Vulnerability Name:

CVE-2015-0331 (CCN-101035)

Assigned:2014-12-01
Published:2015-02-04
Updated:2017-01-03
Summary:Use-after-free vulnerability in Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-0313, CVE-2015-0315, CVE-2015-0320, and CVE-2015-0322.

CWE-416: Use After Free
CVSS v3 Severity:10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
7.4 High (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
9.3 High (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C)
6.9 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
6.8 Medium (REDHAT CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
5.0 Medium (REDHAT Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2015-0331

Source: CCN
Type: Google Chrome Releases Web site
Beta Channel Update

Source: SUSE
Type: UNKNOWN
openSUSE-SU-2015:0725

Source: BID
Type: UNKNOWN
72698

Source: CCN
Type: BID-72698
Adobe Flash Player CVE-2015-0331 Use After Free Remote Code Execution Vulnerability

Source: XF
Type: UNKNOWN
adobe-flash-playlist-code-exec(101035)

Source: CCN
Type: Adobe Security Bulletin APSB15-04
Security updates available for Adobe Flash Player

Source: CONFIRM
Type: Patch, Vendor Advisory
https://helpx.adobe.com/security/products/flash-player/apsb15-04.html

Source: CCN
Type: Microsoft Security Advisory 2755801
Update for Vulnerabilities in Adobe Flash Player in Internet Explorer

Source: CCN
Type: ZDI-15-047
Adobe Flash HLS Playlist Use-After-Free Remote Code Execution Vulnerability

Vulnerable Configuration:Configuration 1:
  • cpe:/a:adobe:flash_player:*:*:*:*:*:*:*:* (Version <= 13.0.0.264)
  • OR cpe:/a:adobe:flash_player:14.0.0.125:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:flash_player:14.0.0.145:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:flash_player:14.0.0.176:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:flash_player:14.0.0.179:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:flash_player:15.0.0.152:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:flash_player:15.0.0.167:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:flash_player:15.0.0.189:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:flash_player:15.0.0.223:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:flash_player:15.0.0.239:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:flash_player:15.0.0.246:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:flash_player:16.0.0.235:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:flash_player:16.0.0.257:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:flash_player:16.0.0.287:*:*:*:*:*:*:*
  • OR cpe:/a:adobe:flash_player:16.0.0.296:*:*:*:*:*:*:*
  • AND
  • cpe:/o:apple:mac_os_x:-:*:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows:-:*:*:*:*:*:*:*

  • Configuration 2:
  • cpe:/a:adobe:flash_player:*:*:*:*:*:*:*:* (Version <= 11.2.202.440)
  • AND
  • cpe:/o:linux:linux_kernel:-:*:*:*:*:*:*:*

  • Configuration RedHat 1:
  • cpe:/a:redhat:rhel_extras:5:*:*:*:*:*:*:*

  • Configuration RedHat 2:
  • cpe:/a:redhat:rhel_extras:6:*:*:*:*:*:*:*

  • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:52002
    P
    Security update for haproxy (Critical)
    2023-02-14
    oval:org.opensuse.security:def:5302
    P
    Security update for postgresql12 (Important) (in QA)
    2022-08-31
    oval:org.opensuse.security:def:5335
    P
    Security update for postgresql10 (Important)
    2022-08-26
    oval:org.opensuse.security:def:5277
    P
    Security update for the Linux Kernel (Important)
    2022-06-20
    oval:org.opensuse.security:def:20150331
    V
    CVE-2015-0331
    2022-05-20
    oval:org.opensuse.security:def:6026
    P
    Security update for xen (Moderate)
    2022-05-03
    oval:org.opensuse.security:def:5366
    P
    Security update for flac (Moderate)
    2022-03-14
    oval:org.opensuse.security:def:5353
    P
    Security update for php72 (Moderate)
    2022-02-25
    oval:org.opensuse.security:def:5344
    P
    Security update for xen (Important)
    2022-02-17
    oval:org.opensuse.security:def:6004
    P
    Security update for MozillaFirefox (Important)
    2022-01-18
    oval:org.opensuse.security:def:10711
    P
    Security update for MozillaThunderbird (Important)
    2022-01-12
    oval:org.opensuse.security:def:5168
    P
    Security update for mozilla-nss (Important)
    2021-12-06
    oval:org.opensuse.security:def:5121
    P
    Security update for the Linux Kernel (Important)
    2021-09-23
    oval:org.opensuse.security:def:10692
    P
    Security update for ffmpeg (Important)
    2021-09-02
    oval:org.opensuse.security:def:5075
    P
    Security update for the Linux Kernel (Important)
    2021-07-14
    oval:org.opensuse.security:def:48718
    P
    flash-player-11.2.202.548-111.1 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:11534
    P
    flash-player-11.2.202.548-111.1 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:11513
    P
    cups-pk-helper-0.2.5-3.75 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:11535
    P
    freerdp-1.0.2-7.9 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:17049
    P
    flash-player-11.2.202.548-111.1 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:76830
    P
    flash-player-11.2.202.548-111.1 on GA media (Moderate)
    2021-06-08
    oval:org.opensuse.security:def:5053
    P
    Security update for gstreamer-plugins-bad (Important)
    2021-06-07
    oval:org.opensuse.security:def:10677
    P
    Security update for MozillaThunderbird (Moderate)
    2021-06-04
    oval:org.opensuse.security:def:51896
    P
    Security update for djvulibre (Important)
    2021-05-31
    oval:org.opensuse.security:def:5045
    P
    Security update for postgresql10 (Moderate)
    2021-05-27
    oval:org.opensuse.security:def:38103
    P
    Security update for clamav (Important)
    2021-04-14
    oval:org.opensuse.security:def:5202
    P
    Security update for openssl-1_1 (Important)
    2021-03-25
    oval:org.opensuse.security:def:5183
    P
    Security update for ImageMagick (Moderate)
    2021-02-19
    oval:org.opensuse.security:def:51723
    P
    Security update for the Linux Kernel (Live Patch 31 for SLE 12 SP3) (Important)
    2021-02-10
    oval:org.opensuse.security:def:51485
    P
    Security update for cyrus-sasl (Important)
    2020-12-28
    oval:org.opensuse.security:def:10584
    P
    Security update for MozillaThunderbird (Important)
    2020-12-07
    oval:org.opensuse.security:def:37587
    P
    libspice-server1 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:10853
    P
    systemtap-sdt-devel on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:37355
    P
    xalan-j2 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:10811
    P
    libxcb-composite0 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:52168
    P
    Security update for java-11-openjdk (Important)
    2020-12-01
    oval:org.opensuse.security:def:38894
    P
    flash-player on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:37688
    P
    sysvinit-tools on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:10862
    P
    xfig on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:10562
    P
    libwmf-0_2-7 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:52653
    P
    Security update for the Linux Kernel (Live Patch 2 for SLE 15) (Important)
    2020-12-01
    oval:org.opensuse.security:def:52453
    P
    Security update for tiff (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:37745
    P
    busybox on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:10875
    P
    aaa_base-malloccheck on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:52727
    P
    Security update for the Linux Kernel (Live Patch 9 for SLE 15) (Important)
    2020-12-01
    oval:org.opensuse.security:def:51323
    P
    Security update for vim (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:52561
    P
    Security update for the Linux Kernel (Important)
    2020-12-01
    oval:org.opensuse.security:def:37835
    P
    krb5-appl-clients on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:10630
    P
    Security update for xorg-x11-server (Important)
    2020-12-01
    oval:org.opensuse.security:def:52765
    P
    Security update for the Linux Kernel (Live Patch 15 for SLE 15) (Important)
    2020-12-01
    oval:org.opensuse.security:def:51345
    P
    Security update for freetype2 (Important)
    2020-12-01
    oval:org.opensuse.security:def:10554
    P
    libtiff-devel on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:37995
    P
    libz1 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:52846
    P
    Security update for the Linux Kernel (Live Patch 11 for SLE 15 SP1) (Important)
    2020-12-01
    oval:org.opensuse.security:def:38142
    P
    bubblewrap on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:37356
    P
    xdg-utils on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:38054
    P
    rrdtool on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:54122
    P
    squashfs on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:38170
    P
    dovecot22 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:37367
    P
    yast2-core on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:51322
    P
    Security update for jasper (Low)
    2020-12-01
    oval:org.opensuse.security:def:54196
    P
    flash-player on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:38214
    P
    gv on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:37451
    P
    grub2 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:10786
    P
    librsvg-devel on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:38852
    P
    gnome-shell-calendar on GA media (Moderate)
    2020-12-01
    oval:com.ubuntu.precise:def:20150331000
    V
    CVE-2015-0331 on Ubuntu 12.04 LTS (precise) - medium.
    2015-02-21
    oval:com.ubuntu.trusty:def:20150331000
    V
    CVE-2015-0331 on Ubuntu 14.04 LTS (trusty) - medium.
    2015-02-21
    oval:com.redhat.rhsa:def:20150140
    P
    RHSA-2015:0140: flash-plugin security update (Critical)
    2015-02-06
    BACK
    adobe flash player *
    adobe flash player 14.0.0.125
    adobe flash player 14.0.0.145
    adobe flash player 14.0.0.176
    adobe flash player 14.0.0.179
    adobe flash player 15.0.0.152
    adobe flash player 15.0.0.167
    adobe flash player 15.0.0.189
    adobe flash player 15.0.0.223
    adobe flash player 15.0.0.239
    adobe flash player 15.0.0.246
    adobe flash player 16.0.0.235
    adobe flash player 16.0.0.257
    adobe flash player 16.0.0.287
    adobe flash player 16.0.0.296
    apple mac os x -
    microsoft windows -
    adobe flash player *
    linux linux kernel -