| Severity | Critical |
| Patch available | YES |
| Number of vulnerabilities | 17 |
| CVE ID | CVE-2015-0328 CVE-2015-0326 CVE-2015-0325 CVE-2015-0324 CVE-2015-0327 CVE-2015-0323 CVE-2015-0317 CVE-2015-0330 CVE-2015-0329 CVE-2015-0321 CVE-2015-0318 CVE-2015-0316 CVE-2015-0314 CVE-2015-0331 CVE-2015-0320 CVE-2015-0315 CVE-2015-0313 |
| CWE ID | CWE-476 CWE-119 CWE-122 CWE-843 CWE-416 |
| Exploitation vector | Network |
| Public exploit |
Public exploit code for vulnerability #11 is available. Public exploit code for vulnerability #15 is available. Vulnerability #17 is being exploited in the wild. |
| Vulnerable software |
Adobe Flash Player for Linux Subscribe
Adobe Flash Player Extended Support Release Adobe Flash Player |
| Vendor | Adobe |
Severity: Low
CVSSv3: 3.8 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2015-0328
CWE-ID:
CWE-476 - NULL Pointer Dereference
The vulnerability allows a remote attacker to cause DoS conditions on the target system.
The weakness exists due to NULL pointer dereference when processing .swf content. A remote attacker can create a specially crafted Web site, trick the victim into visiting it and cause the application to crash.
MitigationInstall update from vendor's website.
Adobe Flash Player for Linux: 11.2.202.440, 11.2.202.442
Adobe Flash Player Extended Support Release: 13.0.0.264, 13.0.0.269
Adobe Flash Player: 16.0.0.296, 16.0.0.305
CPEhttps://helpx.adobe.com/security/products/flash-player/apsb15-04.html
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
Severity: Low
CVSSv3: 3.8 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2015-0326
CWE-ID:
CWE-476 - NULL Pointer Dereference
The vulnerability allows a remote attacker to cause DoS conditions on the target system.
The weakness exists due to NULL pointer dereference when processing .swf content. A remote attacker can create a specially crafted Web site, trick the victim into visiting it and cause the application to crash.
Install update from vendor's website.
Adobe Flash Player for Linux: 11.2.202.440, 11.2.202.442
Adobe Flash Player Extended Support Release: 13.0.0.264, 13.0.0.269
Adobe Flash Player: 16.0.0.296, 16.0.0.305
CPEhttps://helpx.adobe.com/security/products/flash-player/apsb15-04.html
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
Severity: Low
CVSSv3: 3.8 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2015-0325
CWE-ID:
CWE-476 - NULL Pointer Dereference
The vulnerability allows a remote attacker to cause DoS conditions on the target system.
The weakness exists due to NULL pointer dereference when processing .swf content. A remote attacker can create a specially crafted Web site, trick the victim into visiting it and cause the application to crash.
Install update from vendor's website.
Adobe Flash Player for Linux: 11.2.202.440, 11.2.202.442
Adobe Flash Player Extended Support Release: 13.0.0.264, 13.0.0.269
Adobe Flash Player: 16.0.0.296, 16.0.0.305
CPEhttps://helpx.adobe.com/security/products/flash-player/apsb15-04.html
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
Severity: High
CVSSv3: 8.3 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]
CVE-ID: CVE-2015-0324
CWE-ID:
CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to buffer overflow when processing .swf content. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation results in arbitrary code execution on the vulnerable system.
MitigationInstall update from vendor's website.
Adobe Flash Player for Linux: 11.2.202.440, 11.2.202.442
Adobe Flash Player Extended Support Release: 13.0.0.264, 13.0.0.269
Adobe Flash Player: 16.0.0.296, 16.0.0.305
CPEhttps://helpx.adobe.com/security/products/flash-player/apsb15-04.html
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
Severity: High
CVSSv3: 8.3 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]
CVE-ID: CVE-2015-0327
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to heap-based buffer overflow when processing .swf content. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation results in arbitrary code execution on the vulnerable system.
MitigationInstall update from vendor's website.
Adobe Flash Player for Linux: 11.2.202.440, 11.2.202.442
Adobe Flash Player Extended Support Release: 13.0.0.264, 13.0.0.269
Adobe Flash Player: 16.0.0.296, 16.0.0.305
CPEhttps://helpx.adobe.com/security/products/flash-player/apsb15-04.html
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
Severity: High
CVSSv3: 8.3 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]
CVE-ID: CVE-2015-0323
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to heap-based buffer overflow when processing .swf content. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation results in arbitrary code execution on the vulnerable system.
MitigationInstall update from vendor's website.
Adobe Flash Player for Linux: 11.2.202.440, 11.2.202.442
Adobe Flash Player Extended Support Release: 13.0.0.264, 13.0.0.269
Adobe Flash Player: 16.0.0.296, 16.0.0.305
CPEhttps://helpx.adobe.com/security/products/flash-player/apsb15-04.html
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
Severity: High
CVSSv3: 8.3 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]
CVE-ID: CVE-2015-0317
CWE-ID:
CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion')
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to type confusion error when processing .swf content. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation results in arbitrary code execution on the vulnerable system.
MitigationInstall update from vendor's website.
Adobe Flash Player for Linux: 11.2.202.440, 11.2.202.442
Adobe Flash Player Extended Support Release: 13.0.0.264, 13.0.0.269
Adobe Flash Player: 16.0.0.296, 16.0.0.305
CPEhttps://helpx.adobe.com/security/products/flash-player/apsb15-04.html
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
Severity: High
CVSSv3: 8.3 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]
CVE-ID: CVE-2015-0330
CWE-ID:
CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to boundary error when processing .swf content. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation results in arbitrary code execution on the vulnerable system.
MitigationInstall update from vendor's website.
Adobe Flash Player for Linux: 11.2.202.440, 11.2.202.442
Adobe Flash Player Extended Support Release: 13.0.0.264, 13.0.0.269
Adobe Flash Player: 16.0.0.296, 16.0.0.305
CPEhttps://helpx.adobe.com/security/products/flash-player/apsb15-04.html
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
Severity: High
CVSSv3: 8.3 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]
CVE-ID: CVE-2015-0329
CWE-ID:
CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to boundary error when processing .swf content. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation results in arbitrary code execution on the vulnerable system.
MitigationInstall update from vendor's website.
Adobe Flash Player for Linux: 11.2.202.440, 11.2.202.442
Adobe Flash Player Extended Support Release: 13.0.0.264, 13.0.0.269
Adobe Flash Player: 16.0.0.296, 16.0.0.305
CPEhttps://helpx.adobe.com/security/products/flash-player/apsb15-04.html
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
Severity: High
CVSSv3: 8.3 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]
CVE-ID: CVE-2015-0321
CWE-ID:
CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to boundary error when processing .swf content. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation results in arbitrary code execution on the vulnerable system.
MitigationInstall update from vendor's website.
Adobe Flash Player for Linux: 11.2.202.440, 11.2.202.442
Adobe Flash Player Extended Support Release: 13.0.0.264, 13.0.0.269
Adobe Flash Player: 16.0.0.296, 16.0.0.305
CPEhttps://helpx.adobe.com/security/products/flash-player/apsb15-04.html
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
Severity: High
CVSSv3: 8.9 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:F/RL:O/RC:C] [PCI]
CVE-ID: CVE-2015-0318
CWE-ID:
CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to boundary error when processing .swf content. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation results in arbitrary code execution on the vulnerable system.
MitigationInstall update from vendor's website.
Adobe Flash Player for Linux: 11.2.202.440, 11.2.202.442
Adobe Flash Player Extended Support Release: 13.0.0.264, 13.0.0.269
Adobe Flash Player: 16.0.0.296, 16.0.0.305
CPEhttps://helpx.adobe.com/security/products/flash-player/apsb15-04.html
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, a fully functional exploit for this vulnerability is available.
Severity: High
CVSSv3: 8.3 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]
CVE-ID: CVE-2015-0316
CWE-ID:
CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to boundary error when processing .swf content. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation results in arbitrary code execution on the vulnerable system.
MitigationInstall update from vendor's website.
Adobe Flash Player for Linux: 11.2.202.440, 11.2.202.442
Adobe Flash Player Extended Support Release: 13.0.0.264, 13.0.0.269
Adobe Flash Player: 16.0.0.296, 16.0.0.305
CPEhttps://helpx.adobe.com/security/products/flash-player/apsb15-04.html
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
Severity: High
CVSSv3: 8.3 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]
CVE-ID: CVE-2015-0314
CWE-ID:
CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to boundary error. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation results in arbitrary code execution on the vulnerable system.
MitigationInstall update from vendor's website.
Adobe Flash Player for Linux: 11.2.202.440, 11.2.202.442
Adobe Flash Player Extended Support Release: 13.0.0.264, 13.0.0.269
Adobe Flash Player: 16.0.0.296, 16.0.0.305
CPEhttps://helpx.adobe.com/security/products/flash-player/apsb15-04.html
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
Severity: High
CVSSv3: 8.3 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]
CVE-ID: CVE-2015-0331
CWE-ID:
CWE-416 - Use After Free
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to use-after-free error when processing .swf content. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation results in arbitrary code execution on the vulnerable system.
MitigationInstall update from vendor's website.
Adobe Flash Player for Linux: 11.2.202.440, 11.2.202.442
Adobe Flash Player Extended Support Release: 13.0.0.264, 13.0.0.269
Adobe Flash Player: 16.0.0.296, 16.0.0.305
CPEhttps://helpx.adobe.com/security/products/flash-player/apsb15-04.html
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
Severity: High
CVSSv3: 8.9 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:F/RL:O/RC:C] [PCI]
CVE-ID: CVE-2015-0320
CWE-ID:
CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to use-after-free error. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation results in arbitrary code execution on the vulnerable system.
MitigationInstall update from vendor's website.
Adobe Flash Player for Linux: 11.2.202.440, 11.2.202.442
Adobe Flash Player Extended Support Release: 13.0.0.264, 13.0.0.269
Adobe Flash Player: 16.0.0.296, 16.0.0.305
CPEhttps://helpx.adobe.com/security/products/flash-player/apsb15-04.html
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, a fully functional exploit for this vulnerability is available.
Severity: High
CVSSv3: 8.3 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]
CVE-ID: CVE-2015-0315
CWE-ID:
CWE-416 - Use After Free
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to use-after-free error when processing .swf content. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation results in arbitrary code execution on the vulnerable system.
MitigationInstall update from vendor's website.
Adobe Flash Player for Linux: 11.2.202.440, 11.2.202.442
Adobe Flash Player Extended Support Release: 13.0.0.264, 13.0.0.269
Adobe Flash Player: 16.0.0.296, 16.0.0.305
CPEhttps://helpx.adobe.com/security/products/flash-player/apsb15-04.html
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
Severity: Critical
CVSSv3: 8.9 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:F/RL:O/RC:C] [PCI]
CVE-ID: CVE-2015-0313
CWE-ID:
CWE-416 - Use After Free
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to use-after-free error when processing .swf content. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation results in arbitrary code execution on the vulnerable system.
Note: the vulnerability was being actively exploited.
MitigationInstall update from vendor's website.
Adobe Flash Player for Linux: 11.2.202.440, 11.2.202.442
Adobe Flash Player Extended Support Release: 13.0.0.264, 13.0.0.269
Adobe Flash Player: 16.0.0.296, 16.0.0.305
CPEhttps://helpx.adobe.com/security/products/flash-player/apsb15-04.html
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, a fully functional exploit for this vulnerability is available.