Vulnerability CVE-2015-0310

Vulnerability Name:

CVE-2015-0310 (CCN-100236)

Assigned:

2014-12-01

Published:

2015-01-14

Updated:

2015-11-13

Summary:

Adobe Flash Player before 13.0.0.262 and 14.x through 16.x before 16.0.0.287 on Windows and OS X and before 11.2.202.438 on Linux does not properly restrict discovery of memory addresses, which allows attackers to bypass the ASLR protection mechanism on Windows, and have an unspecified impact on other platforms, via unknown vectors, as exploited in the wild in January 2015.

CVSS v3 Severity:

7.5 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): None Availibility (A): None

CVSS v2 Severity:

10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
7.4 High (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

7.1 High (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:N/A:N)
5.3 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:N/A:N/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Athentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): None Availibility (A): None

Vulnerability Type:

CWE-264

Vulnerability Consequences:

Bypass Security

References:

Source: MITRE
Type: CNA
CVE-2015-0310

Source: CCN
Type: Adobe Security Bulletin APSB15-02
Security updates available for Adobe Flash Player

Source: CONFIRM
Type: Patch, Vendor Advisory
http://helpx.adobe.com/security/products/flash-player/apsb15-02.html

Source: CCN
Type: Malware don't need Coffee Web site
Unpatched Vulnerability (0day) in Flash Player is being exploited by Angler EK

Source: CCN
Type: RHSA-2015-0094
Critical: flash-plugin security update

Source: SECUNIA
Type: UNKNOWN
62452

Source: SECUNIA
Type: UNKNOWN
62601

Source: SECUNIA
Type: UNKNOWN
62660

Source: SECUNIA
Type: UNKNOWN
62740

Source: GENTOO
Type: UNKNOWN
GLSA-201502-02

Source: CCN
Type: Adobe Web site
Flash Player

Source: BID
Type: UNKNOWN
72261

Source: CCN
Type: BID-72261
Adobe Flash Player CVE-2015-0310 Unspecified Memory Corruption Vulnerability

Source: SECTRACK
Type: UNKNOWN
1031609

Source: XF
Type: UNKNOWN
adobe-flash-player-cve20150310-sec-bypass(100236)

Source: CCN
Type: Microsoft Security Advisory 2755801
Update for Vulnerabilities in Adobe Flash Player in Internet Explorer

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2015-0310

Vulnerable Configuration:

Configuration 1:

cpe:/a:adobe:flash_player:*:*:*:*:*:*:*:* (Version <= 11.2.202.429)

AND

cpe:/o:linux:linux_kernel:-:*:*:*:*:*:*:*

Configuration 2:

cpe:/a:adobe:flash_player:*:*:*:*:*:*:*:* (Version <= 13.0.0.260)

OR cpe:/a:adobe:flash_player:14.0.0.125:*:*:*:*:*:*:*

OR cpe:/a:adobe:flash_player:14.0.0.145:*:*:*:*:*:*:*

OR cpe:/a:adobe:flash_player:14.0.0.176:*:*:*:*:*:*:*

OR cpe:/a:adobe:flash_player:14.0.0.179:*:*:*:*:*:*:*

OR cpe:/a:adobe:flash_player:15.0.0.152:*:*:*:*:*:*:*

OR cpe:/a:adobe:flash_player:15.0.0.167:*:*:*:*:*:*:*

OR cpe:/a:adobe:flash_player:15.0.0.189:*:*:*:*:*:*:*

OR cpe:/a:adobe:flash_player:15.0.0.223:*:*:*:*:*:*:*

OR cpe:/a:adobe:flash_player:15.0.0.239:*:*:*:*:*:*:*

OR cpe:/a:adobe:flash_player:15.0.0.246:*:*:*:*:*:*:*

OR cpe:/a:adobe:flash_player:16.0.0.235:*:*:*:*:*:*:*

OR cpe:/a:adobe:flash_player:16.0.0.257:*:*:*:*:*:*:*

AND

cpe:/o:apple:mac_os_x:-:*:*:*:*:*:*:*

OR cpe:/o:microsoft:windows:-:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:adobe:flash_player:16.0.0.257:*:*:*:*:*:*:*

OR cpe:/a:adobe:flash_player:13.0.0.260:*:*:*:*:*:*:*

AND

cpe:/o:redhat:enterprise_linux_server_supplementary:6:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux_workstation_supplementary:6:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux_desktop_supplementary:6:*:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_8:::~~~~x64~:*:*:*:*:*

OR cpe:/o:microsoft:windows_server_2012:*:*:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_8:-:*:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_rt:-:*:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_8.1:-:-:-:*:-:-:x32:*

OR cpe:/o:microsoft:windows_8.1:::~~~~x64~:*:*:*:*:*

OR cpe:/o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20150310	V	CVE-2015-0310	2022-05-20
oval:org.opensuse.security:def:10711	P	Security update for MozillaThunderbird (Important)	2022-01-12
oval:org.opensuse.security:def:10692	P	Security update for ffmpeg (Important)	2021-09-02
oval:org.opensuse.security:def:46948	P	ghostscript-9.15-6.5 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47189	P	xscreensaver-5.22-7.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47032	P	libipa_hbac0-1.13.4-18.10 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47260	P	gdk-pixbuf-lang-2.34.0-18.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47094	P	libvorbis-doc-1.3.3-8.23 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47898	P	syslog-service-2.0-778.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47158	P	stunnel-5.00-3.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:47952	P	apache2-mod_nss-1.0.14-19.9.1 on GA media (Moderate)	2021-08-16
oval:org.opensuse.security:def:11513	P	cups-pk-helper-0.2.5-3.75 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11573	P	libQt5Core5-5.3.2-1.81 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11260	P	ImageMagick-6.8.8.1-5.21 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11390	P	libpoppler-glib8-0.24.4-3.14 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11534	P	flash-player-11.2.202.548-111.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11535	P	freerdp-1.0.2-7.9 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:46496	P	libmodplug1-0.8.8.4-13.63 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:12211	P	libidn11-1.28-4.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48718	P	flash-player-11.2.202.548-111.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11282	P	curl-7.37.0-2.5 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11409	P	libtiff5-32bit-4.0.3-9.78 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:17049	P	flash-player-11.2.202.548-111.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:46587	P	tomcat-7.0.55-2.77 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11551	P	gpgme-1.5.1-1.12 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:12233	P	libndp0-1.6-2.2 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11328	P	kernel-default-3.12.28-4.6 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11484	P	xorg-x11-server-7.6_1.15.2-12.17 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:46734	P	libipa_hbac0-1.11.5.1-14.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11560	P	icu-52.1-7.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:76830	P	flash-player-11.2.202.548-111.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11375	P	liblzo2-2-2.08-1.13 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11509	P	cpp48-4.8.5-24.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:10677	P	Security update for MozillaThunderbird (Moderate)	2021-06-04
oval:org.opensuse.security:def:6026	P	Security update for slurm (Important)	2021-05-31
oval:org.opensuse.security:def:51896	P	Security update for djvulibre (Important)	2021-05-31
oval:org.opensuse.security:def:6004	P	Security update for samba (Important)	2021-05-04
oval:org.opensuse.security:def:38103	P	Security update for clamav (Important)	2021-04-14
oval:org.opensuse.security:def:52002	P	Security update for python (Important)	2021-02-11
oval:org.opensuse.security:def:51723	P	Security update for the Linux Kernel (Live Patch 31 for SLE 12 SP3) (Important)	2021-02-10
oval:org.opensuse.security:def:51485	P	Security update for cyrus-sasl (Important)	2020-12-28
oval:org.opensuse.security:def:5344	P	Security update for flac (Moderate)	2020-12-24
oval:org.opensuse.security:def:10584	P	Security update for MozillaThunderbird (Important)	2020-12-07
oval:org.opensuse.security:def:46364	P	apache2-mod_php5-5.5.14-4.12 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:11252	P	openstack-cinder-2014.2.3.dev13-1.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:5121	P	Security update for the Linux Kernel (Important)	2020-12-02
oval:org.opensuse.security:def:5277	P	Security update for spamassassin (Important)	2020-12-02
oval:org.opensuse.security:def:5045	P	Security update for graphviz (Moderate)	2020-12-02
oval:org.opensuse.security:def:5353	P	Security update for apache2 (Moderate)	2020-12-02
oval:org.opensuse.security:def:5168	P	Security update for nodejs8 (Critical)	2020-12-02
oval:org.opensuse.security:def:5302	P	Security update for zstd (Moderate)	2020-12-02
oval:org.opensuse.security:def:5366	P	Security update for samba (Important)	2020-12-02
oval:org.opensuse.security:def:5053	P	Security update for the Linux Kernel (Important)	2020-12-02
oval:org.opensuse.security:def:5183	P	Security update for mozilla-nss (Moderate)	2020-12-02
oval:org.opensuse.security:def:5335	P	Security update for tomcat (Important)	2020-12-02
oval:org.opensuse.security:def:5075	P	Security update for rubygem-activesupport-5_1 (Critical)	2020-12-02
oval:org.opensuse.security:def:5202	P	Security update for webkit2gtk3 (Important)	2020-12-02
oval:org.opensuse.security:def:52716	P	Security update for the Linux Kernel (Live Patch 7 for SLE 15) (Important)	2020-12-01
oval:org.opensuse.security:def:53373	P	Security update for qemu (Important)	2020-12-01
oval:org.opensuse.security:def:37356	P	xdg-utils on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:37688	P	sysvinit-tools on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:38054	P	rrdtool on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:24344	P	Security update for libX11 and libxcb (Moderate)	2020-12-01
oval:org.opensuse.security:def:25067	P	Security update for libjpeg-turbo (Important)	2020-12-01
oval:org.opensuse.security:def:52727	P	Security update for the Linux Kernel (Live Patch 9 for SLE 15) (Important)	2020-12-01
oval:org.opensuse.security:def:54196	P	flash-player on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:54024	P	libgadu3 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:55493	P	Security update for webkitgtk (Moderate)	2020-12-01
oval:org.opensuse.security:def:46038	P	Security update for tigervnc (Important)	2020-12-01
oval:org.opensuse.security:def:24624	P	Security update for SDL (Moderate)	2020-12-01
oval:org.opensuse.security:def:24966	P	Security update for libu2f-host (Moderate)	2020-12-01
oval:org.opensuse.security:def:38214	P	gv on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:52453	P	Security update for tiff (Moderate)	2020-12-01
oval:org.opensuse.security:def:52856	P	Security update for the Linux Kernel (Live Patch 1 for SLE 15 SP1) (Important)	2020-12-01
oval:org.opensuse.security:def:53539	P	Security update for perl-DBI (Important)	2020-12-01
oval:org.opensuse.security:def:37367	P	yast2-core on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:37745	P	busybox on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:10853	P	systemtap-sdt-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:46039	P	Security update for ucode-intel (Moderate)	2020-12-01
oval:org.opensuse.security:def:51322	P	Security update for jasper (Low)	2020-12-01
oval:org.opensuse.security:def:25111	P	Security update for openssl-1_0_0 (Moderate)	2020-12-01
oval:org.opensuse.security:def:10630	P	Security update for xorg-x11-server (Important)	2020-12-01
oval:org.opensuse.security:def:10786	P	librsvg-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:52765	P	Security update for the Linux Kernel (Live Patch 15 for SLE 15) (Important)	2020-12-01
oval:org.opensuse.security:def:54098	P	perl-Config-IniFiles on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:55567	P	Security update for flash-player (Critical)	2020-12-01
oval:org.opensuse.security:def:24354	P	Security update for postgresql96 (Important)	2020-12-01
oval:org.opensuse.security:def:24680	P	Security update for java-1_7_1-ibm (Important)	2020-12-01
oval:org.opensuse.security:def:38852	P	gnome-shell-calendar on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:51323	P	Security update for vim (Moderate)	2020-12-01
oval:org.opensuse.security:def:52561	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:10554	P	libtiff-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:53094	P	Security update for rmt-server (Important)	2020-12-01
oval:org.opensuse.security:def:53824	P	Security update for enigmail (Important)	2020-12-01
oval:org.opensuse.security:def:37451	P	grub2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:37835	P	krb5-appl-clients on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:10862	P	xfig on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:46052	P	Security update for python3-requests (Moderate)	2020-12-01
oval:org.opensuse.security:def:25749	P	Security update for pidgin (Moderate)	2020-12-01
oval:org.opensuse.security:def:52693	P	Security update for the Linux Kernel (Live Patch 1 for SLE 15) (Important)	2020-12-01
oval:org.opensuse.security:def:10811	P	libxcb-composite0 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:52846	P	Security update for the Linux Kernel (Live Patch 11 for SLE 15 SP1) (Important)	2020-12-01
oval:org.opensuse.security:def:54136	P	wdiff on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:24417	P	Security update for webkit2gtk3 (Important)	2020-12-01
oval:org.opensuse.security:def:24763	P	Security update for libproxy (Important)	2020-12-01
oval:org.opensuse.security:def:38142	P	bubblewrap on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:38894	P	flash-player on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:51345	P	Security update for freetype2 (Important)	2020-12-01
oval:org.opensuse.security:def:52694	P	Security update for the Linux Kernel (Live Patch 2 for SLE 15) (Important)	2020-12-01
oval:org.opensuse.security:def:53267	P	Security update for rmt-server (Important)	2020-12-01
oval:org.opensuse.security:def:53932	P	bzip2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:37587	P	libspice-server1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:37995	P	libz1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:10875	P	aaa_base-malloccheck on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:46172	P	Security update for glibc (Moderate)	2020-12-01
oval:org.opensuse.security:def:25053	P	Security update for libunwind (Moderate)	2020-12-01
oval:org.opensuse.security:def:25784	P	Security update for flash-player (Critical)	2020-12-01
oval:org.opensuse.security:def:10562	P	libwmf-0_2-7 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:52653	P	Security update for the Linux Kernel (Live Patch 2 for SLE 15) (Important)	2020-12-01
oval:org.opensuse.security:def:54122	P	squashfs on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:37355	P	xalan-j2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:54217	P	gzip on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:24543	P	Security update for python-xdg (Moderate)	2020-12-01
oval:org.opensuse.security:def:24913	P	Security update for ovmf (Moderate)	2020-12-01
oval:org.opensuse.security:def:38170	P	dovecot22 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:52168	P	Security update for java-11-openjdk (Important)	2020-12-01
oval:org.cisecurity:def:1254	V	Vulnerability in Adobe Flash Player before 13.0.0.262 and 14.x through 16.x before 16.0.0.287 - CVE-2015-0310	2016-11-11
oval:com.ubuntu.precise:def:20150310000	V	CVE-2015-0310 on Ubuntu 12.04 LTS (precise) - medium.	2015-01-23
oval:com.ubuntu.trusty:def:20150310000	V	CVE-2015-0310 on Ubuntu 14.04 LTS (trusty) - medium.	2015-01-23
oval:org.opensuse.security:def:78201	P	Security update for flash-player (Critical)	2015-01-22

BACK