| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 7.0 | $0-$5k | 0.00 |
Summary
A vulnerability labeled as problematic has been found in Adobe Flash Player up to 16.0.0.257. This issue affects some unknown processing of the component ASLR. The manipulation results in access control. This vulnerability is known as CVE-2015-0310. Furthermore, an exploit is available. The affected component should be upgraded.
Details
A vulnerability was found in Adobe Flash Player up to 16.0.0.257 (Multimedia Player Software). It has been classified as critical. Affected is an unknown part of the component ASLR. The manipulation with an unknown input leads to a access control vulnerability. CWE is classifying the issue as CWE-264. This is going to have an impact on confidentiality, integrity, and availability.
The weakness was published 01/22/2015 by Yang DingningTimo Hirvonen and Kafeine as apsb15-02 as confirmed advisory (Website) via Chromium Vulnerability Rewards Program. The advisory is shared for download at helpx.adobe.com. This vulnerability is traded as CVE-2015-0310 since 12/01/2014. It is possible to launch the attack remotely. The exploitation doesn't require any form of authentication. Technical details are unknown but an exploit is available. The MITRE ATT&CK project declares the attack technique as T1068.
It is declared as attacked. The vulnerability scanner Nessus provides a plugin with the ID 80984 (openSUSE Security Update : flash-player (openSUSE-SU-2015:0110-1)), which helps to determine the existence of the flaw in a target environment. It is assigned to the family SuSE Local Security Checks. The commercial vulnerability scanner Qualys is able to test this issue with plugin 167516 (OpenSuSE Security Update for flash-player (openSUSE-SU-2015:0174-1)). This issue was added on 05/25/2022 to the CISA Known Exploited Vulnerabilities Catalog with a due date of 06/15/2022:
The impacted product is end-of-life and should be disconnected if still in use.Upgrading to version 16.0.0.287 eliminates this vulnerability. A possible mitigation has been published immediately after the disclosure of the vulnerability. Furthermore it is possible to detect and prevent this kind of attack with TippingPoint and the filter 19288.
The vulnerability is also documented in the databases at Zero-Day.cz (172), Tenable (80984), SecurityFocus (BID 72261†), Secunia (SA62452†) and SecurityTracker (ID 1031609†). Similar entry is available at VDB-68818. VulDB is the best source for vulnerability data and more expert information about this specific topic.
Product
Type
Vendor
Name
Version
License
Support
Website
- Vendor: https://www.adobe.com/
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 7.3VulDB Meta Temp Score: 7.0
VulDB Base Score: 7.3
VulDB Temp Score: 7.0
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Access controlCWE: CWE-264
CAPEC: 🔍
ATT&CK: 🔍
Physical: No
Local: No
Remote: Yes
Availability: 🔍
Status: Attacked
EPSS Score: 🔍
EPSS Percentile: 🔍
KEV Added: 🔍
KEV Due: 🔍
KEV Remediation: 🔍
KEV Ransomware: 🔍
KEV Notice: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Nessus ID: 80984
Nessus Name: openSUSE Security Update : flash-player (openSUSE-SU-2015:0110-1)
Nessus File: 🔍
Nessus Risk: 🔍
Nessus Family: 🔍
Nessus Port: 🔍
OpenVAS ID: 802940
OpenVAS Name: Adobe Flash Player Unspecified Memory Corruption Vulnerability - Jan15 (Windows)
OpenVAS File: 🔍
OpenVAS Family: 🔍
Qualys ID: 🔍
Qualys Name: 🔍
Zero-Day.cz: 🔍
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
Reaction Time: 🔍
0-Day Time: 🔍
Exposure Time: 🔍
Upgrade: Flash Player 16.0.0.287
TippingPoint: 🔍
McAfee IPS: 🔍
McAfee IPS Version: 🔍
ISS Proventia IPS: 🔍
Fortigate IPS: 🔍
Timeline
12/01/2014 🔍01/21/2015 🔍
01/22/2015 🔍
01/22/2015 🔍
01/22/2015 🔍
01/22/2015 🔍
01/23/2015 🔍
01/23/2015 🔍
01/25/2015 🔍
01/26/2015 🔍
01/06/2025 🔍
Sources
Vendor: adobe.comAdvisory: apsb15-02
Researcher: Yang DingningTimo Hirvonen, Kafeine
Status: Confirmed
Confirmation: 🔍
CVE: CVE-2015-0310 (🔍)
GCVE (CVE): GCVE-0-2015-0310
GCVE (VulDB): GCVE-100-68820
OVAL: 🔍
SecurityFocus: 72261
Secunia: 62452 - Adobe Flash Player Memory Randomization Security Bypass Vulnerability, Highly Critical
SecurityTracker: 1031609 - Adobe Flash Player Memory Leak Lets Remote Users Bypass Address Randomization
Vulnerability Center: 48218 - [APSB15-02] Adobe Flash Player and ESR Remote Code Execution Vulnerability - CVE-2015-0310, Critical
scip Labs: https://www.scip.ch/en/?labs.20161013
See also: 🔍
Entry
Created: 01/25/2015 23:35Updated: 01/06/2025 21:33
Changes: 01/25/2015 23:35 (80), 06/18/2017 09:32 (11), 03/05/2022 21:12 (3), 03/05/2022 21:20 (1), 04/26/2024 16:36 (26), 07/10/2024 12:52 (2), 09/09/2024 22:30 (1), 01/06/2025 21:33 (1)
Complete: 🔍
Cache ID: 216:3D6:103
No comments yet. Languages: en.
Please log in to comment.