 and 8.1 and previous versions, Adobe Flash Player for Linux 11.2.202.491 and previous versions based on Linux platforms, AIR Desktop Runtime 18.0.0.180 and previous versions based on Windows and Macintosh platforms, and AIR SDK 18.0 based on Windows, Macintosh, Android and iOS platforms. 0.180 and earlier and AIR SDK & Compiler 18.0.0.180 and earlier
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-201508-0071", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "air sdk \\& compiler", scope: "lte", trust: 1, vendor: "adobe", version: "18.0.0.180", }, { model: "air sdk", scope: "lte", trust: 1, vendor: "adobe", version: "18.0.0.180", }, { model: "flash player", scope: "lte", trust: 1, vendor: "adobe", version: "11.2.202.491", }, { model: "air", scope: "lte", trust: 1, vendor: "adobe", version: "18.0.0.180", }, { model: "flash player", scope: "lte", trust: 1, vendor: "adobe", version: "18.0.0.209", }, { model: "chrome", scope: null, trust: 0.8, vendor: "google", version: null, }, { model: "air", scope: "lt", trust: 0.8, vendor: "adobe", version: "desktop runtime 18.0.0.199 (windows/macintosh)", }, { model: "air sdk", scope: "lt", trust: 0.8, vendor: "adobe", version: "18.0.0.199 (windows/macintosh/android/ios)", }, { model: "air sdk & compiler", scope: "lt", trust: 0.8, vendor: "adobe", version: "18.0.0.199 (windows/macintosh/android/ios)", }, { model: "flash player", scope: "lt", trust: 0.8, vendor: "adobe", version: "11.2.202.508 (linux)", }, { model: "flash player", scope: "lt", trust: 0.8, vendor: "adobe", version: "18.0.0.232 (internet explorer 10/11)", }, { model: "flash player", scope: "lt", trust: 0.8, vendor: "adobe", version: "18.0.0.232 (microsoft edge)", }, { model: "flash player", scope: "lt", trust: 0.8, vendor: "adobe", version: "18.0.0.232 (windows/macintosh edition chrome)", }, { model: "flash player", scope: "lt", trust: 0.8, vendor: "adobe", version: "18.0.0.233 (linux/chrome os edition chrome)", }, { model: "flash player", scope: "lt", trust: 0.8, vendor: "adobe", version: "desktop runtime 18.0.0.232 (windows/macintosh)", }, { model: "flash player", scope: "lt", trust: 0.8, vendor: "adobe", version: "continuous support release 18.0.0.232 (windows/macintosh)", }, { model: "edge", scope: "eq", trust: 0.8, vendor: "microsoft", version: "(windows 10)", }, { model: "internet explorer", scope: "eq", trust: 0.8, vendor: "microsoft", version: "10 (windows 8/windows server 2012/windows rt)", }, { model: "internet explorer", scope: "eq", trust: 0.8, vendor: "microsoft", version: "11 (windows 8.1/windows server 2012 r2/windows rt 8.1/windows 10)", }, { model: "air", scope: "eq", trust: 0.6, vendor: "adobe", version: "18.0.0.180", }, { model: "air sdk \\& compiler", scope: "eq", trust: 0.6, vendor: "adobe", version: "18.0.0.180", }, { model: "flash player", scope: "eq", trust: 0.6, vendor: "adobe", version: "18.0.0.209", }, { model: "air sdk", scope: "eq", trust: 0.6, vendor: "adobe", version: "18.0.0.180", }, { model: "flash player", scope: "eq", trust: 0.6, vendor: "adobe", version: "11.2.202.491", }, ], sources: [ { db: "JVNDB", id: "JVNDB-2015-004402", }, { db: "CNNVD", id: "CNNVD-201508-507", }, { db: "NVD", id: "CVE-2015-5566", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { cpe_match: [ { cpe22Uri: "cpe:/a:google:chrome", vulnerable: true, }, { cpe22Uri: "cpe:/a:adobe:adobe_air", vulnerable: true, }, { cpe22Uri: "cpe:/a:adobe:adobe_air_sdk", vulnerable: true, }, { cpe22Uri: "cpe:/a:adobe:adobe_air_sdk_and_compiler", vulnerable: true, }, { cpe22Uri: "cpe:/a:adobe:flash_player", vulnerable: true, }, { cpe22Uri: "cpe:/a:microsoft:edge", vulnerable: true, }, { cpe22Uri: "cpe:/a:microsoft:internet_explorer", vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "JVNDB", id: "JVNDB-2015-004402", }, ], }, cve: "CVE-2015-5566", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "nvd@nist.gov", availabilityImpact: "COMPLETE", baseScore: 10, confidentialityImpact: "COMPLETE", exploitabilityScore: 10, id: "CVE-2015-5566", impactScore: 10, integrityImpact: "COMPLETE", severity: "HIGH", trust: 1.9, vectorString: "AV:N/AC:L/Au:N/C:C/I:C/A:C", version: "2.0", }, { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "VULHUB", availabilityImpact: "COMPLETE", baseScore: 10, confidentialityImpact: "COMPLETE", exploitabilityScore: 10, id: "VHN-83527", impactScore: 10, integrityImpact: "COMPLETE", severity: "HIGH", trust: 0.1, vectorString: "AV:N/AC:L/AU:N/C:C/I:C/A:C", version: "2.0", }, ], cvssV3: [], severity: [ { author: "nvd@nist.gov", id: "CVE-2015-5566", trust: 1, value: "HIGH", }, { author: "NVD", id: "CVE-2015-5566", trust: 0.8, value: "High", }, { author: "CNNVD", id: "CNNVD-201508-507", trust: 0.6, value: "CRITICAL", }, { author: "VULHUB", id: "VHN-83527", trust: 0.1, value: "HIGH", }, { author: "VULMON", id: "CVE-2015-5566", trust: 0.1, value: "HIGH", }, ], }, ], sources: [ { db: "VULHUB", id: "VHN-83527", }, { db: "VULMON", id: "CVE-2015-5566", }, { db: "JVNDB", id: "JVNDB-2015-004402", }, { db: "CNNVD", id: "CNNVD-201508-507", }, { db: "NVD", id: "CVE-2015-5566", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Use-after-free vulnerability in Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linux, Adobe AIR before 18.0.0.199, Adobe AIR SDK before 18.0.0.199, and Adobe AIR SDK & Compiler before 18.0.0.199 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-5127, CVE-2015-5130, CVE-2015-5134, CVE-2015-5539, CVE-2015-5540, CVE-2015-5550, CVE-2015-5551, CVE-2015-5556, CVE-2015-5557, CVE-2015-5559, CVE-2015-5561, CVE-2015-5563, CVE-2015-5564, and CVE-2015-5565. This vulnerability CVE-2015-5127 , CVE-2015-5130 , CVE-2015-5134 , CVE-2015-5539 , CVE-2015-5540 , CVE-2015-5550 , CVE-2015-5551 , CVE-2015-5556 , CVE-2015-5557 , CVE-2015-5559 , CVE-2015-5561 , CVE-2015-5563 , CVE-2015-5564 ,and CVE-2015-5565 Is a different vulnerability. Supplementary information : CWE Vulnerability type by CWE-416: Use-after-free ( Use of freed memory ) Has been identified. http://cwe.mitre.org/data/definitions/416.htmlAn attacker could execute arbitrary code. A use-after-free vulnerability exists in several Adobe products. The following products and versions are affected: Adobe Flash Player Desktop Runtime 18.0.0.209 and earlier versions and Adobe Flash Player Extended Support Release 13.0.0.309 and earlier versions based on Windows and Macintosh platforms, Adobe Flash Player for Windows, Macintosh and Linux platforms Google Chrome 18.0.0.209 and earlier, Adobe Flash Player for Microsoft Edge and Internet Explorer 11 on Windows 10 18.0.0.209 and earlier, Adobe Flash Player for Internet Explorer 10 and 11 18.0.0.209 on Windows 8.0 and 8.1 and previous versions, Adobe Flash Player for Linux 11.2.202.491 and previous versions based on Linux platforms, AIR Desktop Runtime 18.0.0.180 and previous versions based on Windows and Macintosh platforms, and AIR SDK 18.0 based on Windows, Macintosh, Android and iOS platforms. 0.180 and earlier and AIR SDK & Compiler 18.0.0.180 and earlier", sources: [ { db: "NVD", id: "CVE-2015-5566", }, { db: "JVNDB", id: "JVNDB-2015-004402", }, { db: "VULHUB", id: "VHN-83527", }, { db: "VULMON", id: "CVE-2015-5566", }, ], trust: 1.8, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2015-5566", trust: 2.6, }, { db: "SECTRACK", id: "1033235", trust: 1.2, }, { db: "JVNDB", id: "JVNDB-2015-004402", trust: 0.8, }, { db: "CNNVD", id: "CNNVD-201508-507", trust: 0.7, }, { db: "VULHUB", id: "VHN-83527", trust: 0.1, }, { db: "VULMON", id: "CVE-2015-5566", trust: 0.1, }, ], sources: [ { db: "VULHUB", id: "VHN-83527", }, { db: "VULMON", id: "CVE-2015-5566", }, { db: "JVNDB", id: "JVNDB-2015-004402", }, { db: "CNNVD", id: "CNNVD-201508-507", }, { db: "NVD", id: "CVE-2015-5566", }, ], }, id: "VAR-201508-0071", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VULHUB", id: "VHN-83527", }, ], trust: 0.01, }, last_update_date: "2024-11-23T20:52:47.978000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "APSB15-19", trust: 0.8, url: "https://helpx.adobe.com/security/products/flash-player/apsb15-19.html", }, { title: "APSB15-19", trust: 0.8, url: "https://helpx.adobe.com/jp/security/products/flash-player/apsb15-19.html", }, { title: "Google Chrome を更新する", trust: 0.8, url: "https://support.google.com/chrome/answer/95414?hl=ja", }, { title: "Google Chrome", trust: 0.8, url: "https://www.google.com/intl/ja/chrome/browser/features.html", }, { title: "Chrome Releases", trust: 0.8, url: "http://googlechromereleases.blogspot.jp/", }, { title: "Update for Vulnerabilities in Adobe Flash Player in Internet Explorer and Microsoft Edge (2755801)", trust: 0.8, url: "https://technet.microsoft.com/en-us/library/security/2755801", }, { title: "Internet Explorer および Microsoft Edge 上の Adobe Flash Player の脆弱性に対応する更新プログラム (2755801)", trust: 0.8, url: "https://technet.microsoft.com/ja-jp/library/security/2755801", }, { title: "アドビ システムズ社 Adobe Flash Player の脆弱性に関するお知らせ", trust: 0.8, url: "http://www.fmworld.net/biz/common/adobe/20150813f.html", }, { title: "Red Hat: CVE-2015-5566", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database&qid=CVE-2015-5566", }, { title: "CVE-Study", trust: 0.1, url: "https://github.com/thdusdl1219/CVE-Study ", }, ], sources: [ { db: "VULMON", id: "CVE-2015-5566", }, { db: "JVNDB", id: "JVNDB-2015-004402", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "NVD-CWE-Other", trust: 1, }, { problemtype: "CWE-Other", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2015-004402", }, { db: "NVD", id: "CVE-2015-5566", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.8, url: "https://helpx.adobe.com/security/products/flash-player/apsb15-19.html", }, { trust: 1.2, url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05356388", }, { trust: 1.2, url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05385680", }, { trust: 1.2, url: "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05390722", }, { trust: 1.2, url: "http://rhn.redhat.com/errata/rhsa-2015-1603.html", }, { trust: 1.2, url: "http://www.securitytracker.com/id/1033235", }, { trust: 0.8, url: "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-5566", }, { trust: 0.8, url: "https://www.ipa.go.jp/security/ciadr/vul/20150812-adobeflashplayer.html", }, { trust: 0.8, url: "http://www.jpcert.or.jp/at/2015/at150029.html", }, { trust: 0.8, url: "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-5566", }, { trust: 0.8, url: "http://www.npa.go.jp/cyberpolice/topics/?seq=16704", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/.html", }, { trust: 0.1, url: "https://nvd.nist.gov", }, { trust: 0.1, url: "https://access.redhat.com/security/cve/cve-2015-5566", }, ], sources: [ { db: "VULHUB", id: "VHN-83527", }, { db: "VULMON", id: "CVE-2015-5566", }, { db: "JVNDB", id: "JVNDB-2015-004402", }, { db: "CNNVD", id: "CNNVD-201508-507", }, { db: "NVD", id: "CVE-2015-5566", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "VULHUB", id: "VHN-83527", }, { db: "VULMON", id: "CVE-2015-5566", }, { db: "JVNDB", id: "JVNDB-2015-004402", }, { db: "CNNVD", id: "CNNVD-201508-507", }, { db: "NVD", id: "CVE-2015-5566", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2015-08-24T00:00:00", db: "VULHUB", id: "VHN-83527", }, { date: "2015-08-24T00:00:00", db: "VULMON", id: "CVE-2015-5566", }, { date: "2015-08-26T00:00:00", db: "JVNDB", id: "JVNDB-2015-004402", }, { date: "2015-08-25T00:00:00", db: "CNNVD", id: "CNNVD-201508-507", }, { date: "2015-08-24T10:59:00.127000", db: "NVD", id: "CVE-2015-5566", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2018-01-05T00:00:00", db: "VULHUB", id: "VHN-83527", }, { date: "2018-01-05T00:00:00", db: "VULMON", id: "CVE-2015-5566", }, { date: "2015-08-26T00:00:00", db: "JVNDB", id: "JVNDB-2015-004402", }, { date: "2015-08-25T00:00:00", db: "CNNVD", id: "CNNVD-201508-507", }, { date: "2024-11-21T02:33:17.693000", db: "NVD", id: "CVE-2015-5566", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-201508-507", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Adobe Flash Player and Adobe AIR Vulnerable to arbitrary code execution", sources: [ { db: "JVNDB", id: "JVNDB-2015-004402", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "other", sources: [ { db: "CNNVD", id: "CNNVD-201508-507", }, ], trust: 0.6, }, }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
Title of the comment
Description of the comment
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.