CVE-2015-3113

Heap-based buffer overflow in Adobe Flash Player before 13.0.0.296 and 14.x through 18.x before 18.0.0.194 on Windows and OS X and before 11.2.202.468 on Linux allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in June 2015.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
adobeCNA
---
---
CVEADP
---
---
CISA-ADPADP
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 99%
VendorProductVersion
adobeflash_player
𝑥
< 13.0.0.296
adobeflash_player
14.0.0.125 ≤
𝑥
< 18.0.0.194
adobeflash_player
𝑥
< 11.2.202.468
opensuseevergreen
11.4
opensuseopensuse
13.1
opensuseopensuse
13.2
hpinsight_orchestration
𝑥
< 7.5.0
hpsystem_management_homepage
𝑥
< 7.5.0
hpsystems_insight_manager
𝑥
< 7.5
hpversion_control_agent
𝑥
< 7.5.0
hpversion_control_repository_manager
𝑥
< 7.5.0
hpversion_control_repository_manager
7.6
hpvirtual_connect_enterprise_manager
𝑥
< 7.5.0
redhatenterprise_linux_desktop
6.0
redhatenterprise_linux_eus
6.6
redhatenterprise_linux_server
6.0
redhatenterprise_linux_workstation
6.0
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
adobe-flashplugin
vivid
Fixed 1:20150623.1-0vivid1
released
utopic
Fixed 1:20150623.1-0utopic1
released
trusty
Fixed 1:20150623.1-0trusty1
released
precise
Fixed 1:20150623.1-0precise1
released
flashplugin-nonfree
vivid
Fixed 11.2.202.468ubuntu0.15.04.1
released
utopic
Fixed 11.2.202.468ubuntu0.14.10.1
released
trusty
Fixed 11.2.202.468ubuntu0.14.04.1
released
precise
Fixed 11.2.202.468ubuntu0.12.04.1
released
Common Weakness Enumeration
References
http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00020.html
http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00025.html
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00002.html
http://marc.info/?l=bugtraq&m=144050155601375&w=2
http://rhn.redhat.com/errata/RHSA-2015-1184.html
http://www.securityfocus.com/bid/75371
http://www.securitytracker.com/id/1032696
https://bugzilla.redhat.com/show_bug.cgi?id=1235036
https://bugzilla.suse.com/show_bug.cgi?id=935701
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04952467
https://helpx.adobe.com/security/products/flash-player/apsb15-14.html
https://security.gentoo.org/glsa/201507-13
https://www.suse.com/security/cve/CVE-2015-3113.html
http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00020.html
http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00025.html
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00002.html
http://marc.info/?l=bugtraq&m=144050155601375&w=2
http://rhn.redhat.com/errata/RHSA-2015-1184.html
http://www.securityfocus.com/bid/75371
http://www.securitytracker.com/id/1032696
https://bugzilla.redhat.com/show_bug.cgi?id=1235036
https://bugzilla.suse.com/show_bug.cgi?id=935701
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04952467
https://helpx.adobe.com/security/products/flash-player/apsb15-14.html
https://security.gentoo.org/glsa/201507-13
https://www.suse.com/security/cve/CVE-2015-3113.html