Details of VAR-201506-0074

ID

VAR-201506-0074

CVE

CVE-2015-3108

TITLE

Adobe Flash Player and Adobe AIR In ASLR Vulnerabilities that circumvent protection mechanisms

Trust: 0.8

sources: JVNDB: JVNDB-2015-002989

DESCRIPTION

Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160 on Windows and OS X and before 11.2.202.466 on Linux, Adobe AIR before 18.0.0.144 on Windows and before 18.0.0.143 on OS X and Android, Adobe AIR SDK before 18.0.0.144 on Windows and before 18.0.0.143 on OS X, and Adobe AIR SDK & Compiler before 18.0.0.144 on Windows and before 18.0.0.143 on OS X do not properly restrict discovery of memory addresses, which allows attackers to bypass the ASLR protection mechanism via unspecified vectors. Adobe Flash Player and Adobe AIR Does not properly limit memory address detection, ASLR A vulnerability exists that bypasses the protection mechanism.By the attacker, ASLR Protection mechanisms may be bypassed. An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions; this may aid in launching further attacks. Attackers can exploit this vulnerability to bypass the established ASLR protection mechanism and take control of the affected system. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: flash-plugin security update Advisory ID: RHSA-2015:1086-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-1086.html Issue date: 2015-06-10 CVE Names: CVE-2015-3096 CVE-2015-3098 CVE-2015-3099 CVE-2015-3100 CVE-2015-3102 CVE-2015-3103 CVE-2015-3104 CVE-2015-3105 CVE-2015-3106 CVE-2015-3107 CVE-2015-3108 ===================================================================== 1. Summary: An updated Adobe Flash Player package that fixes multiple security issues is now available for Red Hat Enterprise Linux 5 and 6 Supplementary. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. These vulnerabilities are detailed in the Adobe Security Bulletin APSB15-11 listed in the References section. Multiple flaws were found in the way flash-plugin displayed certain SWF content. An attacker could use these flaws to create a specially crafted SWF file that would cause flash-plugin to crash or, potentially, execute arbitrary code when the victim loaded a page containing the malicious SWF content. (CVE-2015-3100, CVE-2015-3103, CVE-2015-3104, CVE-2015-3105, CVE-2015-3106, CVE-2015-3107) Multiple security bypass flaws were found in flash-plugin that could lead to the disclosure of sensitive information. (CVE-2015-3096, CVE-2015-3098, CVE-2015-3099, CVE-2015-3102) A memory information leak flaw was found in flash-plugin that could allow an attacker to potentially bypass ASLR (Address Space Layout Randomization) protection, and make it easier to exploit other flaws. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1229879 - CVE-2015-3100 CVE-2015-3103 CVE-2015-3104 CVE-2015-3105 CVE-2015-3106 CVE-2015-3107 flash-plugin: multiple code execution issues fixed in APSB15-11 1230185 - CVE-2015-3096 flash-plugin: cross-site request forgery against JSONP endpoints fixed in APSB15-11 (incomplete fix for CVE-2014-5333) 1230189 - CVE-2015-3098 CVE-2015-3099 CVE-2015-3102 flash-plugin: same-origin-policy bypass fixed in APSB15-11 1230201 - CVE-2015-3108 flash-plugin: information leak leading to ASLR bypass (APSB15-11) 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 5): i386: flash-plugin-11.2.202.466-1.el5.i386.rpm x86_64: flash-plugin-11.2.202.466-1.el5.i386.rpm Red Hat Enterprise Linux Server Supplementary (v. 5): i386: flash-plugin-11.2.202.466-1.el5.i386.rpm x86_64: flash-plugin-11.2.202.466-1.el5.i386.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: flash-plugin-11.2.202.466-1.el6_6.i686.rpm x86_64: flash-plugin-11.2.202.466-1.el6_6.i686.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: flash-plugin-11.2.202.466-1.el6_6.i686.rpm x86_64: flash-plugin-11.2.202.466-1.el6_6.i686.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: flash-plugin-11.2.202.466-1.el6_6.i686.rpm x86_64: flash-plugin-11.2.202.466-1.el6_6.i686.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-3096 https://access.redhat.com/security/cve/CVE-2015-3098 https://access.redhat.com/security/cve/CVE-2015-3099 https://access.redhat.com/security/cve/CVE-2015-3100 https://access.redhat.com/security/cve/CVE-2015-3102 https://access.redhat.com/security/cve/CVE-2015-3103 https://access.redhat.com/security/cve/CVE-2015-3104 https://access.redhat.com/security/cve/CVE-2015-3105 https://access.redhat.com/security/cve/CVE-2015-3106 https://access.redhat.com/security/cve/CVE-2015-3107 https://access.redhat.com/security/cve/CVE-2015-3108 https://access.redhat.com/security/updates/classification/#critical https://helpx.adobe.com/security/products/flash-player/apsb15-11.html 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFVeE7EXlSAg2UNWIIRAlOpAJ9RuYMo4MW/E5iT60nzKf7DrOrZjwCgoZXa u416jfOUFziDYbxIZyHYjaI= =EMNe -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . Background ========== The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Please review the CVE identifiers referenced below for details. Impact ====== A remote attacker could possibly execute arbitrary code with the privileges of the process, cause a Denial of Service condition, obtain sensitive information, or bypass security restrictions. Workaround ========== There is no known workaround at this time. Resolution ========== All Adobe Flash Player users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=www-plugins/adobe-flash-11.2.202.466" References ========== [ 1 ] CVE-2015-3096 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3096 [ 2 ] CVE-2015-3097 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3097 [ 3 ] CVE-2015-3098 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3098 [ 4 ] CVE-2015-3099 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3099 [ 5 ] CVE-2015-3100 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3100 [ 6 ] CVE-2015-3101 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3101 [ 7 ] CVE-2015-3102 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3102 [ 8 ] CVE-2015-3103 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3103 [ 9 ] CVE-2015-3104 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3104 [ 10 ] CVE-2015-3105 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3105 [ 11 ] CVE-2015-3106 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3106 [ 12 ] CVE-2015-3107 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3107 [ 13 ] CVE-2015-3108 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3108 [ 14 ] CVE-2015-4472 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4472 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201506-01 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2015 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5

Trust: 2.25

sources: NVD: CVE-2015-3108 // JVNDB: JVNDB-2015-002989 // BID: 75084 // VULHUB: VHN-81069 // VULMON: CVE-2015-3108 // PACKETSTORM: 132252 // PACKETSTORM: 132396

AFFECTED PRODUCTS

vendor:	adobe	model:	flash player	scope:	eq	version:	14.0.0.145	Trust: 1.6
vendor:	adobe	model:	flash player	scope:	eq	version:	14.0.0.125	Trust: 1.6
vendor:	adobe	model:	flash player	scope:	eq	version:	14.0.0.176	Trust: 1.6
vendor:	adobe	model:	flash player	scope:	eq	version:	14.0.0.179	Trust: 1.6
vendor:	adobe	model:	flash player	scope:	eq	version:	16.0.0.287	Trust: 1.0
vendor:	adobe	model:	flash player	scope:	eq	version:	16.0.0.296	Trust: 1.0
vendor:	adobe	model:	air	scope:	lte	version:	17.0.0.172	Trust: 1.0
vendor:	adobe	model:	flash player	scope:	eq	version:	15.0.0.246	Trust: 1.0
vendor:	adobe	model:	flash player	scope:	eq	version:	15.0.0.189	Trust: 1.0
vendor:	adobe	model:	flash player	scope:	eq	version:	17.0.0.169	Trust: 1.0
vendor:	adobe	model:	flash player	scope:	eq	version:	15.0.0.239	Trust: 1.0
vendor:	adobe	model:	air sdk \& compiler	scope:	lte	version:	17.0.0.172	Trust: 1.0
vendor:	adobe	model:	flash player	scope:	lte	version:	11.2.202.460	Trust: 1.0
vendor:	adobe	model:	flash player	scope:	lte	version:	13.0.0.289	Trust: 1.0
vendor:	adobe	model:	flash player	scope:	eq	version:	15.0.0.223	Trust: 1.0
vendor:	adobe	model:	air	scope:	lte	version:	17.0.0.144	Trust: 1.0
vendor:	adobe	model:	air sdk	scope:	lte	version:	17.0.0.172	Trust: 1.0
vendor:	google	model:	android	scope:	eq	version:	*	Trust: 1.0
vendor:	adobe	model:	flash player	scope:	eq	version:	17.0.0.188	Trust: 1.0
vendor:	adobe	model:	flash player	scope:	eq	version:	17.0.0.134	Trust: 1.0
vendor:	adobe	model:	flash player	scope:	eq	version:	15.0.0.152	Trust: 1.0
vendor:	adobe	model:	flash player	scope:	eq	version:	16.0.0.257	Trust: 1.0
vendor:	adobe	model:	flash player	scope:	eq	version:	16.0.0.235	Trust: 1.0
vendor:	adobe	model:	flash player	scope:	eq	version:	15.0.0.167	Trust: 1.0
vendor:	google	model:	chrome	scope:	lt	version:	43.0.2357.124 (windows/machintosh/linux)	Trust: 0.8
vendor:	adobe	model:	air	scope:	lt	version:	18.0.0.143 (android)	Trust: 0.8
vendor:	adobe	model:	air	scope:	lt	version:	desktop runtime 18.0.0.143 (macintosh)	Trust: 0.8
vendor:	adobe	model:	air	scope:	lt	version:	desktop runtime 18.0.0.144 (windows)	Trust: 0.8
vendor:	adobe	model:	air sdk	scope:	lt	version:	18.0.0.143 (macintosh)	Trust: 0.8
vendor:	adobe	model:	air sdk	scope:	lt	version:	18.0.0.144 (windows)	Trust: 0.8
vendor:	adobe	model:	air sdk & compiler	scope:	lt	version:	18.0.0.143 (macintosh)	Trust: 0.8
vendor:	adobe	model:	air sdk & compiler	scope:	lt	version:	18.0.0.144 (windows)	Trust: 0.8
vendor:	adobe	model:	flash player	scope:	lt	version:	11.2.202.466 (linux)	Trust: 0.8
vendor:	adobe	model:	flash player	scope:	lt	version:	18.0.0.160 (internet explorer 10/11)	Trust: 0.8
vendor:	adobe	model:	flash player	scope:	lt	version:	18.0.0.160 (windows/linux edition chrome)	Trust: 0.8
vendor:	adobe	model:	flash player	scope:	lt	version:	18.0.0.161 (machintosh edition chrome)	Trust: 0.8
vendor:	adobe	model:	flash player	scope:	lt	version:	desktop runtime 18.0.0.160 (windows/macintosh)	Trust: 0.8
vendor:	adobe	model:	flash player	scope:	lt	version:	continuous support release 13.0.0.292 (windows/macintosh)	Trust: 0.8
vendor:	microsoft	model:	internet explorer	scope:	eq	version:	10 (windows 8/windows server 2012/windows rt)	Trust: 0.8
vendor:	microsoft	model:	internet explorer	scope:	eq	version:	11 (windows 8.1/windows server 2012 r2/windows rt 8.1)	Trust: 0.8
vendor:	adobe	model:	flash player	scope:	eq	version:	11.2.202.460	Trust: 0.6
vendor:	adobe	model:	air sdk	scope:	eq	version:	17.0.0.172	Trust: 0.6
vendor:	adobe	model:	air sdk \& compiler	scope:	eq	version:	17.0.0.172	Trust: 0.6
vendor:	adobe	model:	air	scope:	eq	version:	17.0.0.144	Trust: 0.6
vendor:	adobe	model:	flash player	scope:	eq	version:	13.0.0.289	Trust: 0.6
vendor:	adobe	model:	air	scope:	eq	version:	17.0.0.172	Trust: 0.6
vendor:	red	model:	hat enterprise linux workstation supplementary	scope:	eq	version:	6	Trust: 0.3
vendor:	red	model:	hat enterprise linux supplementary server	scope:	eq	version:	5	Trust: 0.3
vendor:	red	model:	hat enterprise linux server supplementary	scope:	eq	version:	6	Trust: 0.3
vendor:	red	model:	hat enterprise linux desktop supplementary	scope:	eq	version:	6	Trust: 0.3
vendor:	red	model:	hat enterprise linux desktop supplementary client	scope:	eq	version:	5	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.1.53.64	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.1.51.66	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.0.452	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.0.3218	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.0.22.87	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.0.15.3	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.0.12.36	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.0.12.35	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	9.0.262	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	9.0.2460	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	9.0.152.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	9.0.151.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	9.0.124.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	9.0.48.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	9.0.47.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	9.0.45.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	9.0.31.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	9.0.289.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	9.0.283.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	9.0.280	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	9.0.28.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	9.0.277.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	9.0.262.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	9.0.260.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	9.0.246.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	9.0.159.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	9.0.155.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	9.0.115.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	9	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	8.0.35.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	8.0.34.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	8	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	7.0.73.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	7.0.70.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	7.0.69.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	7.0.68.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	7.0.67.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	7.0.66.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	7.0.61.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	7.0.60.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	7.0.53.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	7.0.24.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	7.0.19.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	7.0.14.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	7	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	6.0.79	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	6.0.21.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.2.202.235	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.2.202.233	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.2.202.229	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.2.202.228	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.2.202.223	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.1.115.8	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.1.115.7	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.1.115.6	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.1.112.61	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.1.111.9	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.1.111.8	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.1.111.7	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.1.111.6	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.1.111.5	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.1.102.63	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.1.102.62	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.1.102.55	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.1.102.228	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.0.1.152	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.3.186.7	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.3.186.6	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.3.186.3	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.3.186.2	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.3.185.25	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.3.185.23	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.3.185.22	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.3.185.21	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.3.183.7	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.3.183.5	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.3.183.4	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.3.183.10	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.3.181.34	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.3.181.26	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.3.181.23	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.3.181.22	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.3.181.16	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.3.181.14	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.2.159.1	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.2.157.51	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.2.156.12	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.2.154.28	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.2.154.27	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.2.154.25	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.2.154.24	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.2.154.18	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.2.154.13	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.2.153.1	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.2.152.33	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.2.152.32	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.2.152.21	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.2.152	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.1.95.2	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.1.95.1	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.1.92.8	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.1.92.10	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.1.85.3	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.1.82.76	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.1.52.15	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.1.52.14.1	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.1.106.16	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.1.105.6	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.1.102.65	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.1.102.64	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.0.42.34	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.0.32.18	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	2.0.4	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	2.0.3	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	1.5.3.9130	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	1.5.3.9120	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	1.5.3	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	1.5.2	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	1.5.1	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	3.2.0.2080	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	3.2.0.2070	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	3.1.0.4880	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	3.0	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	2.7.1.1961	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	2.7.1	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	2.7	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	2.6.19140	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	2.6.19120	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	2.6	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	2.5.1	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	2.0.2.12610	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	2.0.2	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	1.5	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	1.1	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	1.01	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	1.0	Trust: 0.3

sources: BID: 75084 // JVNDB: JVNDB-2015-002989 // CNNVD: CNNVD-201506-191 // NVD: CVE-2015-3108

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2015-3108
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2015-3108
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201506-191
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-81069
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2015-3108
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2015-3108
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-81069
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-81069 // VULMON: CVE-2015-3108 // JVNDB: JVNDB-2015-002989 // CNNVD: CNNVD-201506-191 // NVD: CVE-2015-3108

PROBLEMTYPE DATA

problemtype:

CWE-200

Trust: 1.9

sources: VULHUB: VHN-81069 // JVNDB: JVNDB-2015-002989 // NVD: CVE-2015-3108

THREAT TYPE

remote

Trust: 0.7

sources: PACKETSTORM: 132396 // CNNVD: CNNVD-201506-191

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201506-191

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-002989

PATCH

title:	APSB15-11	url:	http://helpx.adobe.com/security/products/flash-player/apsb15-11.html	Trust: 0.8
title:	APSB15-11	url:	http://helpx.adobe.com/jp/security/products/flash-player/apsb15-11.html	Trust: 0.8
title:	Google Chrome	url:	https://www.google.com/intl/ja/chrome/browser/features.html	Trust: 0.8
title:	Stable Channel Update	url:	http://googlechromereleases.blogspot.jp/2015/06/stable-channel-update.html	Trust: 0.8
title:	Update for Vulnerabilities in Adobe Flash Player in Internet Explorer (2755801)	url:	https://technet.microsoft.com/en-us/library/security/2755801	Trust: 0.8
title:	Internet Explorer 上の Adobe Flash Player の脆弱性に対応する更新プログラム (2755801)	url:	https://technet.microsoft.com/ja-jp/library/security/2755801	Trust: 0.8
title:	アドビシステムズ社 Adobe Flash Player の脆弱性に関するお知らせ	url:	http://www.fmworld.net/biz/common/adobe/20150611f.html	Trust: 0.8
title:	Red Hat: CVE-2015-3108	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database&qid=CVE-2015-3108	Trust: 0.1
title:	CVE-Study	url:	https://github.com/thdusdl1219/CVE-Study	Trust: 0.1

sources: VULMON: CVE-2015-3108 // JVNDB: JVNDB-2015-002989

EXTERNAL IDS

db:	NVD	id:	CVE-2015-3108	Trust: 3.1
db:	BID	id:	75084	Trust: 1.5
db:	SECTRACK	id:	1032519	Trust: 1.2
db:	JVNDB	id:	JVNDB-2015-002989	Trust: 0.8
db:	CNNVD	id:	CNNVD-201506-191	Trust: 0.7
db:	VULHUB	id:	VHN-81069	Trust: 0.1
db:	VULMON	id:	CVE-2015-3108	Trust: 0.1
db:	PACKETSTORM	id:	132252	Trust: 0.1
db:	PACKETSTORM	id:	132396	Trust: 0.1

sources: VULHUB: VHN-81069 // VULMON: CVE-2015-3108 // BID: 75084 // JVNDB: JVNDB-2015-002989 // PACKETSTORM: 132252 // PACKETSTORM: 132396 // CNNVD: CNNVD-201506-191 // NVD: CVE-2015-3108

REFERENCES

url:	https://helpx.adobe.com/security/products/flash-player/apsb15-11.html	Trust: 1.9
url:	http://www.securityfocus.com/bid/75084	Trust: 1.3
url:	https://security.gentoo.org/glsa/201506-01	Trust: 1.3
url:	http://rhn.redhat.com/errata/rhsa-2015-1086.html	Trust: 1.3
url:	http://www.securitytracker.com/id/1032519	Trust: 1.2
url:	http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00005.html	Trust: 1.2
url:	http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00009.html	Trust: 1.2
url:	http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00011.html	Trust: 1.2
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3108	Trust: 0.8
url:	http://www.ipa.go.jp/security/ciadr/vul/20150610-adobeflashplayer.html	Trust: 0.8
url:	http://www.jpcert.or.jp/at/2015/at150017.html	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-3108	Trust: 0.8
url:	http://www.npa.go.jp/cyberpolice/topics/?seq=16444	Trust: 0.8
url:	http://www.adobe.com	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2015-3102	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2015-3096	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2015-3103	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2015-3099	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2015-3107	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2015-3106	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2015-3104	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2015-3105	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2015-3108	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2015-3098	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2015-3100	Trust: 0.2
url:	https://cwe.mitre.org/data/definitions/200.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	http://tools.cisco.com/security/center/viewalert.x?alertid=39526	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2015-3099	Trust: 0.1
url:	https://access.redhat.com/security/updates/classification/#critical	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2015-3106	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2015-3100	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2015-3096	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2015-3103	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2015-3107	Trust: 0.1
url:	https://access.redhat.com/articles/11258	Trust: 0.1
url:	https://access.redhat.com/security/team/contact/	Trust: 0.1
url:	https://www.redhat.com/mailman/listinfo/rhsa-announce	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2015-3104	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2015-3098	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2015-3108	Trust: 0.1
url:	https://bugzilla.redhat.com/):	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2015-3105	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2015-3102	Trust: 0.1
url:	https://access.redhat.com/security/team/key/	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-3108	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4472	Trust: 0.1
url:	https://security.gentoo.org/	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-3106	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-3101	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-3101	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-3096	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-3105	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-3097	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-3103	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-3102	Trust: 0.1
url:	http://creativecommons.org/licenses/by-sa/2.5	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-3107	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-3100	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-3097	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-3098	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-3099	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-3104	Trust: 0.1
url:	https://bugs.gentoo.org.	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-4472	Trust: 0.1

CREDITS

Chris Evans of Google Project Zero

Trust: 0.3

sources: BID: 75084

SOURCES

db:	VULHUB	id:	VHN-81069
db:	VULMON	id:	CVE-2015-3108
db:	BID	id:	75084
db:	JVNDB	id:	JVNDB-2015-002989
db:	PACKETSTORM	id:	132252
db:	PACKETSTORM	id:	132396
db:	CNNVD	id:	CNNVD-201506-191
db:	NVD	id:	CVE-2015-3108

LAST UPDATE DATE

2024-11-23T19:43:07.097000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-81069	date:	2016-12-31T00:00:00
db:	VULMON	id:	CVE-2015-3108	date:	2016-12-31T00:00:00
db:	BID	id:	75084	date:	2015-07-15T00:31:00
db:	JVNDB	id:	JVNDB-2015-002989	date:	2015-06-11T00:00:00
db:	CNNVD	id:	CNNVD-201506-191	date:	2015-06-11T00:00:00
db:	NVD	id:	CVE-2015-3108	date:	2024-11-21T02:28:41.217

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-81069	date:	2015-06-10T00:00:00
db:	VULMON	id:	CVE-2015-3108	date:	2015-06-10T00:00:00
db:	BID	id:	75084	date:	2015-06-09T00:00:00
db:	JVNDB	id:	JVNDB-2015-002989	date:	2015-06-11T00:00:00
db:	PACKETSTORM	id:	132252	date:	2015-06-10T23:41:17
db:	PACKETSTORM	id:	132396	date:	2015-06-21T13:13:00
db:	CNNVD	id:	CNNVD-201506-191	date:	2015-06-10T00:00:00
db:	NVD	id:	CVE-2015-3108	date:	2015-06-10T01:59:49.503