Multiple vulnerabilities in Adobe Flash Player
| Risk | Critical |
| Patch available | YES |
| Number of vulnerabilities | 17 |
| CVE-ID | CVE-2015-0328 CVE-2015-0326 CVE-2015-0325 CVE-2015-0324 CVE-2015-0327 CVE-2015-0323 CVE-2015-0317 CVE-2015-0330 CVE-2015-0329 CVE-2015-0321 CVE-2015-0318 CVE-2015-0316 CVE-2015-0314 CVE-2015-0331 CVE-2015-0320 CVE-2015-0315 CVE-2015-0313 |
| CWE-ID | CWE-476 CWE-119 CWE-122 CWE-843 CWE-416 |
| Exploitation vector | Network |
| Public exploit |
Vulnerability #11 is being exploited in the wild. Public exploit code for vulnerability #15 is available. Vulnerability #17 is being exploited in the wild. |
| Vulnerable software Subscribe |
Adobe Flash Player for Linux Client/Desktop applications / Multimedia software Adobe Flash Player Extended Support Release Client/Desktop applications / Multimedia software Adobe Flash Player Client/Desktop applications / Plugins for browsers, ActiveX components |
| Vendor | Adobe |
Security Bulletin
This security bulletin contains information about 17 vulnerabilities.
1) Null pointer dereference
EUVDB-ID: #VU5462
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2015-0328
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS conditions on the target system.
The weakness exists due to NULL pointer dereference when processing .swf content. A remote attacker can create a specially crafted Web site, trick the victim into visiting it and cause the application to crash.
MitigationInstall update from vendor's website.
Adobe Flash Player for Linux: 11.2.202.440 - 11.2.202.442
Adobe Flash Player Extended Support Release: 13.0.0.264 - 13.0.0.269
Adobe Flash Player: 16.0.0.296 - 16.0.0.305
External linkshttp://helpx.adobe.com/security/products/flash-player/apsb15-04.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Null pointer dereference
EUVDB-ID: #VU5461
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2015-0326
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS conditions on the target system.
The weakness exists due to NULL pointer dereference when processing .swf content. A remote attacker can create a specially crafted Web site, trick the victim into visiting it and cause the application to crash.
Install update from vendor's website.
Adobe Flash Player for Linux: 11.2.202.440 - 11.2.202.442
Adobe Flash Player Extended Support Release: 13.0.0.264 - 13.0.0.269
Adobe Flash Player: 16.0.0.296 - 16.0.0.305
External linkshttp://helpx.adobe.com/security/products/flash-player/apsb15-04.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Null pointer dereference
EUVDB-ID: #VU5460
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2015-0325
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS conditions on the target system.
The weakness exists due to NULL pointer dereference when processing .swf content. A remote attacker can create a specially crafted Web site, trick the victim into visiting it and cause the application to crash.
Install update from vendor's website.
Adobe Flash Player for Linux: 11.2.202.440 - 11.2.202.442
Adobe Flash Player Extended Support Release: 13.0.0.264 - 13.0.0.269
Adobe Flash Player: 16.0.0.296 - 16.0.0.305
External linkshttp://helpx.adobe.com/security/products/flash-player/apsb15-04.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Buffer overflow
EUVDB-ID: #VU5459
Risk: High
CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2015-0324
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to buffer overflow when processing .swf content. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation results in arbitrary code execution on the vulnerable system.
MitigationInstall update from vendor's website.
Adobe Flash Player for Linux: 11.2.202.440 - 11.2.202.442
Adobe Flash Player Extended Support Release: 13.0.0.264 - 13.0.0.269
Adobe Flash Player: 16.0.0.296 - 16.0.0.305
External linkshttp://helpx.adobe.com/security/products/flash-player/apsb15-04.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Heap-based buffer overflow
EUVDB-ID: #VU5458
Risk: High
CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2015-0327
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to heap-based buffer overflow when processing .swf content. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation results in arbitrary code execution on the vulnerable system.
MitigationInstall update from vendor's website.
Adobe Flash Player for Linux: 11.2.202.440 - 11.2.202.442
Adobe Flash Player Extended Support Release: 13.0.0.264 - 13.0.0.269
Adobe Flash Player: 16.0.0.296 - 16.0.0.305
External linkshttp://helpx.adobe.com/security/products/flash-player/apsb15-04.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Heap-based buffer overflow
EUVDB-ID: #VU5457
Risk: High
CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2015-0323
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to heap-based buffer overflow when processing .swf content. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation results in arbitrary code execution on the vulnerable system.
MitigationInstall update from vendor's website.
Adobe Flash Player for Linux: 11.2.202.440 - 11.2.202.442
Adobe Flash Player Extended Support Release: 13.0.0.264 - 13.0.0.269
Adobe Flash Player: 16.0.0.296 - 16.0.0.305
External linkshttp://helpx.adobe.com/security/products/flash-player/apsb15-04.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Type confusion
EUVDB-ID: #VU5456
Risk: High
CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2015-0317
CWE-ID:
CWE-843 - Type confusion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to type confusion error when processing .swf content. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation results in arbitrary code execution on the vulnerable system.
MitigationInstall update from vendor's website.
Adobe Flash Player for Linux: 11.2.202.440 - 11.2.202.442
Adobe Flash Player Extended Support Release: 13.0.0.264 - 13.0.0.269
Adobe Flash Player: 16.0.0.296 - 16.0.0.305
External linkshttp://helpx.adobe.com/security/products/flash-player/apsb15-04.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Memory corruption
EUVDB-ID: #VU5455
Risk: High
CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2015-0330
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to boundary error when processing .swf content. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation results in arbitrary code execution on the vulnerable system.
MitigationInstall update from vendor's website.
Adobe Flash Player for Linux: 11.2.202.440 - 11.2.202.442
Adobe Flash Player Extended Support Release: 13.0.0.264 - 13.0.0.269
Adobe Flash Player: 16.0.0.296 - 16.0.0.305
External linkshttp://helpx.adobe.com/security/products/flash-player/apsb15-04.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Memory corruption
EUVDB-ID: #VU5454
Risk: High
CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2015-0329
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to boundary error when processing .swf content. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation results in arbitrary code execution on the vulnerable system.
MitigationInstall update from vendor's website.
Adobe Flash Player for Linux: 11.2.202.440 - 11.2.202.442
Adobe Flash Player Extended Support Release: 13.0.0.264 - 13.0.0.269
Adobe Flash Player: 16.0.0.296 - 16.0.0.305
External linkshttp://helpx.adobe.com/security/products/flash-player/apsb15-04.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Memory corruption
EUVDB-ID: #VU5453
Risk: High
CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2015-0321
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to boundary error when processing .swf content. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation results in arbitrary code execution on the vulnerable system.
MitigationInstall update from vendor's website.
Adobe Flash Player for Linux: 11.2.202.440 - 11.2.202.442
Adobe Flash Player Extended Support Release: 13.0.0.264 - 13.0.0.269
Adobe Flash Player: 16.0.0.296 - 16.0.0.305
External linkshttp://helpx.adobe.com/security/products/flash-player/apsb15-04.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Memory corruption
EUVDB-ID: #VU5452
Risk: High
CVSSv3.1: 9.2 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:H/RL:O/RC:C]
CVE-ID: CVE-2015-0318
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to boundary error when processing .swf content. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation results in arbitrary code execution on the vulnerable system.
MitigationInstall update from vendor's website.
Adobe Flash Player for Linux: 11.2.202.440 - 11.2.202.442
Adobe Flash Player Extended Support Release: 13.0.0.264 - 13.0.0.269
Adobe Flash Player: 16.0.0.296 - 16.0.0.305
External linkshttp://helpx.adobe.com/security/products/flash-player/apsb15-04.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
12) Memory corruption
EUVDB-ID: #VU5451
Risk: High
CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2015-0316
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to boundary error when processing .swf content. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation results in arbitrary code execution on the vulnerable system.
MitigationInstall update from vendor's website.
Adobe Flash Player for Linux: 11.2.202.440 - 11.2.202.442
Adobe Flash Player Extended Support Release: 13.0.0.264 - 13.0.0.269
Adobe Flash Player: 16.0.0.296 - 16.0.0.305
External linkshttp://helpx.adobe.com/security/products/flash-player/apsb15-04.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Memory corruption
EUVDB-ID: #VU5450
Risk: High
CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2015-0314
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to boundary error. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation results in arbitrary code execution on the vulnerable system.
MitigationInstall update from vendor's website.
Adobe Flash Player for Linux: 11.2.202.440 - 11.2.202.442
Adobe Flash Player Extended Support Release: 13.0.0.264 - 13.0.0.269
Adobe Flash Player: 16.0.0.296 - 16.0.0.305
External linkshttp://helpx.adobe.com/security/products/flash-player/apsb15-04.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Use-after-free error
EUVDB-ID: #VU5448
Risk: High
CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2015-0331
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to use-after-free error when processing .swf content. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation results in arbitrary code execution on the vulnerable system.
MitigationInstall update from vendor's website.
Adobe Flash Player for Linux: 11.2.202.440 - 11.2.202.442
Adobe Flash Player Extended Support Release: 13.0.0.264 - 13.0.0.269
Adobe Flash Player: 16.0.0.296 - 16.0.0.305
External linkshttp://helpx.adobe.com/security/products/flash-player/apsb15-04.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) “Use-after-free” error
EUVDB-ID: #VU5447
Risk: High
CVSSv3.1: 8.9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:F/RL:O/RC:C]
CVE-ID: CVE-2015-0320
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to use-after-free error. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation results in arbitrary code execution on the vulnerable system.
MitigationInstall update from vendor's website.
Adobe Flash Player for Linux: 11.2.202.440 - 11.2.202.442
Adobe Flash Player Extended Support Release: 13.0.0.264 - 13.0.0.269
Adobe Flash Player: 16.0.0.296 - 16.0.0.305
External linkshttp://helpx.adobe.com/security/products/flash-player/apsb15-04.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, a fully functional exploit for this vulnerability is available.
16) Use-after-free error
EUVDB-ID: #VU5446
Risk: High
CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2015-0315
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to use-after-free error when processing .swf content. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation results in arbitrary code execution on the vulnerable system.
MitigationInstall update from vendor's website.
Adobe Flash Player for Linux: 11.2.202.440 - 11.2.202.442
Adobe Flash Player Extended Support Release: 13.0.0.264 - 13.0.0.269
Adobe Flash Player: 16.0.0.296 - 16.0.0.305
External linkshttp://helpx.adobe.com/security/products/flash-player/apsb15-04.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Use-after-free error
EUVDB-ID: #VU5445
Risk: Critical
CVSSv3.1: 9.2 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:H/RL:O/RC:C]
CVE-ID: CVE-2015-0313
CWE-ID:
CWE-416 - Use After Free
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to use-after-free error when processing .swf content. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation results in arbitrary code execution on the vulnerable system.
Note: the vulnerability was being actively exploited.
MitigationInstall update from vendor's website.
Adobe Flash Player for Linux: 11.2.202.440 - 11.2.202.442
Adobe Flash Player Extended Support Release: 13.0.0.264 - 13.0.0.269
Adobe Flash Player: 16.0.0.296 - 16.0.0.305
External linkshttp://helpx.adobe.com/security/products/flash-player/apsb15-04.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
