Vulnerability Name:

CVE-2015-0311 (CCN-100267)

Assigned:2014-12-01
Published:2015-01-22
Updated:2015-02-14
Summary:Unspecified vulnerability in Adobe Flash Player through 13.0.0.262 and 14.x, 15.x, and 16.x through 16.0.0.287 on Windows and OS X and through 11.2.202.438 on Linux allows remote attackers to execute arbitrary code via unknown vectors, as exploited in the wild in January 2015.
CVSS v3 Severity:10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
8.3 High (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:F/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
9.3 High (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C)
7.7 High (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:F/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-noinfo
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2015-0311

Source: CCN
Type: Adobe Security Bulletin APSA15-01
Security Advisory for Adobe Flash Player

Source: CONFIRM
Type: Patch, Vendor Advisory
http://helpx.adobe.com/security/products/flash-player/apsa15-01.html

Source: CONFIRM
Type: UNKNOWN
http://helpx.adobe.com/security/products/flash-player/apsb15-03.html

Source: SUSE
Type: UNKNOWN
SUSE-SU-2015:0151

Source: SUSE
Type: UNKNOWN
SUSE-SU-2015:0163

Source: MISC
Type: UNKNOWN
http://malware.dontneedcoffee.com/2015/01/unpatched-vulnerability-0day-in-flash.html

Source: CCN
Type: RHSA-2015-0094
Critical: flash-plugin security update

Source: SECUNIA
Type: UNKNOWN
62432

Source: SECUNIA
Type: UNKNOWN
62543

Source: SECUNIA
Type: UNKNOWN
62650

Source: SECUNIA
Type: UNKNOWN
62660

Source: SECUNIA
Type: UNKNOWN
62740

Source: GENTOO
Type: UNKNOWN
GLSA-201502-02

Source: BID
Type: UNKNOWN
72283

Source: CCN
Type: BID-72283
Adobe Flash Player CVE-2015-0311 Use After Free Memory Corruption Vulnerability

Source: SECTRACK
Type: UNKNOWN
1031597

Source: XF
Type: UNKNOWN
adobe-flash-player-cve20150311-code-exec(100267)

Source: CCN
Type: Packet Storm Security [03-12-2015]
Adobe Flash Player ByteArray UncompressViaZlibVariant Use After Free

Source: CONFIRM
Type: UNKNOWN
https://technet.microsoft.com/library/security/2755801

Source: EXPLOIT-DB
Type: EXPLOIT
Offensive Security Exploit Database [03-12-2015]

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2015-0311

Vulnerable Configuration:Configuration 1:
  • cpe:/a:adobe:flash_player:*:*:*:*:*:*:*:* (Version <= 11.2.202.438)
  • AND
  • cpe:/o:linux:linux_kernel:-:*:*:*:*:*:*:*

    • Configuration 2:
  • cpe:/a:adobe:flash_player:*:*:*:*:*:*:*:* (Version <= 13.0.0.262)
  • OR cpe:/a:adobe:flash_player:14.0.0.125:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:flash_player:14.0.0.145:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:flash_player:14.0.0.176:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:flash_player:14.0.0.179:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:flash_player:15.0.0.152:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:flash_player:15.0.0.167:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:flash_player:15.0.0.189:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:flash_player:15.0.0.223:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:flash_player:15.0.0.239:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:flash_player:15.0.0.246:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:flash_player:16.0.0.235:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:flash_player:16.0.0.257:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:flash_player:16.0.0.287:*:*:*:*:*:*:*
  • AND
  • cpe:/o:apple:mac_os_x:-:*:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows:-:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:adobe:flash_player:16.0.0.287:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:flash_player:16.0.0.287:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:flash_player:13.0.0.262:*:*:*:*:*:*:*
  • AND
  • cpe:/o:redhat:enterprise_linux_server_supplementary:6:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux_workstation_supplementary:6:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux_desktop_supplementary:6:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20150311
    V
    		CVE-2015-0311
    2022-05-20
    oval:org.opensuse.security:def:10711
    P
    		Security update for MozillaThunderbird (Important)
    2022-01-12
    oval:org.opensuse.security:def:10692
    P
    		Security update for ffmpeg (Important)
    2021-09-02
    oval:org.opensuse.security:def:46949
    P
    		giflib-progs-5.0.5-12.1 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:47190
    P
    		yast2-3.1.206-36.3 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:47033
    P
    		libjansson4-2.7-1.2 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:47261
    P
    		gdk-pixbuf-loader-rsvg-2.40.15-4.5 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:47095
    P
    		libvte9-0.28.2-19.7 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:47899
    P
    		systemtap-3.0-15.13 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:47159
    P
    		sudo-1.8.10p3-6.16 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:47953
    P
    		apache2-mod_perl-2.0.8-11.43 on GA media (Moderate)
    2021-08-16
    oval:org.opensuse.security:def:11513
    P
    		cups-pk-helper-0.2.5-3.75 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:11574
    P
    		libX11-6-1.6.2-4.12 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:11261
    P
    		MozillaFirefox-31.1.0esr-1.20 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:11391
    P
    		libproxy1-0.4.11-11.2 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:11534
    P
    		flash-player-11.2.202.548-111.1 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:11535
    P
    		freerdp-1.0.2-7.9 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:46497
    P
    		libmspack0-0.4-3.57 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:12212
    P
    		libipa_hbac0-1.13.4-33.2 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:48718
    P
    		flash-player-11.2.202.548-111.1 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:11283
    P
    		cvs-1.12.12-181.63 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:11410
    P
    		libudisks2-0-2.1.3-1.14 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:17049
    P
    		flash-player-11.2.202.548-111.1 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:46588
    P
    		unixODBC-2.3.1-4.88 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:11552
    P
    		groff-1.22.2-5.429 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:12234
    P
    		libneon27-0.30.0-3.65 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:11329
    P
    		krb5-1.12.1-6.3 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:11485
    P
    		yast2-3.1.108-1.16 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:46735
    P
    		libjansson4-2.7-1.2 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:11561
    P
    		iputils-s20121221-2.19 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:76830
    P
    		flash-player-11.2.202.548-111.1 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:11376
    P
    		libmikmod3-3.2.0-4.59 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:11510
    P
    		cron-4.2-58.3 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:10677
    P
    		Security update for MozillaThunderbird (Moderate)
    2021-06-04
    oval:org.opensuse.security:def:6026
    P
    		Security update for slurm (Important)
    2021-05-31
    oval:org.opensuse.security:def:51896
    P
    		Security update for djvulibre (Important)
    2021-05-31
    oval:org.opensuse.security:def:6004
    P
    		Security update for samba (Important)
    2021-05-04
    oval:org.opensuse.security:def:46053
    P
    		Security update for openldap2 (Important)
    2021-04-16
    oval:org.opensuse.security:def:38103
    P
    		Security update for clamav (Important)
    2021-04-14
    oval:org.opensuse.security:def:52002
    P
    		Security update for python (Important)
    2021-02-11
    oval:org.opensuse.security:def:51723
    P
    		Security update for the Linux Kernel (Live Patch 31 for SLE 12 SP3) (Important)
    2021-02-10
    oval:org.opensuse.security:def:51485
    P
    		Security update for cyrus-sasl (Important)
    2020-12-28
    oval:org.opensuse.security:def:5344
    P
    		Security update for flac (Moderate)
    2020-12-24
    oval:org.opensuse.security:def:10584
    P
    		Security update for MozillaThunderbird (Important)
    2020-12-07
    oval:org.opensuse.security:def:46365
    P
    		apache2-mod_php7-7.0.7-15.1 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:11253
    P
    		openstack-neutron-2014.2.2.dev26-3.1 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:5121
    P
    		Security update for the Linux Kernel (Important)
    2020-12-02
    oval:org.opensuse.security:def:5277
    P
    		Security update for spamassassin (Important)
    2020-12-02
    oval:org.opensuse.security:def:5045
    P
    		Security update for graphviz (Moderate)
    2020-12-02
    oval:org.opensuse.security:def:5353
    P
    		Security update for apache2 (Moderate)
    2020-12-02
    oval:org.opensuse.security:def:5168
    P
    		Security update for nodejs8 (Critical)
    2020-12-02
    oval:org.opensuse.security:def:5302
    P
    		Security update for zstd (Moderate)
    2020-12-02
    oval:org.opensuse.security:def:5366
    P
    		Security update for samba (Important)
    2020-12-02
    oval:org.opensuse.security:def:5053
    P
    		Security update for the Linux Kernel (Important)
    2020-12-02
    oval:org.opensuse.security:def:5183
    P
    		Security update for mozilla-nss (Moderate)
    2020-12-02
    oval:org.opensuse.security:def:5335
    P
    		Security update for tomcat (Important)
    2020-12-02
    oval:org.opensuse.security:def:5075
    P
    		Security update for rubygem-activesupport-5_1 (Critical)
    2020-12-02
    oval:org.opensuse.security:def:5202
    P
    		Security update for webkit2gtk3 (Important)
    2020-12-02
    oval:org.opensuse.security:def:52717
    P
    		Security update for the Linux Kernel (Live Patch 11 for SLE 15) (Important)
    2020-12-01
    oval:org.opensuse.security:def:53374
    P
    		Security update for bind (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:37356
    P
    		xdg-utils on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:37688
    P
    		sysvinit-tools on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:38054
    P
    		rrdtool on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:24345
    P
    		Security update for axis (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25068
    P
    		Security update for ghostscript (Important)
    2020-12-01
    oval:org.opensuse.security:def:52727
    P
    		Security update for the Linux Kernel (Live Patch 9 for SLE 15) (Important)
    2020-12-01
    oval:org.opensuse.security:def:54196
    P
    		flash-player on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:54025
    P
    		libgc1 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:55494
    P
    		Security update for libXfont (Important)
    2020-12-01
    oval:org.opensuse.security:def:46039
    P
    		Security update for ucode-intel (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:24625
    P
    		Security update for dovecot22 (Important)
    2020-12-01
    oval:org.opensuse.security:def:24967
    P
    		Security update for postgresql10 (Important)
    2020-12-01
    oval:org.opensuse.security:def:38214
    P
    		gv on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:52453
    P
    		Security update for tiff (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:52857
    P
    		Security update for the Linux Kernel (Live Patch 0 for SLE 15 SP1) (Important)
    2020-12-01
    oval:org.opensuse.security:def:53540
    P
    		Security update for openldap2 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:37367
    P
    		yast2-core on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:37745
    P
    		busybox on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:10853
    P
    		systemtap-sdt-devel on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:46040
    P
    		Security update for the Linux Kernel (Important)
    2020-12-01
    oval:org.opensuse.security:def:51322
    P
    		Security update for jasper (Low)
    2020-12-01
    oval:org.opensuse.security:def:25112
    P
    		Security update for ovmf (Important)
    2020-12-01
    oval:org.opensuse.security:def:10630
    P
    		Security update for xorg-x11-server (Important)
    2020-12-01
    oval:org.opensuse.security:def:10786
    P
    		librsvg-devel on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:52765
    P
    		Security update for the Linux Kernel (Live Patch 15 for SLE 15) (Important)
    2020-12-01
    oval:org.opensuse.security:def:54099
    P
    		perl-HTML-Parser on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:55568
    P
    		Security update for flash-player (Critical)
    2020-12-01
    oval:org.opensuse.security:def:24355
    P
    		Security update for tomcat (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:24681
    P
    		Security update for java-1_8_0-ibm (Important)
    2020-12-01
    oval:org.opensuse.security:def:38852
    P
    		gnome-shell-calendar on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:51323
    P
    		Security update for vim (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:52561
    P
    		Security update for the Linux Kernel (Important)
    2020-12-01
    oval:org.opensuse.security:def:10554
    P
    		libtiff-devel on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:53095
    P
    		Security update for terraform (Important)
    2020-12-01
    oval:org.opensuse.security:def:53825
    P
    		Security update for MozillaThunderbird (Important)
    2020-12-01
    oval:org.opensuse.security:def:37451
    P
    		grub2 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:37835
    P
    		krb5-appl-clients on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:10862
    P
    		xfig on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:25750
    P
    		Security update for flash-player (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:52694
    P
    		Security update for the Linux Kernel (Live Patch 2 for SLE 15) (Important)
    2020-12-01
    oval:org.opensuse.security:def:10811
    P
    		libxcb-composite0 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:52846
    P
    		Security update for the Linux Kernel (Live Patch 11 for SLE 15 SP1) (Important)
    2020-12-01
    oval:org.opensuse.security:def:54137
    P
    		wget on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:24418
    P
    		Security update for audit (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:24764
    P
    		Security update for libqt5-qtimageformats (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:38142
    P
    		bubblewrap on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:38894
    P
    		flash-player on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:51345
    P
    		Security update for freetype2 (Important)
    2020-12-01
    oval:org.opensuse.security:def:52695
    P
    		Security update for the Linux Kernel (Live Patch 3 for SLE 15) (Important)
    2020-12-01
    oval:org.opensuse.security:def:53268
    P
    		Security update for postgresql10 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:53933
    P
    		cifs-utils on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:37587
    P
    		libspice-server1 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:37995
    P
    		libz1 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:10875
    P
    		aaa_base-malloccheck on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:46173
    P
    		Security update for bzip2 (Important)
    2020-12-01
    oval:org.opensuse.security:def:25054
    P
    		Security update for MozillaFirefox (Important)
    2020-12-01
    oval:org.opensuse.security:def:25785
    P
    		Security update for flash-player (Critical)
    2020-12-01
    oval:org.opensuse.security:def:10562
    P
    		libwmf-0_2-7 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:52653
    P
    		Security update for the Linux Kernel (Live Patch 2 for SLE 15) (Important)
    2020-12-01
    oval:org.opensuse.security:def:54122
    P
    		squashfs on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:37355
    P
    		xalan-j2 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:54218
    P
    		hardlink on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:24544
    P
    		Security update for dhcp (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:24914
    P
    		Security update for freeradius-server (Important)
    2020-12-01
    oval:org.opensuse.security:def:38170
    P
    		dovecot22 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:52168
    P
    		Security update for java-11-openjdk (Important)
    2020-12-01
    oval:org.mitre.oval:def:28471
    V
    		Adobe Flash Player 14.x though 16.0.0.287 and 13.x through 13.0.0.262 can cause a crash and potentially allow an attacker to take control of the Windows platform
    2015-08-03
    oval:org.opensuse.security:def:78202
    P
    		Security update for flash-player (Critical)
    2015-01-27
    oval:com.ubuntu.precise:def:20150311000
    V
    		CVE-2015-0311 on Ubuntu 12.04 LTS (precise) - medium.
    2015-01-23
    oval:com.ubuntu.trusty:def:20150311000
    V
    		CVE-2015-0311 on Ubuntu 14.04 LTS (trusty) - medium.
    2015-01-23
    BACK
    adobe flash player *
    linux linux kernel -
    adobe flash player *
    adobe flash player 14.0.0.125
    adobe flash player 14.0.0.145
    adobe flash player 14.0.0.176
    adobe flash player 14.0.0.179
    adobe flash player 15.0.0.152
    adobe flash player 15.0.0.167
    adobe flash player 15.0.0.189
    adobe flash player 15.0.0.223
    adobe flash player 15.0.0.239
    adobe flash player 15.0.0.246
    adobe flash player 16.0.0.235
    adobe flash player 16.0.0.257
    adobe flash player 16.0.0.287
    apple mac os x -
    microsoft windows -
    adobe flash player 16.0.0.287
    adobe flash player 16.0.0.287
    adobe flash player 13.0.0.262
    redhat enterprise linux server supplementary 6
    redhat enterprise linux workstation supplementary 6
    redhat enterprise linux desktop supplementary 6