Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, as exploited in the wild in April 2015, a different vulnerability than CVE-2015-0347, CVE-2015-0350, CVE-2015-0352, CVE-2015-0353, CVE-2015-0354, CVE-2015-0355, CVE-2015-0360, CVE-2015-3038, CVE-2015-3041, and CVE-2015-3042.
Published 2015-04-14 22:59:21
Updated 2018-10-30 16:27:36
View at NVD,   CVE.org
Vulnerability category: Memory CorruptionExecute codeDenial of service

CVE-2015-3043 is in the CISA Known Exploited Vulnerabilities Catalog

CISA vulnerability name:
Adobe Flash Player Memory Corruption Vulnerability
CISA required action:
The impacted product is end-of-life and should be disconnected if still in use.
CISA description:
A memory corruption vulnerability exists in Adobe Flash Player that allows an attacker to perform remote code execution.
Added on 2022-03-03 Action due date 2022-03-24

Exploit prediction scoring system (EPSS) score for CVE-2015-3043

Probability of exploitation activity in the next 30 days: 2.53%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 90 % EPSS Score History EPSS FAQ

Metasploit modules for CVE-2015-3043

  • Adobe Flash Player Nellymoser Audio Decoding Buffer Overflow
    Disclosure Date: 2015-06-23
    First seen: 2020-04-26
    exploit/multi/browser/adobe_flash_nellymoser_bof
    This module exploits a buffer overflow on Adobe Flash Player when handling nellymoser encoded audio inside a FLV video, as exploited in the wild on June 2015. This module has been tested successfully on: Windows 7 SP1 (32-bit), IE11 and Adobe Flash 18.0.0.160,

CVSS scores for CVE-2015-3043

Base Score Base Severity CVSS Vector Exploitability Score Impact Score Score Source
10.0
HIGH AV:N/AC:L/Au:N/C:C/I:C/A:C
10.0
10.0
NIST

References for CVE-2015-3043

Products affected by CVE-2015-3043

This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!