FKIE_CVE-2015-5573

Vulnerability from fkie_nvd - Published: 2015-09-22 10:59 - Updated: 2025-04-12 10:46
Severity ?
Summary
Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 allow attackers to execute arbitrary code by leveraging an unspecified "type confusion."
References
psirt@adobe.comhttp://lists.opensuse.org/opensuse-security-announce/2015-09/msg00022.html
psirt@adobe.comhttp://lists.opensuse.org/opensuse-security-announce/2015-09/msg00023.html
psirt@adobe.comhttp://lists.opensuse.org/opensuse-security-announce/2015-09/msg00024.html
psirt@adobe.comhttp://lists.opensuse.org/opensuse-security-announce/2015-10/msg00018.html
psirt@adobe.comhttp://rhn.redhat.com/errata/RHSA-2015-1814.html
psirt@adobe.comhttp://www.securityfocus.com/bid/76794
psirt@adobe.comhttp://www.securitytracker.com/id/1033629
psirt@adobe.comhttps://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04939841
psirt@adobe.comhttps://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388
psirt@adobe.comhttps://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680
psirt@adobe.comhttps://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722
psirt@adobe.comhttps://helpx.adobe.com/security/products/flash-player/apsb15-23.htmlPatch, Vendor Advisory
psirt@adobe.comhttps://security.gentoo.org/glsa/201509-07
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00022.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00023.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00024.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00018.html
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2015-1814.html
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/76794
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1033629
af854a3a-2127-422b-91ae-364da2661108https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04939841
af854a3a-2127-422b-91ae-364da2661108https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388
af854a3a-2127-422b-91ae-364da2661108https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680
af854a3a-2127-422b-91ae-364da2661108https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722
af854a3a-2127-422b-91ae-364da2661108https://helpx.adobe.com/security/products/flash-player/apsb15-23.htmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/201509-07
Impacted products
Vendor Product Version
adobe flash_player *
adobe flash_player 14.0.0.125
adobe flash_player 14.0.0.145
adobe flash_player 14.0.0.176
adobe flash_player 14.0.0.179
adobe flash_player 15.0.0.152
adobe flash_player 15.0.0.167
adobe flash_player 15.0.0.189
adobe flash_player 15.0.0.223
adobe flash_player 15.0.0.239
adobe flash_player 15.0.0.246
adobe flash_player 16.0.0.235
adobe flash_player 16.0.0.257
adobe flash_player 16.0.0.287
adobe flash_player 16.0.0.296
adobe flash_player 17.0.0.134
adobe flash_player 17.0.0.169
adobe flash_player 17.0.0.188
adobe flash_player 17.0.0.190
adobe flash_player 17.0.0.191
adobe flash_player 18.0.0.160
adobe flash_player 18.0.0.194
adobe flash_player 18.0.0.203
adobe flash_player 18.0.0.209
adobe flash_player 18.0.0.232
apple mac_os_x -
microsoft windows -
adobe flash_player *
linux linux_kernel -
adobe air *
adobe air_sdk *
adobe air_sdk_\&_compiler *
apple mac_os_x -
microsoft windows -
adobe air *
google android *
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E2E515D4-87A7-4CB5-8C91-0A95BE8F283B",
              "versionEndIncluding": "13.0.0.289",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:14.0.0.125:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5D7202D-56DF-400B-9F09-E7D9938222D3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:14.0.0.145:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D4F0D21-A64B-46C1-9591-96529661DF0B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:14.0.0.176:*:*:*:*:*:*:*",
              "matchCriteriaId": "86961019-3B81-458E-949F-A2F006EA55FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:14.0.0.179:*:*:*:*:*:*:*",
              "matchCriteriaId": "25895BE9-71FD-4DE7-90FC-0199470A8738",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:15.0.0.152:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D55A950-7D48-413C-AD43-6AC64FBE790C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:15.0.0.167:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1A22B74-453D-4A8A-B79A-2B3143A0D995",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:15.0.0.189:*:*:*:*:*:*:*",
              "matchCriteriaId": "3FE4B077-67D1-4B25-976E-715FB6B2A1D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:15.0.0.223:*:*:*:*:*:*:*",
              "matchCriteriaId": "BFC91B68-6B35-47BD-BC02-3F836E772CF3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:15.0.0.239:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3BE6004-C30A-46E2-9F25-785E12BBF640",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:15.0.0.246:*:*:*:*:*:*:*",
              "matchCriteriaId": "CFE8E51F-7A32-41A4-B03A-73E52EB64C04",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:16.0.0.235:*:*:*:*:*:*:*",
              "matchCriteriaId": "3E13E927-A77C-4681-AFDE-A5A14093234D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:16.0.0.257:*:*:*:*:*:*:*",
              "matchCriteriaId": "27629FF0-5EB9-476F-B5B3-115F663AB65E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:16.0.0.287:*:*:*:*:*:*:*",
              "matchCriteriaId": "C0AB583F-3EBD-47B6-975E-7754CC32CCA7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:16.0.0.296:*:*:*:*:*:*:*",
              "matchCriteriaId": "B58DE1A9-0510-4B65-AB18-75F9263A7818",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:17.0.0.134:*:*:*:*:*:*:*",
              "matchCriteriaId": "1BC4FAD0-4A54-4EDF-BE39-28138B34E719",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:17.0.0.169:*:*:*:*:*:*:*",
              "matchCriteriaId": "BE1FBC20-3DE6-4426-9E97-42AFCEF8CEE4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:17.0.0.188:*:*:*:*:*:*:*",
              "matchCriteriaId": "40EF2221-DE87-4D8F-B92D-8FD21EEBEABA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:17.0.0.190:*:*:*:*:*:*:*",
              "matchCriteriaId": "3DF6FE30-4B7A-49EB-8571-C2C6E6F8F10C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:17.0.0.191:*:*:*:*:*:*:*",
              "matchCriteriaId": "907BA8C1-3C18-420B-A607-1798C72C28A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:18.0.0.160:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B8349AC-871D-4320-B361-D5877CD4DDC5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:18.0.0.194:*:*:*:*:*:*:*",
              "matchCriteriaId": "950A7A0E-8241-430A-BA17-49C650079DCE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:18.0.0.203:*:*:*:*:*:*:*",
              "matchCriteriaId": "B73C55A2-A88A-4245-820F-0DEAC707A40D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:18.0.0.209:*:*:*:*:*:*:*",
              "matchCriteriaId": "E60B5CBA-1ADB-4577-AF7C-687F08E0DC58",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:18.0.0.232:*:*:*:*:*:*:*",
              "matchCriteriaId": "7400BCB7-3C83-4995-BEC2-9D32367D9EC0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4781BF1E-8A4E-4AFF-9540-23D523EE30DD",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "40C5B719-043A-45CB-A00E-34FE19F32AE6",
              "versionEndIncluding": "11.2.202.508",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:air:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E6ADB5A-7C12-4CED-89DA-DACFD2D842A8",
              "versionEndIncluding": "18.0.0.199",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:air_sdk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1DAE3C44-B900-4F9D-84E1-17FA67587210",
              "versionEndIncluding": "18.0.0.199",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:air_sdk_\\\u0026_compiler:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A5E0EBC1-529C-40F7-864F-E08F6D5FFBAD",
              "versionEndIncluding": "18.0.0.180",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4781BF1E-8A4E-4AFF-9540-23D523EE30DD",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:air:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "990E3AB4-FAD2-476D-AFFE-9D0E070BA588",
              "versionEndIncluding": "18.0.0.143",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:google:android:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8255F035-04C8-4158-B301-82101711939C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK \u0026 Compiler before 19.0.0.190 allow attackers to execute arbitrary code by leveraging an unspecified \"type confusion.\""
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad en Adobe Flash Player en versiones anteriores a 18.0.0.241 y 19.x en versiones anteriores a 19.0.0.185 en Windows y OS X y en versiones anteriores a 11.2.202.521 en Linux, Adobe AIR en versiones anteriores a 19.0.0.190, Adobe AIR SDK en versiones anteriores a 19.0.0.190 y Adobe AIR SDK \u0026 Compiler en versiones anteriores a 19.0.0.190, permite a atacantes ejecutar c\u00f3digo arbitrario aprovechando un \u0027type confusion\u0027 no especificado."
    }
  ],
  "evaluatorComment": "\u003ca href=\"http://cwe.mitre.org/data/definitions/843.html\"\u003eCWE-843: Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)\u003c/a\u003e",
  "id": "CVE-2015-5573",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": true,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2015-09-22T10:59:06.077",
  "references": [
    {
      "source": "psirt@adobe.com",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00022.html"
    },
    {
      "source": "psirt@adobe.com",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00023.html"
    },
    {
      "source": "psirt@adobe.com",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00024.html"
    },
    {
      "source": "psirt@adobe.com",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00018.html"
    },
    {
      "source": "psirt@adobe.com",
      "url": "http://rhn.redhat.com/errata/RHSA-2015-1814.html"
    },
    {
      "source": "psirt@adobe.com",
      "url": "http://www.securityfocus.com/bid/76794"
    },
    {
      "source": "psirt@adobe.com",
      "url": "http://www.securitytracker.com/id/1033629"
    },
    {
      "source": "psirt@adobe.com",
      "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04939841"
    },
    {
      "source": "psirt@adobe.com",
      "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388"
    },
    {
      "source": "psirt@adobe.com",
      "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680"
    },
    {
      "source": "psirt@adobe.com",
      "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722"
    },
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://helpx.adobe.com/security/products/flash-player/apsb15-23.html"
    },
    {
      "source": "psirt@adobe.com",
      "url": "https://security.gentoo.org/glsa/201509-07"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00022.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00023.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00024.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00018.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2015-1814.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/76794"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1033629"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04939841"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://helpx.adobe.com/security/products/flash-player/apsb15-23.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.gentoo.org/glsa/201509-07"
    }
  ],
  "sourceIdentifier": "psirt@adobe.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.