CVE-2015-0301

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2015-0301
Adobe Flash Player before 13.0.0.260 and 14.x through 16.x before 16.0.0.257 on Windows and OS X and before 11.2.202.429 on Linux, Adobe AIR before 16.0.0.245 on Windows and OS X and before 16.0.0.272 on Android, Adobe AIR SDK before 16.0.0.272, and Adobe AIR SDK & Compiler before 16.0.0.272 do not properly validate files, which has unspecified impact and attack vectors.

10.0 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References
Link Resource
http://helpx.adobe.com/security/products/flash-player/apsb15-01.html Vendor Advisory
http://secunia.com/advisories/62177
http://secunia.com/advisories/62187
http://secunia.com/advisories/62252
http://secunia.com/advisories/62371
http://secunia.com/advisories/62740
http://security.gentoo.org/glsa/glsa-201502-02.xml
http://www.securityfocus.com/bid/72034
http://www.securitytracker.com/id/1031525
https://exchange.xforce.ibmcloud.com/vulnerabilities/99981
Configurations

Configuration 1 (hide)

cpe:2.3:a:adobe:adobe_air_sdk_and_compiler:*:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:a:adobe:adobe_air:*:*:*:*:*:android:*:*

Configuration 3 (hide)

AND
cpe:2.3:a:adobe:adobe_air:*:*:*:*:*:*:*:*
OR cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*

Configuration 4 (hide)

cpe:2.3:a:adobe:adobe_air_sdk:*:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:a:adobe:flash_player:11.2.202.425:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
OR cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:14.0.0.125:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:14.0.0.145:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:14.0.0.176:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:14.0.0.179:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:15.0.0.144:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:15.0.0.152:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:15.0.0.167:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:15.0.0.189:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:15.0.0.223:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:15.0.0.238:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:15.0.0.239:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:15.0.0.246:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:16.0.0.234:*:*:*:*:*:*:*
cpe:2.3:a:adobe:flash_player:16.0.0.235:*:*:*:*:*:*:*
OR cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*
History

No history.

Information

Published : 2015-01-13 23:59

Updated : 2024-02-04 18:35

NVD link : CVE-2015-0301

Mitre link : CVE-2015-0301

CVE.ORG link : CVE-2015-0301

JSON object : View

Products Affected

microsoft

  • windows

adobe

  • adobe_air_sdk
  • adobe_air
  • adobe_air_sdk_and_compiler
  • flash_player

linux

  • linux_kernel

apple

  • mac_os_x
CWE
CWE-20

Improper Input Validation