Vulnerability Details : CVE-2015-0311
Public exploit exists!
Unspecified vulnerability in Adobe Flash Player through 13.0.0.262 and 14.x, 15.x, and 16.x through 16.0.0.287 on Windows and OS X and through 11.2.202.438 on Linux allows remote attackers to execute arbitrary code via unknown vectors, as exploited in the wild in January 2015.
Vulnerability category: Execute code
CVE-2015-0311 is in the CISA Known Exploited Vulnerabilities Catalog
CISA vulnerability name:
Adobe Flash Player Remote Code Execution Vulnerability
CISA required action:
The impacted product is end-of-life and should be disconnected if still in use.
CISA description:
Unspecified vulnerability in Adobe Flash Player allows remote attackers to execute code.
Added on
2022-04-13
Action due date
2022-05-04
Exploit prediction scoring system (EPSS) score for CVE-2015-0311
Probability of exploitation activity in the next 30 days: 97.28%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 100 % EPSS Score History EPSS FAQ
Metasploit modules for CVE-2015-0311
-
Adobe Flash Player ByteArray UncompressViaZlibVariant Use After Free
Disclosure Date: 2014-04-28First seen: 2020-04-26exploit/multi/browser/adobe_flash_uncompress_zlib_uafThis module exploits a use after free vulnerability in Adobe Flash Player. The vulnerability occurs in the ByteArray::UncompressViaZlibVariant method, when trying to uncompress() a malformed byte stream. This module has been tested successfully on: * Windows
CVSS scores for CVE-2015-0311
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST |
References for CVE-2015-0311
-
http://security.gentoo.org/glsa/glsa-201502-02.xml
Adobe Flash Player: Multiple vulnerabilities (GLSA 201502-02) — Gentoo security
-
https://technet.microsoft.com/library/security/2755801
Microsoft Security Advisory 2755801 | Microsoft Docs
-
http://www.securityfocus.com/bid/72283
-
http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00027.html
-
http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00031.html
-
http://helpx.adobe.com/security/products/flash-player/apsa15-01.html
Adobe Security BulletinPatch;Vendor Advisory
-
http://helpx.adobe.com/security/products/flash-player/apsb15-03.html
Adobe Security Bulletin
-
http://www.securitytracker.com/id/1031597
Adobe Flash Player Use-After-Free Memory Error Lets Remote Users Execute Arbitrary Code - SecurityTracker
-
http://malware.dontneedcoffee.com/2015/01/unpatched-vulnerability-0day-in-flash.html
Unpatched Vulnerability (0day) in Flash Player is being exploited by Angler EK
Products affected by CVE-2015-0311
- cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:14.0.0.125:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:14.0.0.145:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:14.0.0.179:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:14.0.0.176:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:15.0.0.246:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:15.0.0.152:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:16.0.0.257:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:16.0.0.287:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:15.0.0.167:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:15.0.0.189:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:16.0.0.235:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:15.0.0.223:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:15.0.0.239:*:*:*:*:*:*:*