cnvd - cnvd-2015-06335

CNVD-2015-06335

Vulnerability from cnvd - Published: 2015-10-09

Title

Adobe Flash Player缓冲区溢出漏洞（CNVD-2015-06335）

Description

Flash Player是一款高性能的、轻量型且极具表现力的客户端运行时播放器。 Adobe Flash Player/AIR在实现上存在缓冲区溢出漏洞。远程攻击者利用此漏洞可执行任意代码。

Severity

高

Patch Name

Adobe Flash Player缓冲区溢出漏洞（CNVD-2015-06335）的补丁

Patch Description

Flash Player是一款高性能的、轻量型且极具表现力的客户端运行时播放器。 Adobe Flash Player/AIR在实现上存在缓冲区溢出漏洞。远程攻击者利用此漏洞可执行任意代码。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： https://helpx.adobe.com/security/products/flash-player/apsb15-23.html

Reference

https://helpx.adobe.com/security/products/flash-player/apsb15-23.html

Impacted products

Name
['Adobe Flash Player < 18.0.0.241', 'Adobe Flash Player(on Windows/OS X) 19.x(<19.0.0.185)', 'Adobe Flash Player(on Linux) < 11.2.202.521', 'Adobe AIR < 19.0.0.190', 'Adobe AIR SDK < 19.0.0.190']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2015-6678"
    }
  },
  "description": "Flash Player\u662f\u4e00\u6b3e\u9ad8\u6027\u80fd\u7684\u3001\u8f7b\u91cf\u578b\u4e14\u6781\u5177\u8868\u73b0\u529b\u7684\u5ba2\u6237\u7aef\u8fd0\u884c\u65f6\u64ad\u653e\u5668\u3002\r\n\r\nAdobe Flash Player/AIR\u5728\u5b9e\u73b0\u4e0a\u5b58\u5728\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u5229\u7528\u6b64\u6f0f\u6d1e\u53ef\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002",
  "discovererName": "Keen Team",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\nhttps://helpx.adobe.com/security/products/flash-player/apsb15-23.html",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2015-06335",
  "openTime": "2015-10-09",
  "patchDescription": "Flash Player\u662f\u4e00\u6b3e\u9ad8\u6027\u80fd\u7684\u3001\u8f7b\u91cf\u578b\u4e14\u6781\u5177\u8868\u73b0\u529b\u7684\u5ba2\u6237\u7aef\u8fd0\u884c\u65f6\u64ad\u653e\u5668\u3002 \r\n\r\nAdobe Flash Player/AIR\u5728\u5b9e\u73b0\u4e0a\u5b58\u5728\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u5229\u7528\u6b64\u6f0f\u6d1e\u53ef\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Adobe Flash Player\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\uff08CNVD-2015-06335\uff09\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Adobe Flash Player \u003c 18.0.0.241",
      "Adobe Flash Player(on Windows/OS X) 19.x(\u003c19.0.0.185)",
      "Adobe Flash Player(on Linux) \u003c 11.2.202.521",
      "Adobe AIR \u003c 19.0.0.190",
      "Adobe AIR SDK \u003c 19.0.0.190"
    ]
  },
  "referenceLink": "https://helpx.adobe.com/security/products/flash-player/apsb15-23.html",
  "serverity": "\u9ad8",
  "submitTime": "2015-09-28",
  "title": "Adobe Flash Player\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\uff08CNVD-2015-06335\uff09"
}

CVE-2015-6678 (GCVE-0-2015-6678)

Vulnerability from cvelistv5 – Published: 2015-09-22 10:00 – Updated: 2024-08-06 07:29

Summary

Buffer overflow in Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-6676.

Severity ?

No CVSS data available.

CWE

Assigner

adobe

References

URL

Tags

	http://rhn.redhat.com/errata/RHSA-2015-1814.html	vendor-advisoryx_refsource_REDHAT
	http://www.zerodayinitiative.com/advisories/ZDI-15-446	x_refsource_MISC
	https://h20566.www2.hpe.com/portal/site/hpsc/publ…	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	http://www.securitytracker.com/id/1033629	vdb-entryx_refsource_SECTRACK
	http://www.securityfocus.com/bid/76801	vdb-entryx_refsource_BID
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	https://h20564.www2.hpe.com/portal/site/hpsc/publ…	x_refsource_CONFIRM
	https://h20566.www2.hpe.com/portal/site/hpsc/publ…	x_refsource_CONFIRM
	https://helpx.adobe.com/security/products/flash-p…	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	https://security.gentoo.org/glsa/201509-07	vendor-advisoryx_refsource_GENTOO
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	https://h20566.www2.hpe.com/portal/site/hpsc/publ…	x_refsource_CONFIRM

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T07:29:24.231Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2015:1814",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2015-1814.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.zerodayinitiative.com/advisories/ZDI-15-446"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680"
          },
          {
            "name": "openSUSE-SU-2015:1616",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00023.html"
          },
          {
            "name": "1033629",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1033629"
          },
          {
            "name": "76801",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/76801"
          },
          {
            "name": "SUSE-SU-2015:1618",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00024.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04939841"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://helpx.adobe.com/security/products/flash-player/apsb15-23.html"
          },
          {
            "name": "SUSE-SU-2015:1614",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00022.html"
          },
          {
            "name": "GLSA-201509-07",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201509-07"
          },
          {
            "name": "openSUSE-SU-2015:1781",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00018.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-09-21T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Buffer overflow in Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK \u0026 Compiler before 19.0.0.190 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-6676."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-02-16T10:57:01",
        "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "shortName": "adobe"
      },
      "references": [
        {
          "name": "RHSA-2015:1814",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2015-1814.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.zerodayinitiative.com/advisories/ZDI-15-446"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680"
        },
        {
          "name": "openSUSE-SU-2015:1616",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00023.html"
        },
        {
          "name": "1033629",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1033629"
        },
        {
          "name": "76801",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/76801"
        },
        {
          "name": "SUSE-SU-2015:1618",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00024.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04939841"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://helpx.adobe.com/security/products/flash-player/apsb15-23.html"
        },
        {
          "name": "SUSE-SU-2015:1614",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00022.html"
        },
        {
          "name": "GLSA-201509-07",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201509-07"
        },
        {
          "name": "openSUSE-SU-2015:1781",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00018.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@adobe.com",
          "ID": "CVE-2015-6678",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Buffer overflow in Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK \u0026 Compiler before 19.0.0.190 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-6676."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "RHSA-2015:1814",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2015-1814.html"
            },
            {
              "name": "http://www.zerodayinitiative.com/advisories/ZDI-15-446",
              "refsource": "MISC",
              "url": "http://www.zerodayinitiative.com/advisories/ZDI-15-446"
            },
            {
              "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680",
              "refsource": "CONFIRM",
              "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680"
            },
            {
              "name": "openSUSE-SU-2015:1616",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00023.html"
            },
            {
              "name": "1033629",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1033629"
            },
            {
              "name": "76801",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/76801"
            },
            {
              "name": "SUSE-SU-2015:1618",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00024.html"
            },
            {
              "name": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04939841",
              "refsource": "CONFIRM",
              "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04939841"
            },
            {
              "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722",
              "refsource": "CONFIRM",
              "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722"
            },
            {
              "name": "https://helpx.adobe.com/security/products/flash-player/apsb15-23.html",
              "refsource": "CONFIRM",
              "url": "https://helpx.adobe.com/security/products/flash-player/apsb15-23.html"
            },
            {
              "name": "SUSE-SU-2015:1614",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00022.html"
            },
            {
              "name": "GLSA-201509-07",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201509-07"
            },
            {
              "name": "openSUSE-SU-2015:1781",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00018.html"
            },
            {
              "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388",
              "refsource": "CONFIRM",
              "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
    "assignerShortName": "adobe",
    "cveId": "CVE-2015-6678",
    "datePublished": "2015-09-22T10:00:00",
    "dateReserved": "2015-08-26T00:00:00",
    "dateUpdated": "2024-08-06T07:29:24.231Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2015-06335

CVE-2015-6678 (GCVE-0-2015-6678)

Tags

Sightings

Nomenclature