CVE-2015-0310
CVE-2015-0310
In short
Adobe Flash Player fails to properly hide memory addresses, allowing attackers to bypass ASLR (a security protection that randomizes where programs load in memory). This makes it easier for attackers to exploit other vulnerabilities in Flash.
Technical detail
The vulnerability stems from improper memory address disclosure in affected Flash Player versions, enabling ASLR bypass on Windows and unspecified impacts on OS X and Linux. Exploitation requires unknown attack vectors and was actively leveraged in-the-wild campaigns in January 2015.
Summary generated and translated by AI from the official description.
Adobe Flash Player before 13.0.0.262 and 14.x through 16.x before 16.0.0.287 on Windows and OS X and before 11.2.202.438 on Linux does not properly restrict discovery of memory addresses, which allows attackers to bypass the ASLR protection mechanism on Windows, and have an unspecified impact on other platforms, via unknown vectors, as exploited in the wild in January 2015.
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected products
n/a · n/aWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://helpx.adobe.com/security/products/flash-player/apsb15-02.htmlhttp://secunia.com/advisories/62452http://secunia.com/advisories/62601http://secunia.com/advisories/62660http://secunia.com/advisories/62740http://security.gentoo.org/glsa/glsa-201502-02.xmlhttps://github.com/cisagov/vulnrichment/issues/196https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2015-0310http://www.securityfocus.com/bid/72261http://www.securitytracker.com/id/1031609