CVE-2015-3113
23.06.2015, 21:59
Heap-based buffer overflow in Adobe Flash Player before 13.0.0.296 and 14.x through 18.x before 18.0.0.194 on Windows and OS X and before 11.2.202.468 on Linux allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in June 2015.Enginsight
| Vendor | Product | Version |
|---|---|---|
| adobe | flash_player | 𝑥 < 13.0.0.296 |
| adobe | flash_player | 14.0.0.125 ≤ 𝑥 < 18.0.0.194 |
| adobe | flash_player | 𝑥 < 11.2.202.468 |
| opensuse | evergreen | 11.4 |
| opensuse | opensuse | 13.1 |
| opensuse | opensuse | 13.2 |
| hp | insight_orchestration | 𝑥 < 7.5.0 |
| hp | system_management_homepage | 𝑥 < 7.5.0 |
| hp | systems_insight_manager | 𝑥 < 7.5 |
| hp | version_control_agent | 𝑥 < 7.5.0 |
| hp | version_control_repository_manager | 𝑥 < 7.5.0 |
| hp | version_control_repository_manager | 7.6 |
| hp | virtual_connect_enterprise_manager | 𝑥 < 7.5.0 |
| redhat | enterprise_linux_desktop | 6.0 |
| redhat | enterprise_linux_eus | 6.6 |
| redhat | enterprise_linux_server | 6.0 |
| redhat | enterprise_linux_workstation | 6.0 |
𝑥
= Vulnerable software versions
Ubuntu Releases
Ubuntu Product | |||||||||
|---|---|---|---|---|---|---|---|---|---|
| adobe-flashplugin |
| ||||||||
| flashplugin-nonfree |
|
Common Weakness Enumeration
- CWE-787 - Out-of-bounds WriteThe software writes data past the end, or before the beginning, of the intended buffer.
- CWE-122 - Heap-based Buffer OverflowA heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().
References