Sign-up

ID

VAR-201506-0084


CVE

CVE-2015-3100


TITLE

Adobe Flash Player and Adobe AIR Vulnerable to stack-based buffer overflow

Trust: 0.8

sources: JVNDB: JVNDB-2015-002981

DESCRIPTION

Stack-based buffer overflow in Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160 on Windows and OS X and before 11.2.202.466 on Linux, Adobe AIR before 18.0.0.144 on Windows and before 18.0.0.143 on OS X and Android, Adobe AIR SDK before 18.0.0.144 on Windows and before 18.0.0.143 on OS X, and Adobe AIR SDK & Compiler before 18.0.0.144 on Windows and before 18.0.0.143 on OS X allows attackers to execute arbitrary code via unspecified vectors. Attackers can exploit this issue to execute arbitrary code in the context of the user running the affected applications. Failed exploit attempts will likely cause a denial-of-service condition. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: flash-plugin security update Advisory ID: RHSA-2015:1086-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-1086.html Issue date: 2015-06-10 CVE Names: CVE-2015-3096 CVE-2015-3098 CVE-2015-3099 CVE-2015-3100 CVE-2015-3102 CVE-2015-3103 CVE-2015-3104 CVE-2015-3105 CVE-2015-3106 CVE-2015-3107 CVE-2015-3108 ===================================================================== 1. Summary: An updated Adobe Flash Player package that fixes multiple security issues is now available for Red Hat Enterprise Linux 5 and 6 Supplementary. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64 3. Description: The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. These vulnerabilities are detailed in the Adobe Security Bulletin APSB15-11 listed in the References section. Multiple flaws were found in the way flash-plugin displayed certain SWF content. An attacker could use these flaws to create a specially crafted SWF file that would cause flash-plugin to crash or, potentially, execute arbitrary code when the victim loaded a page containing the malicious SWF content. (CVE-2015-3100, CVE-2015-3103, CVE-2015-3104, CVE-2015-3105, CVE-2015-3106, CVE-2015-3107) Multiple security bypass flaws were found in flash-plugin that could lead to the disclosure of sensitive information. (CVE-2015-3096, CVE-2015-3098, CVE-2015-3099, CVE-2015-3102) A memory information leak flaw was found in flash-plugin that could allow an attacker to potentially bypass ASLR (Address Space Layout Randomization) protection, and make it easier to exploit other flaws. (CVE-2015-3108) All users of Adobe Flash Player should install this updated package, which upgrades Flash Player to version 11.2.202.466. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1229879 - CVE-2015-3100 CVE-2015-3103 CVE-2015-3104 CVE-2015-3105 CVE-2015-3106 CVE-2015-3107 flash-plugin: multiple code execution issues fixed in APSB15-11 1230185 - CVE-2015-3096 flash-plugin: cross-site request forgery against JSONP endpoints fixed in APSB15-11 (incomplete fix for CVE-2014-5333) 1230189 - CVE-2015-3098 CVE-2015-3099 CVE-2015-3102 flash-plugin: same-origin-policy bypass fixed in APSB15-11 1230201 - CVE-2015-3108 flash-plugin: information leak leading to ASLR bypass (APSB15-11) 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 5): i386: flash-plugin-11.2.202.466-1.el5.i386.rpm x86_64: flash-plugin-11.2.202.466-1.el5.i386.rpm Red Hat Enterprise Linux Server Supplementary (v. 5): i386: flash-plugin-11.2.202.466-1.el5.i386.rpm x86_64: flash-plugin-11.2.202.466-1.el5.i386.rpm Red Hat Enterprise Linux Desktop Supplementary (v. 6): i386: flash-plugin-11.2.202.466-1.el6_6.i686.rpm x86_64: flash-plugin-11.2.202.466-1.el6_6.i686.rpm Red Hat Enterprise Linux Server Supplementary (v. 6): i386: flash-plugin-11.2.202.466-1.el6_6.i686.rpm x86_64: flash-plugin-11.2.202.466-1.el6_6.i686.rpm Red Hat Enterprise Linux Workstation Supplementary (v. 6): i386: flash-plugin-11.2.202.466-1.el6_6.i686.rpm x86_64: flash-plugin-11.2.202.466-1.el6_6.i686.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-3096 https://access.redhat.com/security/cve/CVE-2015-3098 https://access.redhat.com/security/cve/CVE-2015-3099 https://access.redhat.com/security/cve/CVE-2015-3100 https://access.redhat.com/security/cve/CVE-2015-3102 https://access.redhat.com/security/cve/CVE-2015-3103 https://access.redhat.com/security/cve/CVE-2015-3104 https://access.redhat.com/security/cve/CVE-2015-3105 https://access.redhat.com/security/cve/CVE-2015-3106 https://access.redhat.com/security/cve/CVE-2015-3107 https://access.redhat.com/security/cve/CVE-2015-3108 https://access.redhat.com/security/updates/classification/#critical https://helpx.adobe.com/security/products/flash-player/apsb15-11.html 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFVeE7EXlSAg2UNWIIRAlOpAJ9RuYMo4MW/E5iT60nzKf7DrOrZjwCgoZXa u416jfOUFziDYbxIZyHYjaI= =EMNe -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . Background ========== The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Please review the CVE identifiers referenced below for details. Impact ====== A remote attacker could possibly execute arbitrary code with the privileges of the process, cause a Denial of Service condition, obtain sensitive information, or bypass security restrictions. Workaround ========== There is no known workaround at this time. Resolution ========== All Adobe Flash Player users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=www-plugins/adobe-flash-11.2.202.466" References ========== [ 1 ] CVE-2015-3096 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3096 [ 2 ] CVE-2015-3097 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3097 [ 3 ] CVE-2015-3098 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3098 [ 4 ] CVE-2015-3099 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3099 [ 5 ] CVE-2015-3100 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3100 [ 6 ] CVE-2015-3101 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3101 [ 7 ] CVE-2015-3102 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3102 [ 8 ] CVE-2015-3103 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3103 [ 9 ] CVE-2015-3104 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3104 [ 10 ] CVE-2015-3105 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3105 [ 11 ] CVE-2015-3106 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3106 [ 12 ] CVE-2015-3107 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3107 [ 13 ] CVE-2015-3108 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3108 [ 14 ] CVE-2015-4472 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4472 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201506-01 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2015 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5

Trust: 2.25

sources: NVD: CVE-2015-3100 // JVNDB: JVNDB-2015-002981 // BID: 75085 // VULHUB: VHN-81061 // VULMON: CVE-2015-3100 // PACKETSTORM: 132252 // PACKETSTORM: 132396

AFFECTED PRODUCTS

vendor:adobemodel:flash playerscope:eqversion:16.0.0.235

Trust: 1.6

vendor:adobemodel:flash playerscope:eqversion:16.0.0.257

Trust: 1.6

vendor:adobemodel:flash playerscope:eqversion:17.0.0.188

Trust: 1.6

vendor:adobemodel:flash playerscope:eqversion:16.0.0.287

Trust: 1.6

vendor:adobemodel:flash playerscope:eqversion:15.0.0.239

Trust: 1.6

vendor:adobemodel:flash playerscope:eqversion:17.0.0.134

Trust: 1.6

vendor:adobemodel:flash playerscope:eqversion:17.0.0.169

Trust: 1.6

vendor:adobemodel:flash playerscope:eqversion:15.0.0.223

Trust: 1.6

vendor:adobemodel:flash playerscope:eqversion:16.0.0.296

Trust: 1.6

vendor:adobemodel:flash playerscope:eqversion:15.0.0.246

Trust: 1.6

vendor:adobemodel:flash playerscope:eqversion:14.0.0.176

Trust: 1.0

vendor:adobemodel:airscope:lteversion:17.0.0.172

Trust: 1.0

vendor:adobemodel:flash playerscope:eqversion:15.0.0.189

Trust: 1.0

vendor:adobemodel:air sdk \& compilerscope:lteversion:17.0.0.172

Trust: 1.0

vendor:adobemodel:flash playerscope:lteversion:11.2.202.460

Trust: 1.0

vendor:adobemodel:flash playerscope:lteversion:13.0.0.289

Trust: 1.0

vendor:adobemodel:airscope:lteversion:17.0.0.144

Trust: 1.0

vendor:adobemodel:air sdkscope:lteversion:17.0.0.172

Trust: 1.0

vendor:adobemodel:flash playerscope:eqversion:14.0.0.125

Trust: 1.0

vendor:googlemodel:androidscope:eqversion:*

Trust: 1.0

vendor:adobemodel:flash playerscope:eqversion:15.0.0.152

Trust: 1.0

vendor:adobemodel:flash playerscope:eqversion:14.0.0.145

Trust: 1.0

vendor:adobemodel:flash playerscope:eqversion:14.0.0.179

Trust: 1.0

vendor:adobemodel:flash playerscope:eqversion:15.0.0.167

Trust: 1.0

vendor:googlemodel:chromescope:ltversion:43.0.2357.124 (windows/machintosh/linux)

Trust: 0.8

vendor:adobemodel:airscope:ltversion:18.0.0.143 (android)

Trust: 0.8

vendor:adobemodel:airscope:ltversion:desktop runtime 18.0.0.143 (macintosh)

Trust: 0.8

vendor:adobemodel:airscope:ltversion:desktop runtime 18.0.0.144 (windows)

Trust: 0.8

vendor:adobemodel:air sdkscope:ltversion:18.0.0.143 (macintosh)

Trust: 0.8

vendor:adobemodel:air sdkscope:ltversion:18.0.0.144 (windows)

Trust: 0.8

vendor:adobemodel:air sdk & compilerscope:ltversion:18.0.0.143 (macintosh)

Trust: 0.8

vendor:adobemodel:air sdk & compilerscope:ltversion:18.0.0.144 (windows)

Trust: 0.8

vendor:adobemodel:flash playerscope:ltversion:11.2.202.466 (linux)

Trust: 0.8

vendor:adobemodel:flash playerscope:ltversion:18.0.0.160 (internet explorer 10/11)

Trust: 0.8

vendor:adobemodel:flash playerscope:ltversion:18.0.0.160 (windows/linux edition chrome)

Trust: 0.8

vendor:adobemodel:flash playerscope:ltversion:18.0.0.161 (machintosh edition chrome)

Trust: 0.8

vendor:adobemodel:flash playerscope:ltversion:desktop runtime 18.0.0.160 (windows/macintosh)

Trust: 0.8

vendor:adobemodel:flash playerscope:ltversion:continuous support release 13.0.0.292 (windows/macintosh)

Trust: 0.8

vendor:microsoftmodel:internet explorerscope:eqversion:10 (windows 8/windows server 2012/windows rt)

Trust: 0.8

vendor:microsoftmodel:internet explorerscope:eqversion:11 (windows 8.1/windows server 2012 r2/windows rt 8.1)

Trust: 0.8

vendor:redmodel:hat enterprise linux workstation supplementaryscope:eqversion:6

Trust: 0.3

vendor:redmodel:hat enterprise linux supplementary serverscope:eqversion:5

Trust: 0.3

vendor:redmodel:hat enterprise linux server supplementaryscope:eqversion:6

Trust: 0.3

vendor:redmodel:hat enterprise linux desktop supplementaryscope:eqversion:6

Trust: 0.3

vendor:redmodel:hat enterprise linux desktop supplementary clientscope:eqversion:5

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.1.53.64

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.1.51.66

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.0.452

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.0.3218

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.0.22.87

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.0.15.3

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.0.12.36

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.0.12.35

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:9.0.262

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:9.0.2460

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:9.0.152.0

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:9.0.151.0

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:9.0.124.0

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:9.0.48.0

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:9.0.47.0

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:9.0.45.0

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:9.0.31.0

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:9.0.289.0

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:9.0.283.0

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:9.0.280

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:9.0.28.0

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:9.0.277.0

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:9.0.262.0

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:9.0.260.0

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:9.0.246.0

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:9.0.159.0

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:9.0.155.0

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:9.0.115.0

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:9

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:8.0.35.0

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:8.0.34.0

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:8

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:7.0.73.0

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:7.0.70.0

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:7.0.69.0

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:7.0.68.0

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:7.0.67.0

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:7.0.66.0

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:7.0.61.0

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:7.0.60.0

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:7.0.53.0

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:7.0.24.0

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:7.0.19.0

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:7.0.14.0

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:7

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:6.0.79

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:6.0.21.0

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:11.2.202.235

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:11.2.202.233

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:11.2.202.229

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:11.2.202.228

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:11.2.202.223

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:11.1.115.8

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:11.1.115.7

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:11.1.115.6

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:11.1.112.61

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:11.1.111.9

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:11.1.111.8

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:11.1.111.7

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:11.1.111.6

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:11.1.111.5

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:11.1.102.63

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:11.1.102.62

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:11.1.102.55

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:11.1.102.228

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:11.0.1.152

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.3.186.7

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.3.186.6

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.3.186.3

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.3.186.2

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.3.185.25

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.3.185.23

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.3.185.22

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.3.185.21

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.3.183.7

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.3.183.5

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.3.183.4

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.3.183.10

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.3.181.34

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.3.181.26

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.3.181.23

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.3.181.22

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.3.181.16

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.3.181.14

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.2.159.1

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.2.157.51

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.2.156.12

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.2.154.28

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.2.154.27

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.2.154.25

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.2.154.24

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.2.154.18

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.2.154.13

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.2.153.1

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.2.152.33

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.2.152.32

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.2.152.21

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.2.152

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.1.95.2

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.1.95.1

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.1.92.8

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.1.92.10

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.1.85.3

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.1.82.76

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.1.52.15

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.1.52.14.1

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.1.106.16

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.1.105.6

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.1.102.65

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.1.102.64

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.0.42.34

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10.0.32.18

Trust: 0.3

vendor:adobemodel:flash playerscope:eqversion:10

Trust: 0.3

vendor:adobemodel:airscope:eqversion:2.0.4

Trust: 0.3

vendor:adobemodel:airscope:eqversion:2.0.3

Trust: 0.3

vendor:adobemodel:airscope:eqversion:1.5.3.9130

Trust: 0.3

vendor:adobemodel:airscope:eqversion:1.5.3.9120

Trust: 0.3

vendor:adobemodel:airscope:eqversion:1.5.3

Trust: 0.3

vendor:adobemodel:airscope:eqversion:1.5.2

Trust: 0.3

vendor:adobemodel:airscope:eqversion:1.5.1

Trust: 0.3

vendor:adobemodel:airscope:eqversion:3.2.0.2080

Trust: 0.3

vendor:adobemodel:airscope:eqversion:3.2.0.2070

Trust: 0.3

vendor:adobemodel:airscope:eqversion:3.1.0.4880

Trust: 0.3

vendor:adobemodel:airscope:eqversion:3.0

Trust: 0.3

vendor:adobemodel:airscope:eqversion:2.7.1.1961

Trust: 0.3

vendor:adobemodel:airscope:eqversion:2.7.1

Trust: 0.3

vendor:adobemodel:airscope:eqversion:2.7

Trust: 0.3

vendor:adobemodel:airscope:eqversion:2.6.19140

Trust: 0.3

vendor:adobemodel:airscope:eqversion:2.6.19120

Trust: 0.3

vendor:adobemodel:airscope:eqversion:2.6

Trust: 0.3

vendor:adobemodel:airscope:eqversion:2.5.1

Trust: 0.3

vendor:adobemodel:airscope:eqversion:2.0.2.12610

Trust: 0.3

vendor:adobemodel:airscope:eqversion:2.0.2

Trust: 0.3

vendor:adobemodel:airscope:eqversion:1.5

Trust: 0.3

vendor:adobemodel:airscope:eqversion:1.1

Trust: 0.3

vendor:adobemodel:airscope:eqversion:1.01

Trust: 0.3

vendor:adobemodel:airscope:eqversion:1.0

Trust: 0.3

sources: BID: 75085 // JVNDB: JVNDB-2015-002981 // CNNVD: CNNVD-201506-183 // NVD: CVE-2015-3100

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-3100
value: HIGH

Trust: 1.0

NVD: CVE-2015-3100
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201506-183
value: CRITICAL

Trust: 0.6

VULHUB: VHN-81061
value: HIGH

Trust: 0.1

VULMON: CVE-2015-3100
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2015-3100
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-81061
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-81061 // VULMON: CVE-2015-3100 // JVNDB: JVNDB-2015-002981 // CNNVD: CNNVD-201506-183 // NVD: CVE-2015-3100

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-81061 // JVNDB: JVNDB-2015-002981 // NVD: CVE-2015-3100

THREAT TYPE

remote

Trust: 0.7

sources: PACKETSTORM: 132396 // CNNVD: CNNVD-201506-183

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201506-183

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-002981

PATCH
title:APSB15-11url:http://helpx.adobe.com/security/products/flash-player/apsb15-11.html
Trust: 0.8
title:APSB15-11url:http://helpx.adobe.com/jp/security/products/flash-player/apsb15-11.html
Trust: 0.8
title:Google Chromeurl:https://www.google.com/intl/ja/chrome/browser/features.html
Trust: 0.8
title:Stable Channel Updateurl:http://googlechromereleases.blogspot.jp/2015/06/stable-channel-update.html
Trust: 0.8
title:Update for Vulnerabilities in Adobe Flash Player in Internet Explorer (2755801)url:https://technet.microsoft.com/en-us/library/security/2755801
Trust: 0.8
title:Internet Explorer 上の Adobe Flash Player の脆弱性に対応する更新プログラム (2755801)url:https://technet.microsoft.com/ja-jp/library/security/2755801
Trust: 0.8
title:アドビ システムズ社 Adobe Flash Player の脆弱性に関するお知らせurl:http://www.fmworld.net/biz/common/adobe/20150611f.html
Trust: 0.8
title:flashplayer_13.0.0.292_ax_debugurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=56192
Trust: 0.6
title:flashplayer_11.2.202.466_sa_debug.i386url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=56196
Trust: 0.6
title:flashplayer_18.0.0.160_sa_debugurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=56195
Trust: 0.6
title:flashplayer_18.0.0.160_sa_debugurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=56194
Trust: 0.6
title:flashplayer_13.0.0.292_plugin_debugurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=56193
Trust: 0.6
title:CVE-Studyurl:https://github.com/thdusdl1219/CVE-Study 
Trust: 0.1
sources:
            
            
            VULMON: CVE-2015-3100 // 
            
            
            
            JVNDB: JVNDB-2015-002981 // 
            
            
            
            CNNVD: CNNVD-201506-183

EXTERNAL IDS
db:NVDid:CVE-2015-3100
Trust: 3.1
db:BIDid:75085
Trust: 1.5
db:SECTRACKid:1032519
Trust: 1.2
db:JVNDBid:JVNDB-2015-002981
Trust: 0.8
db:CNNVDid:CNNVD-201506-183
Trust: 0.7
db:VULHUBid:VHN-81061
Trust: 0.1
db:VULMONid:CVE-2015-3100
Trust: 0.1
db:PACKETSTORMid:132252
Trust: 0.1
db:PACKETSTORMid:132396
Trust: 0.1
sources:
            
            
            VULHUB: VHN-81061 // 
            
            
            
            VULMON: CVE-2015-3100 // 
            
            
            
            BID: 75085 // 
            
            
            
            JVNDB: JVNDB-2015-002981 // 
            
            
            
            PACKETSTORM: 132252 // 
            
            
            
            PACKETSTORM: 132396 // 
            
            
            
            CNNVD: CNNVD-201506-183 // 
            
            
            
            NVD: CVE-2015-3100

REFERENCES
url:https://helpx.adobe.com/security/products/flash-player/apsb15-11.html
Trust: 1.9
url:https://security.gentoo.org/glsa/201506-01
Trust: 1.3
url:http://rhn.redhat.com/errata/rhsa-2015-1086.html
Trust: 1.3
url:http://www.securityfocus.com/bid/75085
Trust: 1.2
url:http://www.securitytracker.com/id/1032519
Trust: 1.2
url:http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00005.html
Trust: 1.2
url:http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00009.html
Trust: 1.2
url:http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00011.html
Trust: 1.2
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3100
Trust: 0.8
url:http://www.ipa.go.jp/security/ciadr/vul/20150610-adobeflashplayer.html
Trust: 0.8
url:http://www.jpcert.or.jp/at/2015/at150017.html
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-3100
Trust: 0.8
url:http://www.npa.go.jp/cyberpolice/topics/?seq=16444
Trust: 0.8
url:http://www.adobe.com
Trust: 0.3
url:https://nvd.nist.gov/vuln/detail/cve-2015-3102
Trust: 0.2
url:https://nvd.nist.gov/vuln/detail/cve-2015-3096
Trust: 0.2
url:https://nvd.nist.gov/vuln/detail/cve-2015-3103
Trust: 0.2
url:https://nvd.nist.gov/vuln/detail/cve-2015-3099
Trust: 0.2
url:https://nvd.nist.gov/vuln/detail/cve-2015-3107
Trust: 0.2
url:https://nvd.nist.gov/vuln/detail/cve-2015-3106
Trust: 0.2
url:https://nvd.nist.gov/vuln/detail/cve-2015-3104
Trust: 0.2
url:https://nvd.nist.gov/vuln/detail/cve-2015-3105
Trust: 0.2
url:https://nvd.nist.gov/vuln/detail/cve-2015-3108
Trust: 0.2
url:https://nvd.nist.gov/vuln/detail/cve-2015-3098
Trust: 0.2
url:https://nvd.nist.gov/vuln/detail/cve-2015-3100
Trust: 0.2
url:https://cwe.mitre.org/data/definitions/119.html
Trust: 0.1
url:http://tools.cisco.com/security/center/viewalert.x?alertid=39525
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://access.redhat.com/security/cve/cve-2015-3099
Trust: 0.1
url:https://access.redhat.com/security/updates/classification/#critical
Trust: 0.1
url:https://access.redhat.com/security/cve/cve-2015-3106
Trust: 0.1
url:https://access.redhat.com/security/cve/cve-2015-3100
Trust: 0.1
url:https://access.redhat.com/security/cve/cve-2015-3096
Trust: 0.1
url:https://access.redhat.com/security/cve/cve-2015-3103
Trust: 0.1
url:https://access.redhat.com/security/cve/cve-2015-3107
Trust: 0.1
url:https://access.redhat.com/articles/11258
Trust: 0.1
url:https://access.redhat.com/security/team/contact/
Trust: 0.1
url:https://www.redhat.com/mailman/listinfo/rhsa-announce
Trust: 0.1
url:https://access.redhat.com/security/cve/cve-2015-3104
Trust: 0.1
url:https://access.redhat.com/security/cve/cve-2015-3098
Trust: 0.1
url:https://access.redhat.com/security/cve/cve-2015-3108
Trust: 0.1
url:https://bugzilla.redhat.com/):
Trust: 0.1
url:https://access.redhat.com/security/cve/cve-2015-3105
Trust: 0.1
url:https://access.redhat.com/security/cve/cve-2015-3102
Trust: 0.1
url:https://access.redhat.com/security/team/key/
Trust: 0.1
url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-3108
Trust: 0.1
url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4472
Trust: 0.1
url:https://security.gentoo.org/
Trust: 0.1
url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-3106
Trust: 0.1
url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-3101
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2015-3101
Trust: 0.1
url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-3096
Trust: 0.1
url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-3105
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2015-3097
Trust: 0.1
url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-3103
Trust: 0.1
url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-3102
Trust: 0.1
url:http://creativecommons.org/licenses/by-sa/2.5
Trust: 0.1
url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-3107
Trust: 0.1
url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-3100
Trust: 0.1
url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-3097
Trust: 0.1
url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-3098
Trust: 0.1
url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-3099
Trust: 0.1
url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-3104
Trust: 0.1
url:https://bugs.gentoo.org.
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2015-4472
Trust: 0.1
sources:
            
            
            VULHUB: VHN-81061 // 
            
            
            
            VULMON: CVE-2015-3100 // 
            
            
            
            BID: 75085 // 
            
            
            
            JVNDB: JVNDB-2015-002981 // 
            
            
            
            PACKETSTORM: 132252 // 
            
            
            
            PACKETSTORM: 132396 // 
            
            
            
            CNNVD: CNNVD-201506-183 // 
            
            
            
            NVD: CVE-2015-3100

CREDITS
Haifei Li of McAfee Labs IPS Team.
Trust: 0.3
sources:
            
            
            BID: 75085

SOURCES
db:VULHUBid:VHN-81061
db:VULMONid:CVE-2015-3100
db:BIDid:75085
db:JVNDBid:JVNDB-2015-002981
db:PACKETSTORMid:132252
db:PACKETSTORMid:132396
db:CNNVDid:CNNVD-201506-183
db:NVDid:CVE-2015-3100

LAST UPDATE DATE
2024-11-23T20:20:40.378000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-81061date:2016-12-31T00:00:00
db:VULMONid:CVE-2015-3100date:2016-12-31T00:00:00
db:BIDid:75085date:2015-07-15T00:31:00
db:JVNDBid:JVNDB-2015-002981date:2015-06-11T00:00:00
db:CNNVDid:CNNVD-201506-183date:2015-06-10T00:00:00
db:NVDid:CVE-2015-3100date:2024-11-21T02:28:40.190

SOURCES RELEASE DATE
db:VULHUBid:VHN-81061date:2015-06-10T00:00:00
db:VULMONid:CVE-2015-3100date:2015-06-10T00:00:00
db:BIDid:75085date:2015-06-09T00:00:00
db:JVNDBid:JVNDB-2015-002981date:2015-06-11T00:00:00
db:PACKETSTORMid:132252date:2015-06-10T23:41:17
db:PACKETSTORMid:132396date:2015-06-21T13:13:00
db:CNNVDid:CNNVD-201506-183date:2015-06-10T00:00:00
db:NVDid:CVE-2015-3100date:2015-06-10T01:59:43.237