Details of VAR-201505-0276

ID

VAR-201505-0276

CVE

CVE-2015-3081

TITLE

Adobe Flash Player and Adobe AIR In Internet Explorer Vulnerabilities that bypass protection mode protection mechanisms

Trust: 0.8

sources: JVNDB: JVNDB-2015-002610

DESCRIPTION

Race condition in Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188 on Windows and OS X and before 11.2.202.460 on Linux, Adobe AIR before 17.0.0.172, Adobe AIR SDK before 17.0.0.172, and Adobe AIR SDK & Compiler before 17.0.0.172 allows attackers to bypass the Internet Explorer Protected Mode protection mechanism via unspecified vectors. Adobe Flash Player and AIR are prone to an unspecified security-bypass vulnerability. Attackers can exploit this issue to bypass certain security restrictions and perform unauthorized actions; this may aid in launching further attacks. A race condition vulnerability exists in several Adobe products. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201505-02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Adobe Flash Player: Multiple vulnerabilities Date: May 31, 2015 Bugs: #549388 ID: 201505-02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in Adobe Flash Player, the worst of which allows remote attackers to execute arbitrary code. Background ========== The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 www-plugins/adobe-flash < 11.2.202.460 >= 11.2.202.460 Description =========== Multiple vulnerabilities have been discovered in Adobe Flash Player. Please review the CVE identifiers referenced below for details. Impact ====== A remote attacker could possibly execute arbitrary code with the privileges of the process, cause a Denial of Service condition, obtain sensitive information, or bypass security restrictions. Workaround ========== There is no known workaround at this time. Resolution ========== All Adobe Flash Player users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=www-plugins/adobe-flash-11.2.202.460" References ========== [ 1 ] CVE-2015-3044 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3044 [ 2 ] CVE-2015-3077 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3077 [ 3 ] CVE-2015-3078 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3078 [ 4 ] CVE-2015-3079 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3079 [ 5 ] CVE-2015-3080 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3080 [ 6 ] CVE-2015-3081 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3081 [ 7 ] CVE-2015-3082 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3082 [ 8 ] CVE-2015-3083 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3083 [ 9 ] CVE-2015-3084 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3084 [ 10 ] CVE-2015-3085 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3085 [ 11 ] CVE-2015-3086 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3086 [ 12 ] CVE-2015-3087 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3087 [ 13 ] CVE-2015-3088 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3088 [ 14 ] CVE-2015-3089 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3089 [ 15 ] CVE-2015-3090 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3090 [ 16 ] CVE-2015-3091 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3091 [ 17 ] CVE-2015-3092 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3092 [ 18 ] CVE-2015-3093 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3093 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201505-02 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2015 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5

Trust: 2.16

sources: NVD: CVE-2015-3081 // JVNDB: JVNDB-2015-002610 // BID: 74613 // VULHUB: VHN-81042 // VULMON: CVE-2015-3081 // PACKETSTORM: 132095

AFFECTED PRODUCTS

vendor:	adobe	model:	flash player	scope:	eq	version:	16.0.0.235	Trust: 1.6
vendor:	adobe	model:	flash player	scope:	eq	version:	16.0.0.287	Trust: 1.6
vendor:	adobe	model:	flash player	scope:	eq	version:	15.0.0.152	Trust: 1.6
vendor:	adobe	model:	flash player	scope:	eq	version:	15.0.0.189	Trust: 1.6
vendor:	adobe	model:	flash player	scope:	eq	version:	15.0.0.239	Trust: 1.6
vendor:	adobe	model:	flash player	scope:	eq	version:	17.0.0.134	Trust: 1.6
vendor:	adobe	model:	flash player	scope:	eq	version:	17.0.0.169	Trust: 1.6
vendor:	adobe	model:	flash player	scope:	eq	version:	15.0.0.223	Trust: 1.6
vendor:	adobe	model:	flash player	scope:	eq	version:	16.0.0.296	Trust: 1.6
vendor:	adobe	model:	flash player	scope:	eq	version:	15.0.0.246	Trust: 1.6
vendor:	adobe	model:	flash player	scope:	eq	version:	14.0.0.176	Trust: 1.0
vendor:	adobe	model:	air	scope:	lte	version:	17.0.0.144	Trust: 1.0
vendor:	adobe	model:	flash player	scope:	eq	version:	14.0.0.125	Trust: 1.0
vendor:	adobe	model:	air sdk \& compiler	scope:	lte	version:	17.0.0.144	Trust: 1.0
vendor:	adobe	model:	flash player	scope:	lte	version:	13.0.0.264	Trust: 1.0
vendor:	adobe	model:	flash player	scope:	lte	version:	11.2.202.475	Trust: 1.0
vendor:	adobe	model:	air sdk	scope:	lte	version:	17.0.0.144	Trust: 1.0
vendor:	adobe	model:	flash player	scope:	eq	version:	16.0.0.257	Trust: 1.0
vendor:	adobe	model:	flash player	scope:	eq	version:	14.0.0.145	Trust: 1.0
vendor:	adobe	model:	flash player	scope:	eq	version:	14.0.0.179	Trust: 1.0
vendor:	adobe	model:	flash player	scope:	eq	version:	15.0.0.167	Trust: 1.0
vendor:	google	model:	chrome	scope:	lt	version:	42.0.2311.152 (windows/machintosh/linux)	Trust: 0.8
vendor:	adobe	model:	air	scope:	lt	version:	desktop runtime 17.0.0.172 (windows/macintosh)	Trust: 0.8
vendor:	adobe	model:	air sdk	scope:	lt	version:	& compiler 17.0.0.172 (windows/macintosh/android/ios)	Trust: 0.8
vendor:	adobe	model:	air sdk	scope:	lt	version:	17.0.0.172 (windows/macintosh/android/ios)	Trust: 0.8
vendor:	adobe	model:	flash player	scope:	lt	version:	11.2.202.460 (linux)	Trust: 0.8
vendor:	adobe	model:	flash player	scope:	lt	version:	17.0.0.188 (internet explorer 10/11)	Trust: 0.8
vendor:	adobe	model:	flash player	scope:	lt	version:	17.0.0.188 (windows/machintosh/linux edition chrome)	Trust: 0.8
vendor:	adobe	model:	flash player	scope:	lt	version:	desktop runtime 17.0.0.188 (windows/macintosh)	Trust: 0.8
vendor:	adobe	model:	flash player	scope:	lt	version:	continuous support release 13.0.0.289 (windows/macintosh)	Trust: 0.8
vendor:	microsoft	model:	internet explorer	scope:	eq	version:	10 (windows 8/windows server 2012/windows rt)	Trust: 0.8
vendor:	microsoft	model:	internet explorer	scope:	eq	version:	11 (windows 8.1/windows server 2012 r2/windows rt 8.1)	Trust: 0.8
vendor:	gentoo	model:	linux	scope:	-	version:	-	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.1.53.64	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.1.51.66	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.0.452	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.0.3218	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.0.22.87	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.0.15.3	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.0.12.36	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.0.12.35	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	9.0.262	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	9.0.2460	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	9.0.152.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	9.0.151.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	9.0.124.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	9.0.48.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	9.0.47.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	9.0.45.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	9.0.31.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	9.0.289.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	9.0.283.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	9.0.280	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	9.0.28.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	9.0.277.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	9.0.262.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	9.0.260.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	9.0.246.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	9.0.159.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	9.0.155.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	9.0.115.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	9	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	8.0.35.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	8.0.34.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	8	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	7.0.73.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	7.0.70.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	7.0.69.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	7.0.68.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	7.0.67.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	7.0.66.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	7.0.61.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	7.0.60.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	7.0.53.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	7.0.24.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	7.0.19.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	7.0.14.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	7	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	6.0.79	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	6.0.21.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.2.202.235	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.2.202.233	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.2.202.229	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.2.202.228	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.2.202.223	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.1.115.8	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.1.115.7	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.1.115.6	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.1.112.61	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.1.111.9	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.1.111.8	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.1.111.7	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.1.111.6	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.1.111.5	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.1.102.63	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.1.102.62	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.1.102.55	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.1.102.228	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.0.1.152	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.3.186.7	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.3.186.6	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.3.186.3	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.3.186.2	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.3.185.25	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.3.185.23	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.3.185.22	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.3.185.21	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.3.183.7	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.3.183.5	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.3.183.4	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.3.183.10	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.3.181.34	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.3.181.26	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.3.181.23	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.3.181.22	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.3.181.16	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.3.181.14	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.2.159.1	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.2.157.51	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.2.156.12	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.2.154.28	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.2.154.27	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.2.154.25	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.2.154.24	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.2.154.18	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.2.154.13	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.2.153.1	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.2.152.33	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.2.152.32	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.2.152.21	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.2.152	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.1.95.2	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.1.95.1	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.1.92.8	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.1.92.10	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.1.85.3	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.1.82.76	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.1.52.15	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.1.52.14.1	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.1.106.16	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.1.105.6	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.1.102.65	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.1.102.64	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.0.42.34	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.0.32.18	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	2.0.4	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	2.0.3	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	1.5.3.9130	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	1.5.3.9120	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	1.5.3	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	1.5.2	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	1.5.1	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	3.2.0.2080	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	3.2.0.2070	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	3.1.0.4880	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	3.0	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	2.7.1.1961	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	2.7.1	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	2.7	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	2.6.19140	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	2.6.19120	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	2.6	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	2.5.1	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	2.0.2.12610	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	2.0.2	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	1.5	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	1.1	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	1.01	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	1.0	Trust: 0.3

sources: BID: 74613 // JVNDB: JVNDB-2015-002610 // CNNVD: CNNVD-201505-194 // NVD: CVE-2015-3081

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2015-3081
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2015-3081
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201505-194
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-81042
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2015-3081
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2015-3081
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-81042
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-81042 // VULMON: CVE-2015-3081 // JVNDB: JVNDB-2015-002610 // CNNVD: CNNVD-201505-194 // NVD: CVE-2015-3081

PROBLEMTYPE DATA

problemtype:

CWE-362

Trust: 1.9

sources: VULHUB: VHN-81042 // JVNDB: JVNDB-2015-002610 // NVD: CVE-2015-3081

THREAT TYPE

remote

Trust: 0.7

sources: PACKETSTORM: 132095 // CNNVD: CNNVD-201505-194

TYPE

competitive condition

Trust: 0.6

sources: CNNVD: CNNVD-201505-194

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-002610

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-81042 // VULMON: CVE-2015-3081

PATCH

title:	APSB15-09	url:	http://helpx.adobe.com/security/products/flash-player/apsb15-09.html	Trust: 0.8
title:	APSB15-09	url:	http://helpx.adobe.com/jp/security/products/flash-player/apsb15-09.html	Trust: 0.8
title:	Google Chrome	url:	https://www.google.com/intl/ja/chrome/browser/features.html	Trust: 0.8
title:	Stable Channel Update	url:	http://googlechromereleases.blogspot.jp/2015/05/stable-channel-update.html	Trust: 0.8
title:	Update for Vulnerabilities in Adobe Flash Player in Internet Explorer (2755801)	url:	https://technet.microsoft.com/en-us/library/security/2755801	Trust: 0.8
title:	Internet Explorer 上の Adobe Flash Player の脆弱性に対応する更新プログラム (2755801)	url:	https://technet.microsoft.com/ja-jp/library/security/2755801	Trust: 0.8
title:	アドビシステムズ社 Adobe Flash Player の脆弱性に関するお知らせ	url:	http://www.fmworld.net/biz/common/adobe/20150514f.html	Trust: 0.8
title:	CVE-Study	url:	https://github.com/thdusdl1219/CVE-Study	Trust: 0.1

sources: VULMON: CVE-2015-3081 // JVNDB: JVNDB-2015-002610

EXTERNAL IDS

db:	NVD	id:	CVE-2015-3081	Trust: 3.0
db:	BID	id:	74613	Trust: 1.5
db:	EXPLOIT-DB	id:	37842	Trust: 1.2
db:	SECTRACK	id:	1032285	Trust: 1.2
db:	JVNDB	id:	JVNDB-2015-002610	Trust: 0.8
db:	CNNVD	id:	CNNVD-201505-194	Trust: 0.7
db:	PACKETSTORM	id:	133169	Trust: 0.1
db:	PACKETSTORM	id:	133159	Trust: 0.1
db:	VULHUB	id:	VHN-81042	Trust: 0.1
db:	VULMON	id:	CVE-2015-3081	Trust: 0.1
db:	PACKETSTORM	id:	132095	Trust: 0.1

sources: VULHUB: VHN-81042 // VULMON: CVE-2015-3081 // BID: 74613 // JVNDB: JVNDB-2015-002610 // PACKETSTORM: 132095 // CNNVD: CNNVD-201505-194 // NVD: CVE-2015-3081

REFERENCES

url:	https://helpx.adobe.com/security/products/flash-player/apsb15-09.html	Trust: 1.8
url:	https://www.exploit-db.com/exploits/37842/	Trust: 1.3
url:	https://security.gentoo.org/glsa/201505-02	Trust: 1.3
url:	http://www.securityfocus.com/bid/74613	Trust: 1.2
url:	http://www.securitytracker.com/id/1032285	Trust: 1.2
url:	http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00007.html	Trust: 1.2
url:	http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00010.html	Trust: 1.2
url:	http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00016.html	Trust: 1.2
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3081	Trust: 0.8
url:	http://www.ipa.go.jp/security/ciadr/vul/20150513-adobeflashplayer.html	Trust: 0.8
url:	http://www.jpcert.or.jp/at/2015/at150013.html	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-3081	Trust: 0.8
url:	http://www.npa.go.jp/cyberpolice/topics/?seq=16277	Trust: 0.8
url:	http://www.adobe.com	Trust: 0.3
url:	https://cwe.mitre.org/data/definitions/362.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	http://tools.cisco.com/security/center/viewalert.x?alertid=39022	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-3088	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-3077	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-3081	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-3084	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-3084	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-3089	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-3091	Trust: 0.1
url:	https://security.gentoo.org/	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-3080	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-3086	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-3082	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-3087	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-3082	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-3078	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-3089	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-3090	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-3087	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-3079	Trust: 0.1
url:	http://creativecommons.org/licenses/by-sa/2.5	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-3092	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-3083	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-3080	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-3093	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-3083	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-3091	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-3085	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-3085	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-3044	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-3079	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-3086	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-3077	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-3044	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-3093	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-3090	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-3092	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-3088	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-3081	Trust: 0.1
url:	https://bugs.gentoo.org.	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-3078	Trust: 0.1

sources: VULHUB: VHN-81042 // VULMON: CVE-2015-3081 // BID: 74613 // JVNDB: JVNDB-2015-002610 // PACKETSTORM: 132095 // CNNVD: CNNVD-201505-194 // NVD: CVE-2015-3081

CREDITS

Jihui Lu of KeenTeam

Trust: 0.3

sources: BID: 74613

SOURCES

db:	VULHUB	id:	VHN-81042
db:	VULMON	id:	CVE-2015-3081
db:	BID	id:	74613
db:	JVNDB	id:	JVNDB-2015-002610
db:	PACKETSTORM	id:	132095
db:	CNNVD	id:	CNNVD-201505-194
db:	NVD	id:	CVE-2015-3081

LAST UPDATE DATE

2024-11-23T20:19:02.441000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-81042	date:	2017-09-17T00:00:00
db:	VULMON	id:	CVE-2015-3081	date:	2017-09-17T00:00:00
db:	BID	id:	74613	date:	2015-07-15T00:21:00
db:	JVNDB	id:	JVNDB-2015-002610	date:	2015-05-15T00:00:00
db:	CNNVD	id:	CNNVD-201505-194	date:	2015-05-14T00:00:00
db:	NVD	id:	CVE-2015-3081	date:	2024-11-21T02:28:37.843

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-81042	date:	2015-05-13T00:00:00
db:	VULMON	id:	CVE-2015-3081	date:	2015-05-13T00:00:00
db:	BID	id:	74613	date:	2015-05-12T00:00:00
db:	JVNDB	id:	JVNDB-2015-002610	date:	2015-05-15T00:00:00
db:	PACKETSTORM	id:	132095	date:	2015-06-01T23:39:55
db:	CNNVD	id:	CNNVD-201505-194	date:	2015-05-14T00:00:00
db:	NVD	id:	CVE-2015-3081	date:	2015-05-13T11:00:13.563