Vulnerability Details : CVE-2015-3105
Public exploit exists!
Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160 on Windows and OS X and before 11.2.202.466 on Linux, Adobe AIR before 18.0.0.144 on Windows and before 18.0.0.143 on OS X and Android, Adobe AIR SDK before 18.0.0.144 on Windows and before 18.0.0.143 on OS X, and Adobe AIR SDK & Compiler before 18.0.0.144 on Windows and before 18.0.0.143 on OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
Vulnerability category: OverflowMemory CorruptionExecute codeDenial of service
Exploit prediction scoring system (EPSS) score for CVE-2015-3105
Probability of exploitation activity in the next 30 days: 97.38%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 100 % EPSS Score History EPSS FAQ
Metasploit modules for CVE-2015-3105
-
Adobe Flash Player Drawing Fill Shader Memory Corruption
Disclosure Date: 2015-05-12First seen: 2020-04-26exploit/multi/browser/adobe_flash_shader_drawing_fillThis module exploits a memory corruption happening when applying a Shader as a drawing fill as exploited in the wild on June 2015. This module has been tested successfully on: Windows 7 SP1 (32-bit), IE11 and Adobe Flash 17.0.0.188, Windows 7 SP1 (32-bit), Firefox 3
CVSS scores for CVE-2015-3105
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST |
CWE ids for CVE-2015-3105
-
The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.Assigned by: nvd@nist.gov (Primary)
References for CVE-2015-3105
-
http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00011.html
[security-announce] openSUSE-SU-2015:1061-1: important: Security update
-
http://rhn.redhat.com/errata/RHSA-2015-1086.html
RHSA-2015:1086 - Security Advisory - Red Hat Customer Portal
-
https://helpx.adobe.com/security/products/flash-player/apsb15-11.html
Adobe Security BulletinPatch;Vendor Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00009.html
[security-announce] openSUSE-SU-2015:1047-1: important: Security update
-
http://www.securityfocus.com/bid/75086
Adobe Flash Player and AIR CVE-2015-3105 Unspecified Memory Corruption Vulnerability
-
http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00005.html
[security-announce] SUSE-SU-2015:1043-1: important: Security update for
-
https://security.gentoo.org/glsa/201506-01
Adobe Flash Player: Multiple vulnerabilities (GLSA 201506-01) — Gentoo security
-
http://www.securitytracker.com/id/1032519
Adobe Flash Player Multiple Bugs Let Remote Users Bypass ASLR, Obtain Potentially Sensitive Information, and Execute Arbitrary Code - SecurityTracker
Products affected by CVE-2015-3105
- cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:14.0.0.125:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:14.0.0.145:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:14.0.0.179:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:14.0.0.176:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:15.0.0.246:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:15.0.0.152:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:16.0.0.257:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:16.0.0.287:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:15.0.0.167:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:15.0.0.189:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:16.0.0.296:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:17.0.0.134:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:17.0.0.169:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:16.0.0.235:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:15.0.0.223:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:15.0.0.239:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:17.0.0.188:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:air:*:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:air:*:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:air_sdk_\&_compiler:*:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:air_sdk:*:*:*:*:*:*:*:*
- cpe:2.3:o:google:android:*:*:*:*:*:*:*:*