CVE-2015-3043
CVE-2015-3043
In short
Adobe Flash Player had a memory corruption flaw that allowed attackers to run malicious code or crash the application. This vulnerability was actively exploited in the wild in April 2015, affecting millions of users.
Technical detail
Out-of-bounds write vulnerability (CWE-787) in Adobe Flash Player on Windows, OS X, and Linux enabling arbitrary code execution or denial of service through unspecified attack vectors. The flaw was exploited in the wild prior to patch releases 13.0.0.281, 17.0.0.169, and 11.2.202.457 across respective platforms.
Summary generated and translated by AI from the official description.
Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, as exploited in the wild in April 2015, a different vulnerability than CVE-2015-0347, CVE-2015-0350, CVE-2015-0352, CVE-2015-0353, CVE-2015-0354, CVE-2015-0355, CVE-2015-0360, CVE-2015-3038, CVE-2015-3041, and CVE-2015-3042.
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected products
n/a · n/apublic PoCs found — 3
githubgithub.com/whitehairman/Exploit★ 0cve_referencewww.exploit-db.com/exploits/37536/unverifiedexploitdbwww.exploit-db.com/exploits/37536unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00010.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-04/msg00011.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-04/msg00012.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-04/msg00013.htmlhttp://rhn.redhat.com/errata/RHSA-2015-0813.htmlhttps://github.com/cisagov/vulnrichment/issues/196https://helpx.adobe.com/security/products/flash-player/apsb15-06.htmlhttps://security.gentoo.org/glsa/201504-07https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2015-3043https://www.exploit-db.com/exploits/37536/http://www.securityfocus.com/bid/74062http://www.securitytracker.com/id/1032105