CVE-2015-3107
Summary
| CVE | CVE-2015-3107 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2015-06-10 01:59:00 UTC |
| Updated | 2017-09-17 01:29:00 UTC |
| Description | Use-after-free vulnerability in Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160 on Windows and OS X and before 11.2.202.466 on Linux, Adobe AIR before 18.0.0.144 on Windows and before 18.0.0.143 on OS X and Android, Adobe AIR SDK before 18.0.0.144 on Windows and before 18.0.0.143 on OS X, and Adobe AIR SDK & Compiler before 18.0.0.144 on Windows and before 18.0.0.143 on OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-3103 and CVE-2015-3106. |
Risk And Classification
Problem Types: NVD-CWE-Other | CWE-416
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Adobe | Air | All | All | All | All |
| Application | Adobe | Air | All | All | All | All |
| Application | Adobe | Air Sdk | All | All | All | All |
| Application | Adobe | Air Sdk Compiler | All | All | All | All |
| Application | Adobe | Air Sdk Compiler | All | All | All | All |
| Application | Adobe | Flash Player | 14.0.0.125 | All | All | All |
| Application | Adobe | Flash Player | 14.0.0.145 | All | All | All |
| Application | Adobe | Flash Player | 14.0.0.176 | All | All | All |
| Application | Adobe | Flash Player | 14.0.0.179 | All | All | All |
| Application | Adobe | Flash Player | 15.0.0.152 | All | All | All |
| Application | Adobe | Flash Player | 15.0.0.167 | All | All | All |
| Application | Adobe | Flash Player | 15.0.0.189 | All | All | All |
| Application | Adobe | Flash Player | 15.0.0.223 | All | All | All |
| Application | Adobe | Flash Player | 15.0.0.239 | All | All | All |
| Application | Adobe | Flash Player | 15.0.0.246 | All | All | All |
| Application | Adobe | Flash Player | 16.0.0.235 | All | All | All |
| Application | Adobe | Flash Player | 16.0.0.257 | All | All | All |
| Application | Adobe | Flash Player | 16.0.0.287 | All | All | All |
| Application | Adobe | Flash Player | 16.0.0.296 | All | All | All |
| Application | Adobe | Flash Player | 17.0.0.134 | All | All | All |
| Application | Adobe | Flash Player | 17.0.0.169 | All | All | All |
| Application | Adobe | Flash Player | 17.0.0.188 | All | All | All |
| Application | Adobe | Flash Player | 14.0.0.125 | All | All | All |
| Application | Adobe | Flash Player | 14.0.0.145 | All | All | All |
| Application | Adobe | Flash Player | 14.0.0.176 | All | All | All |
| Application | Adobe | Flash Player | 14.0.0.179 | All | All | All |
| Application | Adobe | Flash Player | 15.0.0.152 | All | All | All |
| Application | Adobe | Flash Player | 15.0.0.167 | All | All | All |
| Application | Adobe | Flash Player | 15.0.0.189 | All | All | All |
| Application | Adobe | Flash Player | 15.0.0.223 | All | All | All |
| Application | Adobe | Flash Player | 15.0.0.239 | All | All | All |
| Application | Adobe | Flash Player | 15.0.0.246 | All | All | All |
| Application | Adobe | Flash Player | 16.0.0.235 | All | All | All |
| Application | Adobe | Flash Player | 16.0.0.257 | All | All | All |
| Application | Adobe | Flash Player | 16.0.0.287 | All | All | All |
| Application | Adobe | Flash Player | 16.0.0.296 | All | All | All |
| Application | Adobe | Flash Player | 17.0.0.134 | All | All | All |
| Application | Adobe | Flash Player | 17.0.0.169 | All | All | All |
| Application | Adobe | Flash Player | 17.0.0.188 | All | All | All |
| Application | Adobe | Flash Player | All | All | All | All |
| Application | Adobe | Flash Player | All | All | All | All |
| Operating System | Apple | Mac Os X | - | All | All | All |
| Operating System | Apple | Mac Os X | - | All | All | All |
| Operating System | Android | All | All | All | All | |
| Operating System | Android | All | All | All | All | |
| Operating System | Linux | Linux Kernel | - | All | All | All |
| Operating System | Linux | Linux Kernel | - | All | All | All |
| Operating System | Microsoft | Windows | - | All | All | All |
| Operating System | Microsoft | Windows | - | All | All | All |
| Operating System | Opensuse | Evergreen | 11.4 | All | All | All |
| Operating System | Opensuse | Evergreen | 11.4 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Red Hat Customer Portal | REDHAT | rhn.redhat.com | |
| Adobe Flash - NetConnection.connect Use-After-Free - Multiple dos Exploit | EXPLOIT-DB | www.exploit-db.com | |
| [security-announce] openSUSE-SU-2015:1781-1: critical: Security update f | SUSE | lists.opensuse.org | Third Party Advisory |
| Adobe Flash Player: Multiple vulnerabilities (GLSA 201506-01) — Gentoo security | GENTOO | security.gentoo.org | |
| Adobe Security Bulletin | CONFIRM | helpx.adobe.com | Patch, Vendor Advisory |
| Gentoo Security | GENTOO | security.gentoo.org | |
| [security-announce] openSUSE-SU-2015:1061-1: important: Security update | SUSE | lists.opensuse.org | |
| [security-announce] openSUSE-SU-2015:1047-1: important: Security update | SUSE | lists.opensuse.org | |
| Adobe Flash Player and AIR Multiple Unspecified Remote Code Execution Vulnerabilities | BID | www.securityfocus.com | Third Party Advisory, VDB Entry |
| [security-announce] SUSE-SU-2015:1043-1: important: Security update for | SUSE | lists.opensuse.org | |
| Adobe Flash Player Multiple Bugs Let Remote Users Bypass ASLR, Obtain Potentially Sensitive Information, and Execute Arbitrary Code - SecurityTracker | SECTRACK | www.securitytracker.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.