ID

VAR-201508-0071


CVE

CVE-2015-5566


TITLE

Adobe Flash Player and Adobe AIR Vulnerable to arbitrary code execution

Trust: 0.8

sources: JVNDB: JVNDB-2015-004402

DESCRIPTION

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linux, Adobe AIR before 18.0.0.199, Adobe AIR SDK before 18.0.0.199, and Adobe AIR SDK & Compiler before 18.0.0.199 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-5127, CVE-2015-5130, CVE-2015-5134, CVE-2015-5539, CVE-2015-5540, CVE-2015-5550, CVE-2015-5551, CVE-2015-5556, CVE-2015-5557, CVE-2015-5559, CVE-2015-5561, CVE-2015-5563, CVE-2015-5564, and CVE-2015-5565. This vulnerability CVE-2015-5127 , CVE-2015-5130 , CVE-2015-5134 , CVE-2015-5539 , CVE-2015-5540 , CVE-2015-5550 , CVE-2015-5551 , CVE-2015-5556 , CVE-2015-5557 , CVE-2015-5559 , CVE-2015-5561 , CVE-2015-5563 , CVE-2015-5564 ,and CVE-2015-5565 Is a different vulnerability. Supplementary information : CWE Vulnerability type by CWE-416: Use-after-free ( Use of freed memory ) Has been identified. http://cwe.mitre.org/data/definitions/416.htmlAn attacker could execute arbitrary code. A use-after-free vulnerability exists in several Adobe products. The following products and versions are affected: Adobe Flash Player Desktop Runtime 18.0.0.209 and earlier versions and Adobe Flash Player Extended Support Release 13.0.0.309 and earlier versions based on Windows and Macintosh platforms, Adobe Flash Player for Windows, Macintosh and Linux platforms Google Chrome 18.0.0.209 and earlier, Adobe Flash Player for Microsoft Edge and Internet Explorer 11 on Windows 10 18.0.0.209 and earlier, Adobe Flash Player for Internet Explorer 10 and 11 18.0.0.209 on Windows 8.0 and 8.1 and previous versions, Adobe Flash Player for Linux 11.2.202.491 and previous versions based on Linux platforms, AIR Desktop Runtime 18.0.0.180 and previous versions based on Windows and Macintosh platforms, and AIR SDK 18.0 based on Windows, Macintosh, Android and iOS platforms. 0.180 and earlier and AIR SDK & Compiler 18.0.0.180 and earlier

Trust: 1.8

sources: NVD: CVE-2015-5566 // JVNDB: JVNDB-2015-004402 // VULHUB: VHN-83527 // VULMON: CVE-2015-5566

AFFECTED PRODUCTS

vendor:adobemodel:air sdk \& compilerscope:lteversion:18.0.0.180

Trust: 1.0

vendor:adobemodel:air sdkscope:lteversion:18.0.0.180

Trust: 1.0

vendor:adobemodel:flash playerscope:lteversion:11.2.202.491

Trust: 1.0

vendor:adobemodel:airscope:lteversion:18.0.0.180

Trust: 1.0

vendor:adobemodel:flash playerscope:lteversion:18.0.0.209

Trust: 1.0

vendor:googlemodel:chromescope: - version: -

Trust: 0.8

vendor:adobemodel:airscope:ltversion:desktop runtime 18.0.0.199 (windows/macintosh)

Trust: 0.8

vendor:adobemodel:air sdkscope:ltversion:18.0.0.199 (windows/macintosh/android/ios)

Trust: 0.8

vendor:adobemodel:air sdk & compilerscope:ltversion:18.0.0.199 (windows/macintosh/android/ios)

Trust: 0.8

vendor:adobemodel:flash playerscope:ltversion:11.2.202.508 (linux)

Trust: 0.8

vendor:adobemodel:flash playerscope:ltversion:18.0.0.232 (internet explorer 10/11)

Trust: 0.8

vendor:adobemodel:flash playerscope:ltversion:18.0.0.232 (microsoft edge)

Trust: 0.8

vendor:adobemodel:flash playerscope:ltversion:18.0.0.232 (windows/macintosh edition chrome)

Trust: 0.8

vendor:adobemodel:flash playerscope:ltversion:18.0.0.233 (linux/chrome os edition chrome)

Trust: 0.8

vendor:adobemodel:flash playerscope:ltversion:desktop runtime 18.0.0.232 (windows/macintosh)

Trust: 0.8

vendor:adobemodel:flash playerscope:ltversion:continuous support release 18.0.0.232 (windows/macintosh)

Trust: 0.8

vendor:microsoftmodel:edgescope:eqversion:(windows 10)

Trust: 0.8

vendor:microsoftmodel:internet explorerscope:eqversion:10 (windows 8/windows server 2012/windows rt)

Trust: 0.8

vendor:microsoftmodel:internet explorerscope:eqversion:11 (windows 8.1/windows server 2012 r2/windows rt 8.1/windows 10)

Trust: 0.8

vendor:adobemodel:airscope:eqversion:18.0.0.180

Trust: 0.6

vendor:adobemodel:air sdk \& compilerscope:eqversion:18.0.0.180

Trust: 0.6

vendor:adobemodel:flash playerscope:eqversion:18.0.0.209

Trust: 0.6

vendor:adobemodel:air sdkscope:eqversion:18.0.0.180

Trust: 0.6

vendor:adobemodel:flash playerscope:eqversion:11.2.202.491

Trust: 0.6

sources: JVNDB: JVNDB-2015-004402 // CNNVD: CNNVD-201508-507 // NVD: CVE-2015-5566

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-5566
value: HIGH

Trust: 1.0

NVD: CVE-2015-5566
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201508-507
value: CRITICAL

Trust: 0.6

VULHUB: VHN-83527
value: HIGH

Trust: 0.1

VULMON: CVE-2015-5566
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2015-5566
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-83527
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-83527 // VULMON: CVE-2015-5566 // JVNDB: JVNDB-2015-004402 // CNNVD: CNNVD-201508-507 // NVD: CVE-2015-5566

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

problemtype:CWE-Other

Trust: 0.8

sources: JVNDB: JVNDB-2015-004402 // NVD: CVE-2015-5566

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201508-507

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-201508-507

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-004402

PATCH

title:APSB15-19url:https://helpx.adobe.com/security/products/flash-player/apsb15-19.html

Trust: 0.8

title:APSB15-19url:https://helpx.adobe.com/jp/security/products/flash-player/apsb15-19.html

Trust: 0.8

title:Google Chrome を更新するurl:https://support.google.com/chrome/answer/95414?hl=ja

Trust: 0.8

title:Google Chromeurl:https://www.google.com/intl/ja/chrome/browser/features.html

Trust: 0.8

title:Chrome Releasesurl:http://googlechromereleases.blogspot.jp/

Trust: 0.8

title:Update for Vulnerabilities in Adobe Flash Player in Internet Explorer and Microsoft Edge (2755801)url:https://technet.microsoft.com/en-us/library/security/2755801

Trust: 0.8

title:Internet Explorer および Microsoft Edge 上の Adobe Flash Player の脆弱性に対応する更新プログラム (2755801)url:https://technet.microsoft.com/ja-jp/library/security/2755801

Trust: 0.8

title:アドビ システムズ社 Adobe Flash Player の脆弱性に関するお知らせurl:http://www.fmworld.net/biz/common/adobe/20150813f.html

Trust: 0.8

title:Red Hat: CVE-2015-5566url:https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database&qid=CVE-2015-5566

Trust: 0.1

title:CVE-Studyurl:https://github.com/thdusdl1219/CVE-Study

Trust: 0.1

sources: VULMON: CVE-2015-5566 // JVNDB: JVNDB-2015-004402

EXTERNAL IDS

db:NVDid:CVE-2015-5566

Trust: 2.6

db:SECTRACKid:1033235

Trust: 1.2

db:JVNDBid:JVNDB-2015-004402

Trust: 0.8

db:CNNVDid:CNNVD-201508-507

Trust: 0.7

db:VULHUBid:VHN-83527

Trust: 0.1

db:VULMONid:CVE-2015-5566

Trust: 0.1

sources: VULHUB: VHN-83527 // VULMON: CVE-2015-5566 // JVNDB: JVNDB-2015-004402 // CNNVD: CNNVD-201508-507 // NVD: CVE-2015-5566

REFERENCES

url:https://helpx.adobe.com/security/products/flash-player/apsb15-19.html

Trust: 1.8

url:https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05356388

Trust: 1.2

url:https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05385680

Trust: 1.2

url:https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05390722

Trust: 1.2

url:http://rhn.redhat.com/errata/rhsa-2015-1603.html

Trust: 1.2

url:http://www.securitytracker.com/id/1033235

Trust: 1.2

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-5566

Trust: 0.8

url:https://www.ipa.go.jp/security/ciadr/vul/20150812-adobeflashplayer.html

Trust: 0.8

url:http://www.jpcert.or.jp/at/2015/at150029.html

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-5566

Trust: 0.8

url:http://www.npa.go.jp/cyberpolice/topics/?seq=16704

Trust: 0.8

url:https://cwe.mitre.org/data/definitions/.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2015-5566

Trust: 0.1

sources: VULHUB: VHN-83527 // VULMON: CVE-2015-5566 // JVNDB: JVNDB-2015-004402 // CNNVD: CNNVD-201508-507 // NVD: CVE-2015-5566

SOURCES

db:VULHUBid:VHN-83527
db:VULMONid:CVE-2015-5566
db:JVNDBid:JVNDB-2015-004402
db:CNNVDid:CNNVD-201508-507
db:NVDid:CVE-2015-5566

LAST UPDATE DATE

2024-11-23T20:52:47.978000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-83527date:2018-01-05T00:00:00
db:VULMONid:CVE-2015-5566date:2018-01-05T00:00:00
db:JVNDBid:JVNDB-2015-004402date:2015-08-26T00:00:00
db:CNNVDid:CNNVD-201508-507date:2015-08-25T00:00:00
db:NVDid:CVE-2015-5566date:2024-11-21T02:33:17.693

SOURCES RELEASE DATE

db:VULHUBid:VHN-83527date:2015-08-24T00:00:00
db:VULMONid:CVE-2015-5566date:2015-08-24T00:00:00
db:JVNDBid:JVNDB-2015-004402date:2015-08-26T00:00:00
db:CNNVDid:CNNVD-201508-507date:2015-08-25T00:00:00
db:NVDid:CVE-2015-5566date:2015-08-24T10:59:00.127