Vulnerability Name:

CVE-2015-0310 (CCN-100236)

Assigned:2014-12-01
Published:2015-01-14
Updated:2015-11-13
Summary:Adobe Flash Player before 13.0.0.262 and 14.x through 16.x before 16.0.0.287 on Windows and OS X and before 11.2.202.438 on Linux does not properly restrict discovery of memory addresses, which allows attackers to bypass the ASLR protection mechanism on Windows, and have an unspecified impact on other platforms, via unknown vectors, as exploited in the wild in January 2015.
CVSS v3 Severity:7.5 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): None
Availibility (A): None
CVSS v2 Severity:10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
7.4 High (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
7.1 High (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:N/A:N)
5.3 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:N/A:N/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): None
Availibility (A): None
Vulnerability Type:CWE-264
Vulnerability Consequences:Bypass Security
References:Source: MITRE
Type: CNA
CVE-2015-0310

Source: CCN
Type: Adobe Security Bulletin APSB15-02
Security updates available for Adobe Flash Player

Source: CONFIRM
Type: Patch, Vendor Advisory
http://helpx.adobe.com/security/products/flash-player/apsb15-02.html

Source: CCN
Type: Malware don't need Coffee Web site
Unpatched Vulnerability (0day) in Flash Player is being exploited by Angler EK

Source: CCN
Type: RHSA-2015-0094
Critical: flash-plugin security update

Source: SECUNIA
Type: UNKNOWN
62452

Source: SECUNIA
Type: UNKNOWN
62601

Source: SECUNIA
Type: UNKNOWN
62660

Source: SECUNIA
Type: UNKNOWN
62740

Source: GENTOO
Type: UNKNOWN
GLSA-201502-02

Source: CCN
Type: Adobe Web site
Flash Player

Source: BID
Type: UNKNOWN
72261

Source: CCN
Type: BID-72261
Adobe Flash Player CVE-2015-0310 Unspecified Memory Corruption Vulnerability

Source: SECTRACK
Type: UNKNOWN
1031609

Source: XF
Type: UNKNOWN
adobe-flash-player-cve20150310-sec-bypass(100236)

Source: CCN
Type: Microsoft Security Advisory 2755801
Update for Vulnerabilities in Adobe Flash Player in Internet Explorer

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2015-0310

Vulnerable Configuration:Configuration 1:
  • cpe:/a:adobe:flash_player:*:*:*:*:*:*:*:* (Version <= 11.2.202.429)
  • AND
  • cpe:/o:linux:linux_kernel:-:*:*:*:*:*:*:*

    • Configuration 2:
  • cpe:/a:adobe:flash_player:*:*:*:*:*:*:*:* (Version <= 13.0.0.260)
  • OR cpe:/a:adobe:flash_player:14.0.0.125:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:flash_player:14.0.0.145:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:flash_player:14.0.0.176:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:flash_player:14.0.0.179:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:flash_player:15.0.0.152:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:flash_player:15.0.0.167:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:flash_player:15.0.0.189:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:flash_player:15.0.0.223:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:flash_player:15.0.0.239:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:flash_player:15.0.0.246:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:flash_player:16.0.0.235:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:flash_player:16.0.0.257:*:*:*:*:*:*:*
  • AND
  • cpe:/o:apple:mac_os_x:-:*:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows:-:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:adobe:flash_player:16.0.0.257:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:flash_player:13.0.0.260:*:*:*:*:*:*:*
  • AND
  • cpe:/o:redhat:enterprise_linux_server_supplementary:6:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux_workstation_supplementary:6:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux_desktop_supplementary:6:*:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_8:::~~~~x64~:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_server_2012:*:*:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_8:-:*:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_rt:-:*:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_8.1:-:-:-:*:-:-:x32:*
  • OR cpe:/o:microsoft:windows_8.1:::~~~~x64~:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:52002
    P
    		Security update for haproxy (Critical)
    2023-02-14
    oval:org.opensuse.security:def:5302
    P
    		Security update for postgresql12 (Important) (in QA)
    2022-08-31
    oval:org.opensuse.security:def:5335
    P
    		Security update for postgresql10 (Important)
    2022-08-26
    oval:org.opensuse.security:def:5277
    P
    		Security update for the Linux Kernel (Important)
    2022-06-20
    oval:org.opensuse.security:def:20150310
    V
    		CVE-2015-0310
    2022-05-20
    oval:org.opensuse.security:def:6026
    P
    		Security update for xen (Moderate)
    2022-05-03
    oval:org.opensuse.security:def:5366
    P
    		Security update for flac (Moderate)
    2022-03-14
    oval:org.opensuse.security:def:5353
    P
    		Security update for php72 (Moderate)
    2022-02-25
    oval:org.opensuse.security:def:5344
    P
    		Security update for xen (Important)
    2022-02-17
    oval:org.opensuse.security:def:6004
    P
    		Security update for MozillaFirefox (Important)
    2022-01-18
    oval:org.opensuse.security:def:10711
    P
    		Security update for MozillaThunderbird (Important)
    2022-01-12
    oval:org.opensuse.security:def:5168
    P
    		Security update for mozilla-nss (Important)
    2021-12-06
    oval:org.opensuse.security:def:5121
    P
    		Security update for the Linux Kernel (Important)
    2021-09-23
    oval:org.opensuse.security:def:10692
    P
    		Security update for ffmpeg (Important)
    2021-09-02
    oval:org.opensuse.security:def:46948
    P
    		ghostscript-9.15-6.5 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:47189
    P
    		xscreensaver-5.22-7.1 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:47032
    P
    		libipa_hbac0-1.13.4-18.10 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:47260
    P
    		gdk-pixbuf-lang-2.34.0-18.1 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:47094
    P
    		libvorbis-doc-1.3.3-8.23 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:47898
    P
    		syslog-service-2.0-778.1 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:47158
    P
    		stunnel-5.00-3.1 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:47952
    P
    		apache2-mod_nss-1.0.14-19.9.1 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:5075
    P
    		Security update for the Linux Kernel (Important)
    2021-07-14
    oval:org.opensuse.security:def:11513
    P
    		cups-pk-helper-0.2.5-3.75 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:11573
    P
    		libQt5Core5-5.3.2-1.81 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:11260
    P
    		ImageMagick-6.8.8.1-5.21 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:11390
    P
    		libpoppler-glib8-0.24.4-3.14 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:11534
    P
    		flash-player-11.2.202.548-111.1 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:11535
    P
    		freerdp-1.0.2-7.9 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:46496
    P
    		libmodplug1-0.8.8.4-13.63 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:12211
    P
    		libidn11-1.28-4.1 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:48718
    P
    		flash-player-11.2.202.548-111.1 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:11282
    P
    		curl-7.37.0-2.5 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:11409
    P
    		libtiff5-32bit-4.0.3-9.78 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:17049
    P
    		flash-player-11.2.202.548-111.1 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:46587
    P
    		tomcat-7.0.55-2.77 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:11551
    P
    		gpgme-1.5.1-1.12 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:12233
    P
    		libndp0-1.6-2.2 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:11328
    P
    		kernel-default-3.12.28-4.6 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:11484
    P
    		xorg-x11-server-7.6_1.15.2-12.17 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:46734
    P
    		libipa_hbac0-1.11.5.1-14.1 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:11560
    P
    		icu-52.1-7.1 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:76830
    P
    		flash-player-11.2.202.548-111.1 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:11375
    P
    		liblzo2-2-2.08-1.13 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:11509
    P
    		cpp48-4.8.5-24.1 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:5053
    P
    		Security update for gstreamer-plugins-bad (Important)
    2021-06-07
    oval:org.opensuse.security:def:10677
    P
    		Security update for MozillaThunderbird (Moderate)
    2021-06-04
    oval:org.opensuse.security:def:51896
    P
    		Security update for djvulibre (Important)
    2021-05-31
    oval:org.opensuse.security:def:5045
    P
    		Security update for postgresql10 (Moderate)
    2021-05-27
    oval:org.opensuse.security:def:38103
    P
    		Security update for clamav (Important)
    2021-04-14
    oval:org.opensuse.security:def:5202
    P
    		Security update for openssl-1_1 (Important)
    2021-03-25
    oval:org.opensuse.security:def:5183
    P
    		Security update for ImageMagick (Moderate)
    2021-02-19
    oval:org.opensuse.security:def:51723
    P
    		Security update for the Linux Kernel (Live Patch 31 for SLE 12 SP3) (Important)
    2021-02-10
    oval:org.opensuse.security:def:51485
    P
    		Security update for cyrus-sasl (Important)
    2020-12-28
    oval:org.opensuse.security:def:10584
    P
    		Security update for MozillaThunderbird (Important)
    2020-12-07
    oval:org.opensuse.security:def:46364
    P
    		apache2-mod_php5-5.5.14-4.12 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:11252
    P
    		openstack-cinder-2014.2.3.dev13-1.1 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:52716
    P
    		Security update for the Linux Kernel (Live Patch 7 for SLE 15) (Important)
    2020-12-01
    oval:org.opensuse.security:def:53373
    P
    		Security update for qemu (Important)
    2020-12-01
    oval:org.opensuse.security:def:37356
    P
    		xdg-utils on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:37688
    P
    		sysvinit-tools on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:38054
    P
    		rrdtool on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:24344
    P
    		Security update for libX11 and libxcb (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25067
    P
    		Security update for libjpeg-turbo (Important)
    2020-12-01
    oval:org.opensuse.security:def:52727
    P
    		Security update for the Linux Kernel (Live Patch 9 for SLE 15) (Important)
    2020-12-01
    oval:org.opensuse.security:def:54196
    P
    		flash-player on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:54024
    P
    		libgadu3 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:55493
    P
    		Security update for webkitgtk (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:46038
    P
    		Security update for tigervnc (Important)
    2020-12-01
    oval:org.opensuse.security:def:24624
    P
    		Security update for SDL (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:24966
    P
    		Security update for libu2f-host (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:38214
    P
    		gv on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:52453
    P
    		Security update for tiff (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:52856
    P
    		Security update for the Linux Kernel (Live Patch 1 for SLE 15 SP1) (Important)
    2020-12-01
    oval:org.opensuse.security:def:53539
    P
    		Security update for perl-DBI (Important)
    2020-12-01
    oval:org.opensuse.security:def:37367
    P
    		yast2-core on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:37745
    P
    		busybox on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:10853
    P
    		systemtap-sdt-devel on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:46039
    P
    		Security update for ucode-intel (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:51322
    P
    		Security update for jasper (Low)
    2020-12-01
    oval:org.opensuse.security:def:25111
    P
    		Security update for openssl-1_0_0 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:10630
    P
    		Security update for xorg-x11-server (Important)
    2020-12-01
    oval:org.opensuse.security:def:10786
    P
    		librsvg-devel on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:52765
    P
    		Security update for the Linux Kernel (Live Patch 15 for SLE 15) (Important)
    2020-12-01
    oval:org.opensuse.security:def:54098
    P
    		perl-Config-IniFiles on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:55567
    P
    		Security update for flash-player (Critical)
    2020-12-01
    oval:org.opensuse.security:def:24354
    P
    		Security update for postgresql96 (Important)
    2020-12-01
    oval:org.opensuse.security:def:24680
    P
    		Security update for java-1_7_1-ibm (Important)
    2020-12-01
    oval:org.opensuse.security:def:38852
    P
    		gnome-shell-calendar on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:51323
    P
    		Security update for vim (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:52561
    P
    		Security update for the Linux Kernel (Important)
    2020-12-01
    oval:org.opensuse.security:def:10554
    P
    		libtiff-devel on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:53094
    P
    		Security update for rmt-server (Important)
    2020-12-01
    oval:org.opensuse.security:def:53824
    P
    		Security update for enigmail (Important)
    2020-12-01
    oval:org.opensuse.security:def:37451
    P
    		grub2 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:37835
    P
    		krb5-appl-clients on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:10862
    P
    		xfig on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:46052
    P
    		Security update for python3-requests (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25749
    P
    		Security update for pidgin (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:52693
    P
    		Security update for the Linux Kernel (Live Patch 1 for SLE 15) (Important)
    2020-12-01
    oval:org.opensuse.security:def:10811
    P
    		libxcb-composite0 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:52846
    P
    		Security update for the Linux Kernel (Live Patch 11 for SLE 15 SP1) (Important)
    2020-12-01
    oval:org.opensuse.security:def:54136
    P
    		wdiff on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:24417
    P
    		Security update for webkit2gtk3 (Important)
    2020-12-01
    oval:org.opensuse.security:def:24763
    P
    		Security update for libproxy (Important)
    2020-12-01
    oval:org.opensuse.security:def:38142
    P
    		bubblewrap on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:38894
    P
    		flash-player on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:51345
    P
    		Security update for freetype2 (Important)
    2020-12-01
    oval:org.opensuse.security:def:52694
    P
    		Security update for the Linux Kernel (Live Patch 2 for SLE 15) (Important)
    2020-12-01
    oval:org.opensuse.security:def:53267
    P
    		Security update for rmt-server (Important)
    2020-12-01
    oval:org.opensuse.security:def:53932
    P
    		bzip2 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:37587
    P
    		libspice-server1 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:37995
    P
    		libz1 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:10875
    P
    		aaa_base-malloccheck on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:46172
    P
    		Security update for glibc (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25053
    P
    		Security update for libunwind (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25784
    P
    		Security update for flash-player (Critical)
    2020-12-01
    oval:org.opensuse.security:def:10562
    P
    		libwmf-0_2-7 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:52653
    P
    		Security update for the Linux Kernel (Live Patch 2 for SLE 15) (Important)
    2020-12-01
    oval:org.opensuse.security:def:54122
    P
    		squashfs on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:37355
    P
    		xalan-j2 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:54217
    P
    		gzip on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:24543
    P
    		Security update for python-xdg (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:24913
    P
    		Security update for ovmf (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:38170
    P
    		dovecot22 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:52168
    P
    		Security update for java-11-openjdk (Important)
    2020-12-01
    oval:org.cisecurity:def:1254
    V
    		Vulnerability in Adobe Flash Player before 13.0.0.262 and 14.x through 16.x before 16.0.0.287 - CVE-2015-0310
    2016-11-11
    oval:com.ubuntu.precise:def:20150310000
    V
    		CVE-2015-0310 on Ubuntu 12.04 LTS (precise) - medium.
    2015-01-23
    oval:com.ubuntu.trusty:def:20150310000
    V
    		CVE-2015-0310 on Ubuntu 14.04 LTS (trusty) - medium.
    2015-01-23
    oval:org.opensuse.security:def:78201
    P
    		Security update for flash-player (Critical)
    2015-01-22
    BACK
    adobe flash player *
    linux linux kernel -
    adobe flash player *
    adobe flash player 14.0.0.125
    adobe flash player 14.0.0.145
    adobe flash player 14.0.0.176
    adobe flash player 14.0.0.179
    adobe flash player 15.0.0.152
    adobe flash player 15.0.0.167
    adobe flash player 15.0.0.189
    adobe flash player 15.0.0.223
    adobe flash player 15.0.0.239
    adobe flash player 15.0.0.246
    adobe flash player 16.0.0.235
    adobe flash player 16.0.0.257
    apple mac os x -
    microsoft windows -
    adobe flash player 16.0.0.257
    adobe flash player 13.0.0.260
    redhat enterprise linux server supplementary 6
    redhat enterprise linux workstation supplementary 6
    redhat enterprise linux desktop supplementary 6
    microsoft windows 8
    microsoft windows server 2012
    microsoft windows 8 -
    microsoft windows rt -
    microsoft windows 8.1 - -
    microsoft windows 8.1
    microsoft windows server 2012 r2
    microsoft windows rt 8.1 -