Vulnerability Details : CVE-2015-3113
Public exploit exists!
Heap-based buffer overflow in Adobe Flash Player before 13.0.0.296 and 14.x through 18.x before 18.0.0.194 on Windows and OS X and before 11.2.202.468 on Linux allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in June 2015.
Vulnerability category: OverflowExecute code
CVE-2015-3113 is in the CISA Known Exploited Vulnerabilities Catalog
CISA vulnerability name:
Adobe Flash Player Heap-Based Buffer Overflow Vulnerability
CISA required action:
The impacted product is end-of-life and should be disconnected if still in use.
CISA description:
Heap-based buffer overflow vulnerability in Adobe Flash Player allows remote attackers to execute code.
Added on
2022-04-13
Action due date
2022-05-04
Exploit prediction scoring system (EPSS) score for CVE-2015-3113
Probability of exploitation activity in the next 30 days: 96.10%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 99 % EPSS Score History EPSS FAQ
Metasploit modules for CVE-2015-3113
-
Adobe Flash Player Nellymoser Audio Decoding Buffer Overflow
Disclosure Date: 2015-06-23First seen: 2020-04-26exploit/multi/browser/adobe_flash_nellymoser_bofThis module exploits a buffer overflow on Adobe Flash Player when handling nellymoser encoded audio inside a FLV video, as exploited in the wild on June 2015. This module has been tested successfully on: Windows 7 SP1 (32-bit), IE11 and Adobe Flash 18.0.0.160,
CVSS scores for CVE-2015-3113
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST |
CWE ids for CVE-2015-3113
-
The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.Assigned by: nvd@nist.gov (Primary)
References for CVE-2015-3113
-
http://www.securityfocus.com/bid/75371
Adobe Flash Player CVE-2015-3113 Unspecified Heap Buffer Overflow Vulnerability
-
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04952467
HPSBHF03538 rev.1 - HPE iMC Service Health Manager (SHM) and iMC PLAT running Adobe Flash, Remote Code Execution, Denial of Service (DoS)
-
https://bugzilla.suse.com/show_bug.cgi?id=935701
Bug 935701 – VUL-0: CVE-2015-3113: flash-player: 11.2.202.468 release
-
https://helpx.adobe.com/security/products/flash-player/apsb15-14.html
Adobe Security BulletinPatch;Vendor Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00002.html
[security-announce] openSUSE-SU-2015:1180-1: important: Security update
-
https://www.suse.com/security/cve/CVE-2015-3113.html
CVE-2015-3113 | SUSE
-
http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00025.html
[security-announce] openSUSE-SU-2015:1148-1: important: Security update
-
https://security.gentoo.org/glsa/201507-13
Adobe Flash Player: Multiple vulnerabilities (GLSA 201507-13) — Gentoo security
-
http://rhn.redhat.com/errata/RHSA-2015-1184.html
RHSA-2015:1184 - Security Advisory - Red Hat Customer Portal
-
http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00020.html
[security-announce] SUSE-SU-2015:1136-1: important: Security update for
-
http://marc.info/?l=bugtraq&m=144050155601375&w=2
'[security bulletin] HPSBMU03409 rev.1 - HP Matrix Operating Environment, Multiple Vulnerabilities' - MARC
-
https://bugzilla.redhat.com/show_bug.cgi?id=1235036
1235036 – (CVE-2015-3113) CVE-2015-3113 flash-plugin: code execution issue fixed in APSB15-14
-
http://www.securitytracker.com/id/1032696
Adobe Flash Player Heap Overflow Lets Remote Users Execute Arbitrary Code - SecurityTracker
Products affected by CVE-2015-3113
- cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:14.0.0.125:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:14.0.0.145:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:14.0.0.179:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:14.0.0.176:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:15.0.0.246:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:15.0.0.152:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:16.0.0.257:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:16.0.0.287:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:15.0.0.167:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:15.0.0.189:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:16.0.0.296:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:17.0.0.134:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:17.0.0.169:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:16.0.0.235:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:15.0.0.223:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:15.0.0.239:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:17.0.0.188:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:18.0.0.161:*:*:*:*:*:*:*