FKIE_CVE-2015-8409

Vulnerability from fkie_nvd - Published: 2015-12-10 05:59 - Updated: 2025-04-12 10:46
Severity ?
Summary
Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allow attackers to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2015-8440 and CVE-2015-8453.
References
psirt@adobe.comhttp://lists.opensuse.org/opensuse-security-announce/2015-12/msg00007.html
psirt@adobe.comhttp://lists.opensuse.org/opensuse-security-announce/2015-12/msg00008.html
psirt@adobe.comhttp://lists.opensuse.org/opensuse-security-announce/2015-12/msg00012.html
psirt@adobe.comhttp://www.securityfocus.com/bid/78713
psirt@adobe.comhttp://www.securitytracker.com/id/1034318
psirt@adobe.comhttps://helpx.adobe.com/security/products/flash-player/apsb15-32.htmlPatch, Vendor Advisory
psirt@adobe.comhttps://security.gentoo.org/glsa/201601-03
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00007.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00008.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00012.html
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/78713
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1034318
af854a3a-2127-422b-91ae-364da2661108https://helpx.adobe.com/security/products/flash-player/apsb15-32.htmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/201601-03
Impacted products
Vendor Product Version
adobe air_sdk *
adobe air_sdk_\&_compiler *
apple iphone_os *
apple mac_os_x *
google android *
microsoft windows *
adobe flash_player *
adobe flash_player 19.0.0.185
adobe flash_player 19.0.0.207
adobe flash_player 19.0.0.226
adobe flash_player 19.0.0.245
apple mac_os_x *
microsoft windows *
adobe air *
apple mac_os_x *
microsoft windows *
adobe flash_player *
linux linux_kernel *
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:air_sdk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "89A1DBA3-8B4E-4832-8D39-6490CD99FE6B",
              "versionEndIncluding": "19.0.0.241",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:air_sdk_\\\u0026_compiler:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7C30B2BE-C291-495C-B7A8-A27492BE7177",
              "versionEndIncluding": "19.0.0.241",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "340C4071-1447-477F-942A-8E09EA29F917",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0FF5999A-9D12-4CDD-8DE9-A89C10B2D574",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:google:android:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8255F035-04C8-4158-B301-82101711939C",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F715997-66B9-4099-8DD4-C0CAC7E27492",
              "versionEndIncluding": "18.0.0.261",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:19.0.0.185:*:*:*:*:*:*:*",
              "matchCriteriaId": "130D56D9-BFAD-44AB-BA04-1E6E2F18A049",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:19.0.0.207:*:*:*:*:*:*:*",
              "matchCriteriaId": "A0CE2650-25EB-446E-B2C9-631177740E87",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:19.0.0.226:*:*:*:*:*:*:*",
              "matchCriteriaId": "CBAE999D-B558-4714-854D-42D45A7A48BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:19.0.0.245:*:*:*:*:*:*:*",
              "matchCriteriaId": "0E47897F-1045-4CED-B208-4BED652FAE6F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0FF5999A-9D12-4CDD-8DE9-A89C10B2D574",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:air:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "044936DC-41A9-407F-BE64-B0D6FD7F501E",
              "versionEndIncluding": "19.0.0.241",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0FF5999A-9D12-4CDD-8DE9-A89C10B2D574",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A02328C4-D810-4774-8F28-2B5FB6C7CDB5",
              "versionEndIncluding": "11.2.202.548",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "155AD4FB-E527-4103-BCEF-801B653DEA37",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK \u0026 Compiler before 20.0.0.204 allow attackers to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2015-8440 and CVE-2015-8453."
    },
    {
      "lang": "es",
      "value": "Adobe Flash Player en versiones anteriores a 18.0.0.268 y 19.x y 20.x en versiones anteriores a 20.0.0.228 en Windows y OS X y en versiones anteriores a 11.2.202.554 en Linux, Adobe AIR en versiones anteriores a 20.0.0.204, Adobe AIR SDK en versiones anteriores a 20.0.0.204 y Adobe AIR SDK \u0026 Compiler en versiones anteriores a 20.0.0.204 permiten a atacantes eludir las restricciones de acceso previstas a trav\u00e9s de vectores no especificados, una vulnerabilidad diferente a CVE-2015-8440 y CVE-2015-8453."
    }
  ],
  "id": "CVE-2015-8409",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": true,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2015-12-10T05:59:31.777",
  "references": [
    {
      "source": "psirt@adobe.com",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00007.html"
    },
    {
      "source": "psirt@adobe.com",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00008.html"
    },
    {
      "source": "psirt@adobe.com",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00012.html"
    },
    {
      "source": "psirt@adobe.com",
      "url": "http://www.securityfocus.com/bid/78713"
    },
    {
      "source": "psirt@adobe.com",
      "url": "http://www.securitytracker.com/id/1034318"
    },
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://helpx.adobe.com/security/products/flash-player/apsb15-32.html"
    },
    {
      "source": "psirt@adobe.com",
      "url": "https://security.gentoo.org/glsa/201601-03"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00007.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00008.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00012.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/78713"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1034318"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://helpx.adobe.com/security/products/flash-player/apsb15-32.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.gentoo.org/glsa/201601-03"
    }
  ],
  "sourceIdentifier": "psirt@adobe.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.