Details of VAR-201510-0422

ID

VAR-201510-0422

CVE

CVE-2015-7637

TITLE

Adobe Flash Player and Adobe AIR Vulnerabilities in arbitrary code execution

Trust: 0.8

sources: JVNDB: JVNDB-2015-005337

DESCRIPTION

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.252 and 19.x before 19.0.0.207 on Windows and OS X and before 11.2.202.535 on Linux, Adobe AIR before 19.0.0.213, Adobe AIR SDK before 19.0.0.213, and Adobe AIR SDK & Compiler before 19.0.0.213 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-7629, CVE-2015-7631, CVE-2015-7635, CVE-2015-7636, CVE-2015-7638, CVE-2015-7639, CVE-2015-7640, CVE-2015-7641, CVE-2015-7642, CVE-2015-7643, and CVE-2015-7644. This vulnerability is CVE-2015-7629 , CVE-2015-7631 , CVE-2015-7635 , CVE-2015-7636 , CVE-2015-7638 , CVE-2015-7639 , CVE-2015-7640 , CVE-2015-7641 , CVE-2015-7642 , CVE-2015-7643 ,and CVE-2015-7644 This is a different vulnerability. Supplementary information : CWE Vulnerability types by CWE-416: Use-after-free ( Using freed memory ) Has been identified. http://cwe.mitre.org/data/definitions/416.htmlAn attacker could execute arbitrary code. Failed exploit attempts will likely cause a denial-of-service condition. A use-after-free vulnerability exists in several Adobe products. The following products and versions are affected: Adobe Flash Player Desktop Runtime 19.0.0.185 and earlier versions and Extended Support Release 18.0.0.241 and earlier versions based on Windows and Macintosh platforms, AIR Desktop Runtime 19.0.0.190 and earlier versions, based on Windows, Macintosh, Adobe Flash Player for Google Chrome 19.0.0.185 and earlier on Linux and ChromeOS, Adobe Flash Player for Microsoft Edge and Internet Explorer 11 19.0.0.185 and earlier on Windows 10, Adobe Flash Player on Windows 8.0 and 8.1 For Internet Explorer 10 and 11 19.0.0.185 and earlier versions, Adobe Flash Player for Linux 11.2.202.521 and earlier versions based on Linux platforms, AIR SDK 19.0.0.190 and earlier versions and AIR SDK based on Windows, Macintosh, Android and iOS platforms & Compiler 19.0.0.190 and earlier. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: flash-plugin security update Advisory ID: RHSA-2015:2024-01 Product: Red Hat Enterprise Linux Supplementary Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-2024.html Issue date: 2015-11-11 CVE Names: CVE-2015-5569 CVE-2015-7625 CVE-2015-7626 CVE-2015-7627 CVE-2015-7628 CVE-2015-7629 CVE-2015-7630 CVE-2015-7631 CVE-2015-7632 CVE-2015-7633 CVE-2015-7634 CVE-2015-7635 CVE-2015-7636 CVE-2015-7637 CVE-2015-7638 CVE-2015-7639 CVE-2015-7640 CVE-2015-7641 CVE-2015-7642 CVE-2015-7643 CVE-2015-7644 CVE-2015-7645 CVE-2015-7647 CVE-2015-7648 CVE-2015-7651 CVE-2015-7652 CVE-2015-7653 CVE-2015-7654 CVE-2015-7655 CVE-2015-7656 CVE-2015-7657 CVE-2015-7658 CVE-2015-7659 CVE-2015-7660 CVE-2015-7661 CVE-2015-7662 CVE-2015-7663 CVE-2015-8042 CVE-2015-8043 CVE-2015-8044 CVE-2015-8046 ===================================================================== 1. Summary: An updated Adobe Flash Player package that fixes multiple security issues is now available for Red Hat Enterprise Linux 5 Supplementary. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64 3. Description: The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. These vulnerabilities, detailed in the Adobe Security Bulletins APSB15-25, APSB15-27, and APSB15-28 listed in the References section, could allow an attacker to create a specially crafted SWF file that would cause flash-plugin to crash, execute arbitrary code, or disclose sensitive information when the victim loaded a page containing the malicious SWF content. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1271383 - flash-plugin: multiple code execution issues fixed in APSB15-25 1271388 - flash-plugin: information leak and hardening fixes in APSB15-25 1271966 - CVE-2015-7645 CVE-2015-7647 CVE-2015-7648 flash-plugin: multiple code execution issue fixed in APSB15-27 1280062 - flash-plugin: multiple code execution issues fixed in APSB15-28 6. Package List: Red Hat Enterprise Linux Desktop Supplementary (v. 5): i386: flash-plugin-11.2.202.548-1.el5.i386.rpm x86_64: flash-plugin-11.2.202.548-1.el5.i386.rpm Red Hat Enterprise Linux Server Supplementary (v. 5): i386: flash-plugin-11.2.202.548-1.el5.i386.rpm x86_64: flash-plugin-11.2.202.548-1.el5.i386.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-5569 https://access.redhat.com/security/cve/CVE-2015-7625 https://access.redhat.com/security/cve/CVE-2015-7626 https://access.redhat.com/security/cve/CVE-2015-7627 https://access.redhat.com/security/cve/CVE-2015-7628 https://access.redhat.com/security/cve/CVE-2015-7629 https://access.redhat.com/security/cve/CVE-2015-7630 https://access.redhat.com/security/cve/CVE-2015-7631 https://access.redhat.com/security/cve/CVE-2015-7632 https://access.redhat.com/security/cve/CVE-2015-7633 https://access.redhat.com/security/cve/CVE-2015-7634 https://access.redhat.com/security/cve/CVE-2015-7635 https://access.redhat.com/security/cve/CVE-2015-7636 https://access.redhat.com/security/cve/CVE-2015-7637 https://access.redhat.com/security/cve/CVE-2015-7638 https://access.redhat.com/security/cve/CVE-2015-7639 https://access.redhat.com/security/cve/CVE-2015-7640 https://access.redhat.com/security/cve/CVE-2015-7641 https://access.redhat.com/security/cve/CVE-2015-7642 https://access.redhat.com/security/cve/CVE-2015-7643 https://access.redhat.com/security/cve/CVE-2015-7644 https://access.redhat.com/security/cve/CVE-2015-7645 https://access.redhat.com/security/cve/CVE-2015-7647 https://access.redhat.com/security/cve/CVE-2015-7648 https://access.redhat.com/security/cve/CVE-2015-7651 https://access.redhat.com/security/cve/CVE-2015-7652 https://access.redhat.com/security/cve/CVE-2015-7653 https://access.redhat.com/security/cve/CVE-2015-7654 https://access.redhat.com/security/cve/CVE-2015-7655 https://access.redhat.com/security/cve/CVE-2015-7656 https://access.redhat.com/security/cve/CVE-2015-7657 https://access.redhat.com/security/cve/CVE-2015-7658 https://access.redhat.com/security/cve/CVE-2015-7659 https://access.redhat.com/security/cve/CVE-2015-7660 https://access.redhat.com/security/cve/CVE-2015-7661 https://access.redhat.com/security/cve/CVE-2015-7662 https://access.redhat.com/security/cve/CVE-2015-7663 https://access.redhat.com/security/cve/CVE-2015-8042 https://access.redhat.com/security/cve/CVE-2015-8043 https://access.redhat.com/security/cve/CVE-2015-8044 https://access.redhat.com/security/cve/CVE-2015-8046 https://access.redhat.com/security/updates/classification/#critical https://helpx.adobe.com/security/products/flash-player/apsb15-25.html https://helpx.adobe.com/security/products/flash-player/apsb15-27.html https://helpx.adobe.com/security/products/flash-player/apsb15-28.html 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFWQyWTXlSAg2UNWIIRAl6GAKCUFPmvf4wjsXXDijZN3b6tGFg6ywCffbvg CNf9sF8DWG6aZFgviILLieM= =1JsD -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce

Trust: 2.16

sources: NVD: CVE-2015-7637 // JVNDB: JVNDB-2015-005337 // BID: 77061 // VULHUB: VHN-85598 // VULMON: CVE-2015-7637 // PACKETSTORM: 134310

AFFECTED PRODUCTS

vendor:	adobe	model:	flash player	scope:	lte	version:	11.2.202.521	Trust: 1.0
vendor:	adobe	model:	air sdk	scope:	lte	version:	19.0.0.190	Trust: 1.0
vendor:	adobe	model:	air	scope:	lte	version:	19.0.0.190	Trust: 1.0
vendor:	adobe	model:	flash player	scope:	lte	version:	19.0.0.185	Trust: 1.0
vendor:	adobe	model:	air sdk \& compiler	scope:	lte	version:	19.0.0.190	Trust: 1.0
vendor:	google	model:	chrome	scope:	-	version:	-	Trust: 0.8
vendor:	adobe	model:	air	scope:	lt	version:	desktop runtime 19.0.0.213 (windows/macintosh)	Trust: 0.8
vendor:	adobe	model:	air sdk	scope:	lt	version:	19.0.0.213 (windows/macintosh/android/ios)	Trust: 0.8
vendor:	adobe	model:	air sdk & compiler	scope:	lt	version:	19.0.0.213 (windows/macintosh/android/ios)	Trust: 0.8
vendor:	adobe	model:	flash player	scope:	lt	version:	11.2.202.535 (linux)	Trust: 0.8
vendor:	adobe	model:	flash player	scope:	lt	version:	19.0.0.207 (windows 10 edition microsoft edge/internet explorer 11)	Trust: 0.8
vendor:	adobe	model:	flash player	scope:	lt	version:	19.0.0.207 (windows 8.0 and 8.1 edition internet explorer 10/11)	Trust: 0.8
vendor:	adobe	model:	flash player	scope:	lt	version:	19.0.0.207 (windows/macintosh/linux/chromeos edition chrome)	Trust: 0.8
vendor:	adobe	model:	flash player	scope:	lt	version:	desktop runtime 19.0.0.207 (windows/macintosh)	Trust: 0.8
vendor:	adobe	model:	flash player	scope:	lt	version:	continuous support release 18.0.0.252 (windows/macintosh)	Trust: 0.8
vendor:	microsoft	model:	edge	scope:	eq	version:	(windows 10)	Trust: 0.8
vendor:	microsoft	model:	internet explorer	scope:	eq	version:	10 (windows 8/windows server 2012/windows rt)	Trust: 0.8
vendor:	microsoft	model:	internet explorer	scope:	eq	version:	11 (windows 8.1/windows server 2012 r2/windows rt 8.1)	Trust: 0.8
vendor:	adobe	model:	air sdk \& compiler	scope:	eq	version:	19.0.0.190	Trust: 0.6
vendor:	adobe	model:	air	scope:	eq	version:	19.0.0.190	Trust: 0.6
vendor:	adobe	model:	flash player	scope:	eq	version:	19.0.0.185	Trust: 0.6
vendor:	adobe	model:	air sdk	scope:	eq	version:	19.0.0.190	Trust: 0.6
vendor:	adobe	model:	flash player	scope:	eq	version:	11.2.202.521	Trust: 0.6
vendor:	red	model:	hat enterprise linux workstation supplementary	scope:	eq	version:	6	Trust: 0.3
vendor:	red	model:	hat enterprise linux supplementary server	scope:	eq	version:	5	Trust: 0.3
vendor:	red	model:	hat enterprise linux server supplementary	scope:	eq	version:	6	Trust: 0.3
vendor:	red	model:	hat enterprise linux desktop supplementary	scope:	eq	version:	6	Trust: 0.3
vendor:	red	model:	hat enterprise linux desktop supplementary client	scope:	eq	version:	5	Trust: 0.3
vendor:	gentoo	model:	linux	scope:	-	version:	-	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.1.53.64	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.1.51.66	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.0.452	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.0.3218	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.0.22.87	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.0.15.3	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.0.12.36	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.0.12.35	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	9.0.262	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	9.0.2460	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	9.0.152.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	9.0.151.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	9.0.124.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	9.0.48.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	9.0.47.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	9.0.45.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	9.0.31.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	9.0.289.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	9.0.283.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	9.0.280	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	9.0.28.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	9.0.277.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	9.0.262.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	9.0.260.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	9.0.246.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	9.0.159.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	9.0.155.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	9.0.115.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	9	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	8.0.35.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	8.0.34.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	8	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	7.0.73.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	7.0.70.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	7.0.69.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	7.0.68.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	7.0.67.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	7.0.66.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	7.0.61.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	7.0.60.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	7.0.53.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	7.0.24.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	7.0.19.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	7.0.14.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	7	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	6.0.79	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	6.0.21.0	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.2.202.235	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.2.202.233	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.2.202.229	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.2.202.228	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.2.202.223	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.1.115.8	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.1.115.7	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.1.115.6	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.1.112.61	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.1.111.9	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.1.111.8	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.1.111.7	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.1.111.6	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.1.111.5	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.1.102.63	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.1.102.62	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.1.102.55	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.1.102.228	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	11.0.1.152	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.3.186.7	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.3.186.6	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.3.186.3	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.3.186.2	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.3.185.25	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.3.185.23	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.3.185.22	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.3.185.21	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.3.183.7	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.3.183.5	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.3.183.4	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.3.183.10	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.3.181.34	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.3.181.26	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.3.181.23	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.3.181.22	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.3.181.16	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.3.181.14	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.2.159.1	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.2.157.51	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.2.156.12	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.2.154.28	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.2.154.27	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.2.154.25	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.2.154.24	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.2.154.18	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.2.154.13	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.2.153.1	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.2.152.33	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.2.152.32	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.2.152.21	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.2.152	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.1.95.2	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.1.95.1	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.1.92.8	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.1.92.10	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.1.85.3	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.1.82.76	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.1.52.15	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.1.52.14.1	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.1.106.16	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.1.105.6	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.1.102.65	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.1.102.64	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.0.42.34	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10.0.32.18	Trust: 0.3
vendor:	adobe	model:	flash player	scope:	eq	version:	10	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	2.0.4	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	2.0.3	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	1.5.3.9130	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	1.5.3.9120	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	1.5.3	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	1.5.2	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	1.5.1	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	3.2.0.2080	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	3.2.0.2070	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	3.1.0.4880	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	3.0	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	2.7.1.1961	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	2.7.1	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	2.7	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	2.6.19140	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	2.6.19120	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	2.6	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	2.5.1	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	2.0.2.12610	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	2.0.2	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	1.5	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	1.1	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	1.01	Trust: 0.3
vendor:	adobe	model:	air	scope:	eq	version:	1.0	Trust: 0.3

sources: BID: 77061 // JVNDB: JVNDB-2015-005337 // CNNVD: CNNVD-201510-312 // NVD: CVE-2015-7637

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2015-7637
value:	HIGH
Trust: 1.0
NVD:	CVE-2015-7637
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201510-312
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-85598
value:	HIGH
Trust: 0.1
VULMON:	CVE-2015-7637
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2015-7637
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-85598
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-85598 // VULMON: CVE-2015-7637 // JVNDB: JVNDB-2015-005337 // CNNVD: CNNVD-201510-312 // NVD: CVE-2015-7637

PROBLEMTYPE DATA

problemtype:	NVD-CWE-Other	Trust: 1.0
problemtype:	CWE-Other	Trust: 0.8

sources: JVNDB: JVNDB-2015-005337 // NVD: CVE-2015-7637

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201510-312

TYPE

Unknown

Trust: 0.3

sources: BID: 77061

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-005337

PATCH

title:	APSB15-25	url:	https://helpx.adobe.com/security/products/flash-player/apsb15-25.html	Trust: 0.8
title:	APSB15-25	url:	https://helpx.adobe.com/jp/security/products/flash-player/apsb15-25.html	Trust: 0.8
title:	Google Chrome を更新する	url:	https://support.google.com/chrome/answer/95414?hl=ja	Trust: 0.8
title:	Google Chrome	url:	https://www.google.com/intl/ja/chrome/browser/features.html	Trust: 0.8
title:	Chrome Releases	url:	http://googlechromereleases.blogspot.jp/	Trust: 0.8
title:	Update for Vulnerabilities in Adobe Flash Player in Internet Explorer and Microsoft Edge (2755801)	url:	https://technet.microsoft.com/en-us/library/security/2755801	Trust: 0.8
title:	Internet Explorer および Microsoft Edge 上の Adobe Flash Player の脆弱性に対応する更新プログラム (2755801)	url:	https://technet.microsoft.com/ja-jp/library/security/2755801	Trust: 0.8
title:	アドビシステムズ社 Adobe Flash Player の脆弱性に関するお知らせ	url:	http://www.fmworld.net/biz/common/adobe/20151015f.html	Trust: 0.8
title:	Red Hat: CVE-2015-7637	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database&qid=CVE-2015-7637	Trust: 0.1
title:	CVE-Study	url:	https://github.com/thdusdl1219/CVE-Study	Trust: 0.1

sources: VULMON: CVE-2015-7637 // JVNDB: JVNDB-2015-005337

EXTERNAL IDS

db:	NVD	id:	CVE-2015-7637	Trust: 3.0
db:	BID	id:	77061	Trust: 1.5
db:	JVNDB	id:	JVNDB-2015-005337	Trust: 0.8
db:	CNNVD	id:	CNNVD-201510-312	Trust: 0.7
db:	VULHUB	id:	VHN-85598	Trust: 0.1
db:	VULMON	id:	CVE-2015-7637	Trust: 0.1
db:	PACKETSTORM	id:	134310	Trust: 0.1

sources: VULHUB: VHN-85598 // VULMON: CVE-2015-7637 // BID: 77061 // JVNDB: JVNDB-2015-005337 // PACKETSTORM: 134310 // CNNVD: CNNVD-201510-312 // NVD: CVE-2015-7637

REFERENCES

url:	https://helpx.adobe.com/security/products/flash-player/apsb15-25.html	Trust: 1.9
url:	http://www.securityfocus.com/bid/77061	Trust: 1.3
url:	http://rhn.redhat.com/errata/rhsa-2015-2024.html	Trust: 1.3
url:	http://rhn.redhat.com/errata/rhsa-2015-1893.html	Trust: 1.2
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7637	Trust: 0.8
url:	http://www.ipa.go.jp/security/ciadr/vul/20151014-adobeflashplayer.html	Trust: 0.8
url:	https://www.jpcert.or.jp/at/2015/at150036.html	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-7637	Trust: 0.8
url:	https://www.npa.go.jp/cyberpolice/topics/?seq=17024	Trust: 0.8
url:	http://www.adobe.com/products/air/	Trust: 0.3
url:	http://www.adobe.com	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2015-7637	Trust: 0.2
url:	https://cwe.mitre.org/data/definitions/.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2015-7633	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-7633	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2015-7658	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2015-7635	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2015-7644	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2015-7627	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2015-7641	Trust: 0.1
url:	https://helpx.adobe.com/security/products/flash-player/apsb15-28.html	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-7627	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-7651	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2015-7628	Trust: 0.1
url:	https://access.redhat.com/articles/11258	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2015-7647	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-7642	Trust: 0.1
url:	https://www.redhat.com/mailman/listinfo/rhsa-announce	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2015-7653	Trust: 0.1
url:	https://bugzilla.redhat.com/):	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-7630	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2015-7661	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-7654	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2015-7639	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2015-7659	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-7634	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-7628	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-7638	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-7643	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2015-7630	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-7631	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2015-7663	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2015-7660	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2015-7657	Trust: 0.1
url:	https://access.redhat.com/security/team/contact/	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2015-7632	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2015-7642	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-7625	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2015-7643	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2015-7638	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2015-8046	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2015-7629	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-5569	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2015-7655	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2015-7654	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-7626	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-7652	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-7647	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-7653	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2015-7648	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2015-7634	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2015-7645	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2015-7662	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-7635	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2015-8044	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-7639	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2015-7631	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-7640	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-7645	Trust: 0.1
url:	https://access.redhat.com/security/updates/classification/#critical	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2015-7656	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2015-7652	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-7629	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-7636	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-7641	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2015-7626	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2015-8043	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-7644	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2015-7625	Trust: 0.1
url:	https://helpx.adobe.com/security/products/flash-player/apsb15-27.html	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2015-7651	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-7637	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2015-7636	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-7632	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2015-8042	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-7648	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2015-7640	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2015-5569	Trust: 0.1
url:	https://access.redhat.com/security/team/key/	Trust: 0.1

sources: VULHUB: VHN-85598 // VULMON: CVE-2015-7637 // BID: 77061 // JVNDB: JVNDB-2015-005337 // PACKETSTORM: 134310 // CNNVD: CNNVD-201510-312 // NVD: CVE-2015-7637

CREDITS

instruder of the Alibaba Security Threat Information Center working with HP's Zero Day Initiative, bilou working with HP's Zero Day Initiative, Yuki Chen of Qihoo 360 Vulcan Team, Nicolas Joly and Natalie Silvanovich from Google Project Zero.

Trust: 0.3

sources: BID: 77061

SOURCES

db:	VULHUB	id:	VHN-85598
db:	VULMON	id:	CVE-2015-7637
db:	BID	id:	77061
db:	JVNDB	id:	JVNDB-2015-005337
db:	PACKETSTORM	id:	134310
db:	CNNVD	id:	CNNVD-201510-312
db:	NVD	id:	CVE-2015-7637

LAST UPDATE DATE

2024-11-23T21:43:36.241000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-85598	date:	2018-01-05T00:00:00
db:	VULMON	id:	CVE-2015-7637	date:	2018-01-05T00:00:00
db:	BID	id:	77061	date:	2015-12-08T22:09:00
db:	JVNDB	id:	JVNDB-2015-005337	date:	2015-10-20T00:00:00
db:	CNNVD	id:	CNNVD-201510-312	date:	2015-10-19T00:00:00
db:	NVD	id:	CVE-2015-7637	date:	2024-11-21T02:37:06.670

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-85598	date:	2015-10-18T00:00:00
db:	VULMON	id:	CVE-2015-7637	date:	2015-10-18T00:00:00
db:	BID	id:	77061	date:	2015-10-13T00:00:00
db:	JVNDB	id:	JVNDB-2015-005337	date:	2015-10-20T00:00:00
db:	PACKETSTORM	id:	134310	date:	2015-11-12T01:52:11
db:	CNNVD	id:	CNNVD-201510-312	date:	2015-10-19T00:00:00
db:	NVD	id:	CVE-2015-7637	date:	2015-10-18T10:59:07.347