var-201603-0072
Vulnerability from variot
Adobe Flash Player and Adobe AIR Use freed memory (Use-after-free) May allow arbitrary code execution vulnerabilities. This vulnerability CVE-2015-8048 , CVE-2015-8049 , CVE-2015-8050 , CVE-2015-8055 , CVE-2015-8056 , CVE-2015-8057 , CVE-2015-8058 , CVE-2015-8059 , CVE-2015-8061 , CVE-2015-8062 , CVE-2015-8063 , CVE-2015-8064 , CVE-2015-8065 , CVE-2015-8066 , CVE-2015-8067 , CVE-2015-8068 , CVE-2015-8069 , CVE-2015-8070 , CVE-2015-8071 , CVE-2015-8401 , CVE-2015-8402 , CVE-2015-8403 , CVE-2015-8404 , CVE-2015-8405 , CVE-2015-8406 , CVE-2015-8410 , CVE-2015-8411 , CVE-2015-8412 , CVE-2015-8413 , CVE-2015-8414 , CVE-2015-8420 , CVE-2015-8421 , CVE-2015-8422 , CVE-2015-8423 , CVE-2015-8424 , CVE-2015-8425 , CVE-2015-8426 , CVE-2015-8427 , CVE-2015-8428 , CVE-2015-8429 , CVE-2015-8430 , CVE-2015-8431 , CVE-2015-8432 , CVE-2015-8433 , CVE-2015-8434 , CVE-2015-8435 , CVE-2015-8436 , CVE-2015-8437 , CVE-2015-8441 , CVE-2015-8442 , CVE-2015-8447 , CVE-2015-8448 , CVE-2015-8449 , CVE-2015-8450 , CVE-2015-8452 , CVE-2015-8454 , CVE-2015-8655 , CVE-2015-8821 ,and CVE-2015-8822 Is a different vulnerability. Supplementary information : CWE Vulnerability type by CWE-416: Use-after-free ( Use of freed memory ) Has been identified. http://cwe.mitre.org/data/definitions/416.htmlCrafted by attackers MPEG-4 An arbitrary code may be executed via the data. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within MPEG-4 parsing. A specially crafted MP4 file can force a dangling pointer to be reused after it has been freed. Adobe Flash Player, Adobe AIR SDK and Adobe AIR SDK & Compiler are all products of American Adobe (Adobe). A use-after-free vulnerability exists in several Adobe products. The following products and versions are affected: Adobe Flash Player Desktop Runtime 19.0.0.245 and earlier versions based on Windows and Macintosh platforms and Adobe Flash Player Extended Support Release 18.0.0.261 and earlier versions, Adobe Flash based on Windows, Macintosh, Linux and ChromeOS platforms Player for Google Chrome 19.0.0.245 and earlier, Adobe Flash Player for Microsoft Edge and Internet Explorer 11 on Windows 10 19.0.0.245 and earlier, Adobe Flash Player for Internet Explorer 10 and 11 19.0 on Windows 8.0 and 8.1 .0.245 and earlier versions, Adobe Flash Player for Linux 11.2.202.548 and earlier versions based on Linux platforms, AIR Desktop Runtime 19.0.0.241 and earlier versions based on Windows and Macintosh platforms, AIR SDK based on Windows, Macintosh, Android and iOS platforms 19.0.0.241 and earlier versions and AIR SDK & Compiler 19.0.0
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201603-0072",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "flash player",
"scope": "lte",
"trust": 1.0,
"vendor": "adobe",
"version": "11.2.202.548"
},
{
"model": "air sdk",
"scope": "lte",
"trust": 1.0,
"vendor": "adobe",
"version": "19.0.0.241"
},
{
"model": "flash player",
"scope": "lte",
"trust": 1.0,
"vendor": "adobe",
"version": "19.0.0.245"
},
{
"model": "flash player",
"scope": "lte",
"trust": 1.0,
"vendor": "adobe",
"version": "18.0.0.261"
},
{
"model": "air desktop runtime",
"scope": "lte",
"trust": 1.0,
"vendor": "adobe",
"version": "19.0.0.241"
},
{
"model": "air",
"scope": "lte",
"trust": 1.0,
"vendor": "adobe",
"version": "19.0.0.241"
},
{
"model": "flash player desktop runtime",
"scope": "lte",
"trust": 1.0,
"vendor": "adobe",
"version": "19.0.0.245"
},
{
"model": "air sdk \\\u0026 compiler",
"scope": "lte",
"trust": 1.0,
"vendor": "adobe",
"version": "19.0.0.241"
},
{
"model": "chrome",
"scope": "lt",
"trust": 0.8,
"vendor": "google",
"version": "47.0.2526.80 (windows/macintosh/linux/chrome os)"
},
{
"model": "air",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "20.0.0.204 (android)"
},
{
"model": "air",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "desktop runtime 20.0.0.204 (windows/macintosh)"
},
{
"model": "air sdk",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "20.0.0.204 (windows/macintosh/android/ios)"
},
{
"model": "air sdk \u0026 compiler",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "20.0.0.204 (windows/macintosh/android/ios)"
},
{
"model": "flash player",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "11.2.202.554 (linux)"
},
{
"model": "flash player",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "20.0.0.228 (windows 10 edition microsoft edge/internet explorer 11)"
},
{
"model": "flash player",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "20.0.0.228 (windows 8.0 and 8.1 edition internet explorer 10/11)"
},
{
"model": "flash player",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "20.0.0.228 (windows/macintosh/linux/chromeos edition chrome)"
},
{
"model": "flash player",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "desktop runtime (firefox and safari support for ) 20.0.0.235 (windows/macintosh)"
},
{
"model": "flash player",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "desktop runtime (internet explorer support for ) 20.0.0.228 (windows/macintosh)"
},
{
"model": "flash player",
"scope": "lt",
"trust": 0.8,
"vendor": "adobe",
"version": "continuous support release 18.0.0.268 (windows/macintosh)"
},
{
"model": "edge",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "(windows 10)"
},
{
"model": "internet explorer",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "10 (windows 8/windows server 2012/windows rt)"
},
{
"model": "internet explorer",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "11 (windows 8.1/windows server 2012 r2/windows rt 8.1/windows 10)"
},
{
"model": "flash",
"scope": null,
"trust": 0.7,
"vendor": "adobe",
"version": null
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "20.0.0.286"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "19.0.0.245"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "19.0.0.207"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "19.0.0.185"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "20.0.0.228"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "18.0.0.261"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "19.0.0.226"
},
{
"model": "air sdk",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "19.0.0.241"
},
{
"model": "flash player",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "20.0.0.235"
},
{
"model": "air sdk \\\\\\\u0026 compiler",
"scope": "eq",
"trust": 0.6,
"vendor": "adobe",
"version": "19.0.0.241"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-15-657"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006962"
},
{
"db": "NVD",
"id": "CVE-2015-8653"
},
{
"db": "CNNVD",
"id": "CNNVD-201603-035"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "11.2.202.548",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:adobe:flash_player_desktop_runtime:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "19.0.0.245",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:adobe:flash_player:*:*:*:*:esr:*:*:*",
"cpe_name": [],
"versionEndIncluding": "18.0.0.261",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_8:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:internet_explorer:*:*",
"cpe_name": [],
"versionEndIncluding": "19.0.0.245",
"vulnerable": true
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:chrome:*:*",
"cpe_name": [],
"versionEndIncluding": "19.0.0.245",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:google:chrome_os:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:edge:*:*",
"cpe_name": [],
"versionEndIncluding": "19.0.0.245",
"vulnerable": true
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:adobe:air_desktop_runtime:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "19.0.0.241",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:adobe:air_sdk:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "19.0.0.241",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:apple:iphone_os:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:adobe:air_sdk_\\\u0026_compiler:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "19.0.0.241",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:apple:iphone_os:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:adobe:air:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "19.0.0.241",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2015-8653"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "AbdulAziz Hariri - HPE Zero Day Initiative",
"sources": [
{
"db": "ZDI",
"id": "ZDI-15-657"
}
],
"trust": 0.7
},
"cve": "CVE-2015-8653",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 9.3,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2015-8653",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "ZDI",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2015-8653",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "MEDIUM",
"trust": 0.7,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "VHN-86614",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2015-8653",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "ZDI",
"id": "CVE-2015-8653",
"trust": 0.7,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201603-035",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-86614",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2015-8653",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-15-657"
},
{
"db": "VULHUB",
"id": "VHN-86614"
},
{
"db": "VULMON",
"id": "CVE-2015-8653"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006962"
},
{
"db": "NVD",
"id": "CVE-2015-8653"
},
{
"db": "CNNVD",
"id": "CNNVD-201603-035"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Adobe Flash Player and Adobe AIR Use freed memory (Use-after-free) May allow arbitrary code execution vulnerabilities. This vulnerability CVE-2015-8048 , CVE-2015-8049 , CVE-2015-8050 , CVE-2015-8055 , CVE-2015-8056 , CVE-2015-8057 , CVE-2015-8058 , CVE-2015-8059 , CVE-2015-8061 , CVE-2015-8062 , CVE-2015-8063 , CVE-2015-8064 , CVE-2015-8065 , CVE-2015-8066 , CVE-2015-8067 , CVE-2015-8068 , CVE-2015-8069 , CVE-2015-8070 , CVE-2015-8071 , CVE-2015-8401 , CVE-2015-8402 , CVE-2015-8403 , CVE-2015-8404 , CVE-2015-8405 , CVE-2015-8406 , CVE-2015-8410 , CVE-2015-8411 , CVE-2015-8412 , CVE-2015-8413 , CVE-2015-8414 , CVE-2015-8420 , CVE-2015-8421 , CVE-2015-8422 , CVE-2015-8423 , CVE-2015-8424 , CVE-2015-8425 , CVE-2015-8426 , CVE-2015-8427 , CVE-2015-8428 , CVE-2015-8429 , CVE-2015-8430 , CVE-2015-8431 , CVE-2015-8432 , CVE-2015-8433 , CVE-2015-8434 , CVE-2015-8435 , CVE-2015-8436 , CVE-2015-8437 , CVE-2015-8441 , CVE-2015-8442 , CVE-2015-8447 , CVE-2015-8448 , CVE-2015-8449 , CVE-2015-8450 , CVE-2015-8452 , CVE-2015-8454 , CVE-2015-8655 , CVE-2015-8821 ,and CVE-2015-8822 Is a different vulnerability. Supplementary information : CWE Vulnerability type by CWE-416: Use-after-free ( Use of freed memory ) Has been identified. http://cwe.mitre.org/data/definitions/416.htmlCrafted by attackers MPEG-4 An arbitrary code may be executed via the data. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within MPEG-4 parsing. A specially crafted MP4 file can force a dangling pointer to be reused after it has been freed. Adobe Flash Player, Adobe AIR SDK and Adobe AIR SDK \u0026 Compiler are all products of American Adobe (Adobe). A use-after-free vulnerability exists in several Adobe products. The following products and versions are affected: Adobe Flash Player Desktop Runtime 19.0.0.245 and earlier versions based on Windows and Macintosh platforms and Adobe Flash Player Extended Support Release 18.0.0.261 and earlier versions, Adobe Flash based on Windows, Macintosh, Linux and ChromeOS platforms Player for Google Chrome 19.0.0.245 and earlier, Adobe Flash Player for Microsoft Edge and Internet Explorer 11 on Windows 10 19.0.0.245 and earlier, Adobe Flash Player for Internet Explorer 10 and 11 19.0 on Windows 8.0 and 8.1 .0.245 and earlier versions, Adobe Flash Player for Linux 11.2.202.548 and earlier versions based on Linux platforms, AIR Desktop Runtime 19.0.0.241 and earlier versions based on Windows and Macintosh platforms, AIR SDK based on Windows, Macintosh, Android and iOS platforms 19.0.0.241 and earlier versions and AIR SDK \u0026 Compiler 19.0.0",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-006962"
},
{
"db": "ZDI",
"id": "ZDI-15-657"
},
{
"db": "VULHUB",
"id": "VHN-86614"
}
],
"trust": 1.44
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-8653",
"trust": 3.3
},
{
"db": "ZDI",
"id": "ZDI-15-657",
"trust": 2.5
},
{
"db": "BID",
"id": "84162",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006962",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-3412",
"trust": 0.7
},
{
"db": "CNNVD",
"id": "CNNVD-201603-035",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-86614",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2015-8653",
"trust": 0.1
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-15-657"
},
{
"db": "VULHUB",
"id": "VHN-86614"
},
{
"db": "VULMON",
"id": "CVE-2015-8653"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006962"
},
{
"db": "NVD",
"id": "CVE-2015-8653"
},
{
"db": "CNNVD",
"id": "CNNVD-201603-035"
}
]
},
"id": "VAR-201603-0072",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-86614"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:06:07.208000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "APSB15-32",
"trust": 1.5,
"url": "https://helpx.adobe.com/security/products/flash-player/apsb15-32.html"
},
{
"title": "APSB15-32",
"trust": 0.8,
"url": "https://helpx.adobe.com/jp/security/products/flash-player/apsb15-32.html"
},
{
"title": "Google Chrome",
"trust": 0.8,
"url": "https://www.google.com/intl/ja/chrome/browser/features.html"
},
{
"title": "Stable Channel Update",
"trust": 0.8,
"url": "http://googlechromereleases.blogspot.jp/2015/12/stable-channel-update_8.html"
},
{
"title": "Stable Channel Update for Chrome OS",
"trust": 0.8,
"url": "http://googlechromereleases.blogspot.jp/2015/12/stable-channel-update-for-chrome-os_9.html"
},
{
"title": "Update for Vulnerabilities in Adobe Flash Player in Internet Explorer and Microsoft Edge (2755801)",
"trust": 0.8,
"url": "https://technet.microsoft.com/en-us/library/security/2755801"
},
{
"title": "Internet Explorer \u304a\u3088\u3073 Microsoft Edge \u4e0a\u306e Adobe Flash Player \u306e\u8106\u5f31\u6027\u306b\u5bfe\u5fdc\u3059\u308b\u66f4\u65b0\u30d7\u30ed\u30b0\u30e9\u30e0 (2755801)",
"trust": 0.8,
"url": "https://technet.microsoft.com/ja-jp/library/security/2755801"
},
{
"title": "\u30a2\u30c9\u30d3 \u30b7\u30b9\u30c6\u30e0\u30ba\u793e Adobe Flash Player \u306e\u8106\u5f31\u6027\u306b\u95a2\u3059\u308b\u304a\u77e5\u3089\u305b",
"trust": 0.8,
"url": "http://www.fmworld.net/biz/common/adobe/20151210f.html"
},
{
"title": "Multiple Adobe Remediation measures for reusing vulnerabilities after product release",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=60396"
},
{
"title": "Red Hat: Critical: flash-plugin security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20152593 - security advisory"
},
{
"title": "CVE-Study",
"trust": 0.1,
"url": "https://github.com/thdusdl1219/cve-study "
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-15-657"
},
{
"db": "VULMON",
"id": "CVE-2015-8653"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006962"
},
{
"db": "CNNVD",
"id": "CNNVD-201603-035"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-416",
"trust": 1.1
},
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-86614"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006962"
},
{
"db": "NVD",
"id": "CVE-2015-8653"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://helpx.adobe.com/security/products/flash-player/apsb15-32.html"
},
{
"trust": 1.8,
"url": "http://www.securityfocus.com/bid/84162"
},
{
"trust": 1.8,
"url": "http://www.zerodayinitiative.com/advisories/zdi-15-657"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-8653"
},
{
"trust": 0.8,
"url": "https://www.ipa.go.jp/security/ciadr/vul/20151209-adobeflashplayer.html"
},
{
"trust": 0.8,
"url": "https://www.jpcert.or.jp/at/2015/at150042.html"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-8653"
},
{
"trust": 0.8,
"url": "https://www.npa.go.jp/cyberpolice/topics/?seq=17283"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/416.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2015:2593"
},
{
"trust": 0.1,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=42571"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-15-657"
},
{
"db": "VULHUB",
"id": "VHN-86614"
},
{
"db": "VULMON",
"id": "CVE-2015-8653"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006962"
},
{
"db": "NVD",
"id": "CVE-2015-8653"
},
{
"db": "CNNVD",
"id": "CNNVD-201603-035"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-15-657"
},
{
"db": "VULHUB",
"id": "VHN-86614"
},
{
"db": "VULMON",
"id": "CVE-2015-8653"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006962"
},
{
"db": "NVD",
"id": "CVE-2015-8653"
},
{
"db": "CNNVD",
"id": "CNNVD-201603-035"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-03-02T00:00:00",
"db": "ZDI",
"id": "ZDI-15-657"
},
{
"date": "2016-03-04T00:00:00",
"db": "VULHUB",
"id": "VHN-86614"
},
{
"date": "2016-03-04T00:00:00",
"db": "VULMON",
"id": "CVE-2015-8653"
},
{
"date": "2016-03-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-006962"
},
{
"date": "2016-03-04T23:59:01.797000",
"db": "NVD",
"id": "CVE-2015-8653"
},
{
"date": "2016-03-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201603-035"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-03-02T00:00:00",
"db": "ZDI",
"id": "ZDI-15-657"
},
{
"date": "2023-01-30T00:00:00",
"db": "VULHUB",
"id": "VHN-86614"
},
{
"date": "2023-05-08T00:00:00",
"db": "VULMON",
"id": "CVE-2015-8653"
},
{
"date": "2016-03-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-006962"
},
{
"date": "2023-05-08T13:29:02.290000",
"db": "NVD",
"id": "CVE-2015-8653"
},
{
"date": "2023-02-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201603-035"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201603-035"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Adobe Flash Player and Adobe AIR Vulnerable to arbitrary code execution",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-006962"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201603-035"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.