Details of VAR-201506-0085

ID

VAR-201506-0085

CVE

CVE-2015-3101

TITLE

Adobe Flash Player and Adobe AIR of Flash Broker integrity level "Low" From "During" Vulnerabilities migrated to

Trust: 0.8

sources: JVNDB: JVNDB-2015-002982

DESCRIPTION

The Flash broker in Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160 on Windows and OS X and before 11.2.202.466 on Linux, Adobe AIR before 18.0.0.144 on Windows and before 18.0.0.143 on OS X and Android, Adobe AIR SDK before 18.0.0.144 on Windows and before 18.0.0.143 on OS X, and Adobe AIR SDK & Compiler before 18.0.0.144 on Windows and before 18.0.0.143 on OS X, when Internet Explorer is used, allows attackers to perform a transition from Low Integrity to Medium Integrity via unspecified vectors. This vulnerability CVE-2015-3098 and CVE-2015-3102 Is a different vulnerability.An attacker could move the integrity level from low to medium. Attackers can exploit this issue to gain elevated privileges within the application. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201506-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Adobe Flash Player: Multiple vulnerabilities Date: June 21, 2015 Bugs: #551658 ID: 201506-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in Adobe Flash Player, the worst of which allows remote attackers to execute arbitrary code. Background ========== The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 www-plugins/adobe-flash < 11.2.202.466 >= 11.2.202.466 Description =========== Multiple vulnerabilities have been discovered in Adobe Flash Player. Please review the CVE identifiers referenced below for details. Impact ====== A remote attacker could possibly execute arbitrary code with the privileges of the process, cause a Denial of Service condition, obtain sensitive information, or bypass security restrictions. Workaround ========== There is no known workaround at this time. Resolution ========== All Adobe Flash Player users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=www-plugins/adobe-flash-11.2.202.466" References ========== [ 1 ] CVE-2015-3096 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3096 [ 2 ] CVE-2015-3097 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3097 [ 3 ] CVE-2015-3098 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3098 [ 4 ] CVE-2015-3099 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3099 [ 5 ] CVE-2015-3100 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3100 [ 6 ] CVE-2015-3101 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3101 [ 7 ] CVE-2015-3102 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3102 [ 8 ] CVE-2015-3103 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3103 [ 9 ] CVE-2015-3104 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3104 [ 10 ] CVE-2015-3105 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3105 [ 11 ] CVE-2015-3106 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3106 [ 12 ] CVE-2015-3107 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3107 [ 13 ] CVE-2015-3108 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3108 [ 14 ] CVE-2015-4472 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4472 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201506-01 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2015 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5

Trust: 2.16

sources: NVD: CVE-2015-3101 // JVNDB: JVNDB-2015-002982 // BID: 75089 // VULHUB: VHN-81062 // VULMON: CVE-2015-3101 // PACKETSTORM: 132396

AFFECTED PRODUCTS

vendor:	adobe	model:	flash player	scope:	eq	version:	16.0.0.235	Trust: 1.6
vendor:	adobe	model:	flash player	scope:	eq	version:	16.0.0.257	Trust: 1.6
vendor:	adobe	model:	flash player	scope:	eq	version:	17.0.0.188	Trust: 1.6
vendor:	adobe	model:	flash player	scope:	eq	version:	14.0.0.145	Trust: 1.6
vendor:	adobe	model:	flash player	scope:	eq	version:	15.0.0.152	Trust: 1.6
vendor:	adobe	model:	flash player	scope:	eq	version:	15.0.0.239	Trust: 1.6
vendor:	adobe	model:	flash player	scope:	eq	version:	15.0.0.223	Trust: 1.6
vendor:	adobe	model:	flash player	scope:	eq	version:	15.0.0.246	Trust: 1.6
vendor:	adobe	model:	flash player	scope:	eq	version:	16.0.0.287	Trust: 1.0
vendor:	adobe	model:	flash player	scope:	eq	version:	14.0.0.176	Trust: 1.0
vendor:	adobe	model:	flash player	scope:	eq	version:	16.0.0.296	Trust: 1.0
vendor:	adobe	model:	air	scope:	lte	version:	17.0.0.172	Trust: 1.0
vendor:	adobe	model:	flash player	scope:	eq	version:	15.0.0.189	Trust: 1.0
vendor:	adobe	model:	flash player	scope:	eq	version:	17.0.0.169	Trust: 1.0
vendor:	adobe	model:	air sdk \& compiler	scope:	lte	version:	17.0.0.172	Trust: 1.0
vendor:	adobe	model:	flash player	scope:	lte	version:	13.0.0.289	Trust: 1.0
vendor:	adobe	model:	flash player	scope:	lte	version:	11.2.202.460	Trust: 1.0
vendor:	adobe	model:	air	scope:	lte	version:	17.0.0.144	Trust: 1.0
vendor:	adobe	model:	air sdk	scope:	lte	version:	17.0.0.172	Trust: 1.0
vendor:	adobe	model:	flash player	scope:	eq	version:	14.0.0.125	Trust: 1.0
vendor:	google	model:	android	scope:	eq	version:	*	Trust: 1.0
vendor:	adobe	model:	flash player	scope:	eq	version:	17.0.0.134	Trust: 1.0
vendor:	adobe	model:	flash player	scope:	eq	version:	14.0.0.179	Trust: 1.0
vendor:	adobe	model:	flash player	scope:	eq	version:	15.0.0.167	Trust: 1.0
vendor:	google	model:	chrome	scope:	lt	version:	43.0.2357.124 (windows/machintosh/linux)	Trust: 0.8
vendor:	adobe	model:	air	scope:	lt	version:	18.0.0.143 (android)	Trust: 0.8
vendor:	adobe	model:	air	scope:	lt	version:	desktop runtime 18.0.0.143 (macintosh)	Trust: 0.8
vendor:	adobe	model:	air	scope:	lt	version:	desktop runtime 18.0.0.144 (windows)	Trust: 0.8
vendor:	adobe	model:	air sdk	scope:	lt	version:	18.0.0.143 (macintosh)	Trust: 0.8
vendor:	adobe	model:	air sdk	scope:	lt	version:	18.0.0.144 (windows)	Trust: 0.8
vendor:	adobe	model:	air sdk & compiler	scope:	lt	version:	18.0.0.143 (macintosh)	Trust: 0.8
vendor:	adobe	model:	air sdk & compiler	scope:	lt	version:	18.0.0.144 (windows)	Trust: 0.8
vendor:	adobe	model:	flash player	scope:	lt	version:	11.2.202.466 (linux)	Trust: 0.8
vendor:	adobe	model:	flash player	scope:	lt	version:	18.0.0.160 (internet explorer 10/11)	Trust: 0.8
vendor:	adobe	model:	flash player	scope:	lt	version:	18.0.0.160 (windows/linux edition chrome)	Trust: 0.8
vendor:	adobe	model:	flash player	scope:	lt	version:	18.0.0.161 (machintosh edition chrome)	Trust: 0.8
vendor:	adobe	model:	flash player	scope:	lt	version:	desktop runtime 18.0.0.160 (windows/macintosh)	Trust: 0.8
vendor:	adobe	model:	flash player	scope:	lt	version:	continuous support release 13.0.0.292 (windows/macintosh)	Trust: 0.8
vendor:	microsoft	model:	internet explorer	scope:	eq	version:	10 (windows 8/windows server 2012/windows rt)	Trust: 0.8
vendor:	microsoft	model:	internet explorer	scope:	eq	version:	11 (windows 8.1/windows server 2012 r2/windows rt 8.1)	Trust: 0.8
vendor:	adobe	model:	air sdk	scope:	eq	version:	17.0.0.172	Trust: 0.6
vendor:	adobe	model:	air sdk \& compiler	scope:	eq	version:	17.0.0.172	Trust: 0.6
vendor:	gentoo	model:	linux	scope:	-	version:	-	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.1.53.64	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.1.51.66	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.0.452	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.0.3218	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.0.22.87	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.0.15.3	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.0.12.36	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.0.12.35	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	9.0.262	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	9.0.2460	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	9.0.152.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	9.0.151.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	9.0.124.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	9.0.48.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	9.0.47.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	9.0.45.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	9.0.31.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	9.0.289.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	9.0.283.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	9.0.280	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	9.0.28.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	9.0.277.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	9.0.262.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	9.0.260.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	9.0.246.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	9.0.159.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	9.0.155.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	9.0.115.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	9	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	8.0.35.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	8.0.34.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	8	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	7.0.73.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	7.0.70.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	7.0.69.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	7.0.68.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	7.0.67.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	7.0.66.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	7.0.61.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	7.0.60.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	7.0.53.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	7.0.24.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	7.0.19.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	7.0.14.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	7	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	6.0.79	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	6.0.21.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.2.202.235	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.2.202.233	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.2.202.229	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.2.202.228	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.2.202.223	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.1.115.8	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.1.115.7	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.1.115.6	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.1.112.61	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.1.111.9	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.1.111.8	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.1.111.7	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.1.111.6	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.1.111.5	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.1.102.63	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.1.102.62	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.1.102.55	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.1.102.228	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.0.1.152	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.3.186.7	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.3.186.6	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.3.186.3	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.3.186.2	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.3.185.25	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.3.185.23	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.3.185.22	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.3.185.21	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.3.183.7	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.3.183.5	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.3.183.4	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.3.183.10	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.3.181.34	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.3.181.26	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.3.181.23	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.3.181.22	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.3.181.16	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.3.181.14	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.2.159.1	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.2.157.51	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.2.156.12	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.2.154.28	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.2.154.27	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.2.154.25	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.2.154.24	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.2.154.18	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.2.154.13	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.2.153.1	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.2.152.33	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.2.152.32	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.2.152.21	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.2.152	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.1.95.2	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.1.95.1	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.1.92.8	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.1.92.10	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.1.85.3	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.1.82.76	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.1.52.15	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.1.52.14.1	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.1.106.16	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.1.105.6	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.1.102.65	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.1.102.64	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.0.42.34	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.0.32.18	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	2.0.4	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	2.0.3	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	1.5.3.9130	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	1.5.3.9120	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	1.5.3	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	1.5.2	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	1.5.1	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	3.2.0.2080	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	3.2.0.2070	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	3.1.0.4880	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	3.0	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	2.7.1.1961	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	2.7.1	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	2.7	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	2.6.19140	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	2.6.19120	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	2.6	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	2.5.1	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	2.0.2.12610	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	2.0.2	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	1.5	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	1.1	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	1.01	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	1.0	Trust: 0.3

sources: BID: 75089 // JVNDB: JVNDB-2015-002982 // CNNVD: CNNVD-201506-184 // NVD: CVE-2015-3101

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2015-3101
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2015-3101
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201506-184
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-81062
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2015-3101
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2015-3101
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-81062
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-81062 // VULMON: CVE-2015-3101 // JVNDB: JVNDB-2015-002982 // CNNVD: CNNVD-201506-184 // NVD: CVE-2015-3101

PROBLEMTYPE DATA

problemtype:

CWE-264

Trust: 1.9

sources: VULHUB: VHN-81062 // JVNDB: JVNDB-2015-002982 // NVD: CVE-2015-3101

THREAT TYPE

remote

Trust: 0.7

sources: PACKETSTORM: 132396 // CNNVD: CNNVD-201506-184

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201506-184

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-002982

PATCH

title:	APSB15-11	url:	http://helpx.adobe.com/security/products/flash-player/apsb15-11.html	Trust: 0.8
title:	APSB15-11	url:	http://helpx.adobe.com/jp/security/products/flash-player/apsb15-11.html	Trust: 0.8
title:	Google Chrome	url:	https://www.google.com/intl/ja/chrome/browser/features.html	Trust: 0.8
title:	Stable Channel Update	url:	http://googlechromereleases.blogspot.jp/2015/06/stable-channel-update.html	Trust: 0.8
title:	Update for Vulnerabilities in Adobe Flash Player in Internet Explorer (2755801)	url:	https://technet.microsoft.com/en-us/library/security/2755801	Trust: 0.8
title:	Internet Explorer 上の Adobe Flash Player の脆弱性に対応する更新プログラム (2755801)	url:	https://technet.microsoft.com/ja-jp/library/security/2755801	Trust: 0.8
title:	アドビシステムズ社 Adobe Flash Player の脆弱性に関するお知らせ	url:	http://www.fmworld.net/biz/common/adobe/20150611f.html	Trust: 0.8
title:	CVE-Study	url:	https://github.com/thdusdl1219/CVE-Study	Trust: 0.1

sources: VULMON: CVE-2015-3101 // JVNDB: JVNDB-2015-002982

EXTERNAL IDS

db:	NVD	id:	CVE-2015-3101	Trust: 3.0
db:	BID	id:	75089	Trust: 1.5
db:	SECTRACK	id:	1032519	Trust: 1.2
db:	JVNDB	id:	JVNDB-2015-002982	Trust: 0.8
db:	CNNVD	id:	CNNVD-201506-184	Trust: 0.7
db:	VULHUB	id:	VHN-81062	Trust: 0.1
db:	VULMON	id:	CVE-2015-3101	Trust: 0.1
db:	PACKETSTORM	id:	132396	Trust: 0.1

sources: VULHUB: VHN-81062 // VULMON: CVE-2015-3101 // BID: 75089 // JVNDB: JVNDB-2015-002982 // PACKETSTORM: 132396 // CNNVD: CNNVD-201506-184 // NVD: CVE-2015-3101

REFERENCES

url:	https://helpx.adobe.com/security/products/flash-player/apsb15-11.html	Trust: 1.8
url:	http://www.securityfocus.com/bid/75089	Trust: 1.3
url:	https://security.gentoo.org/glsa/201506-01	Trust: 1.3
url:	http://www.securitytracker.com/id/1032519	Trust: 1.2
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3101	Trust: 0.8
url:	http://www.ipa.go.jp/security/ciadr/vul/20150610-adobeflashplayer.html	Trust: 0.8
url:	http://www.jpcert.or.jp/at/2015/at150017.html	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-3101	Trust: 0.8
url:	http://www.npa.go.jp/cyberpolice/topics/?seq=16444	Trust: 0.8
url:	http://www.adobe.com	Trust: 0.3
url:	https://cwe.mitre.org/data/definitions/264.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	http://tools.cisco.com/security/center/viewalert.x?alertid=39272	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-3102	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-3096	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-3108	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-3103	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-4472	Trust: 0.1
url:	https://security.gentoo.org/	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-3106	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-3101	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-3099	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-3101	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-3096	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-3105	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-3107	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-3097	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-3103	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-3102	Trust: 0.1
url:	http://creativecommons.org/licenses/by-sa/2.5	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-3107	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-3106	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-3100	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-3097	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-3104	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-3105	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-3098	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-3099	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-3108	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-3104	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-3098	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-3100	Trust: 0.1
url:	https://bugs.gentoo.org.	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-4472	Trust: 0.1

sources: VULHUB: VHN-81062 // VULMON: CVE-2015-3101 // BID: 75089 // JVNDB: JVNDB-2015-002982 // PACKETSTORM: 132396 // CNNVD: CNNVD-201506-184 // NVD: CVE-2015-3101

CREDITS

Behrang Fouladi Azarnaminy and Axel Souchet of the 360 Vulcan Team.

Trust: 0.3

sources: BID: 75089

SOURCES

db:	VULHUB	id:	VHN-81062
db:	VULMON	id:	CVE-2015-3101
db:	BID	id:	75089
db:	JVNDB	id:	JVNDB-2015-002982
db:	PACKETSTORM	id:	132396
db:	CNNVD	id:	CNNVD-201506-184
db:	NVD	id:	CVE-2015-3101

LAST UPDATE DATE

2024-11-23T21:14:29.772000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-81062	date:	2016-12-31T00:00:00
db:	VULMON	id:	CVE-2015-3101	date:	2016-12-31T00:00:00
db:	BID	id:	75089	date:	2015-07-15T00:39:00
db:	JVNDB	id:	JVNDB-2015-002982	date:	2015-06-11T00:00:00
db:	CNNVD	id:	CNNVD-201506-184	date:	2015-06-11T00:00:00
db:	NVD	id:	CVE-2015-3101	date:	2024-11-21T02:28:40.333

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-81062	date:	2015-06-10T00:00:00
db:	VULMON	id:	CVE-2015-3101	date:	2015-06-10T00:00:00
db:	BID	id:	75089	date:	2015-06-09T00:00:00
db:	JVNDB	id:	JVNDB-2015-002982	date:	2015-06-11T00:00:00
db:	PACKETSTORM	id:	132396	date:	2015-06-21T13:13:00
db:	CNNVD	id:	CNNVD-201506-184	date:	2015-06-10T00:00:00
db:	NVD	id:	CVE-2015-3101	date:	2015-06-10T01:59:43.987