← back
CVE-2015-3113

CVE-2015-3113

CVSS 7.8 HIGHEPSS 99.9%● KEVCWE-122
In short

Adobe Flash Player had a memory vulnerability that allowed attackers to run malicious code on your computer by opening a specially crafted file or visiting a malicious website. This was actively being exploited by criminals in June 2015.

Technical detail

A heap-based buffer overflow in Adobe Flash Player (versions before 13.0.0.296, 14.x-18.x before 18.0.0.194 on Windows/OS X, and before 11.2.202.468 on Linux) allowed remote code execution via unspecified vectors. The vulnerability was exploited in-the-wild and required user interaction (opening malicious content).

Summary generated and translated by AI from the official description.
Heap-based buffer overflow in Adobe Flash Player before 13.0.0.296 and 14.x through 18.x before 18.0.0.194 on Windows and OS X and before 11.2.202.468 on Linux allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in June 2015.
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected products
n/a · n/a
public PoCs found1
exploitdbwww.exploit-db.com/exploits/37536unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00020.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-06/msg00025.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-07/msg00002.htmlhttp://marc.info/?l=bugtraq&m=144050155601375&w=2http://rhn.redhat.com/errata/RHSA-2015-1184.htmlhttps://bugzilla.redhat.com/show_bug.cgi?id=1235036https://bugzilla.suse.com/show_bug.cgi?id=935701https://github.com/cisagov/vulnrichment/issues/196https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04952467https://helpx.adobe.com/security/products/flash-player/apsb15-14.htmlhttps://security.gentoo.org/glsa/201507-13https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2015-3113