Details of VAR-201603-0073

ID

VAR-201603-0073

CVE

CVE-2015-8654

TITLE

Adobe Flash Player and Adobe AIR Vulnerable to arbitrary code execution

Trust: 0.8

sources: JVNDB: JVNDB-2015-006963

DESCRIPTION

Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allow attackers to execute arbitrary code or cause a denial of service (out-of-bounds read and memory corruption) via crafted MPEG-4 data, a different vulnerability than CVE-2015-8045, CVE-2015-8047, CVE-2015-8060, CVE-2015-8408, CVE-2015-8416, CVE-2015-8417, CVE-2015-8418, CVE-2015-8419, CVE-2015-8443, CVE-2015-8444, CVE-2015-8451, CVE-2015-8455, CVE-2015-8652, CVE-2015-8656, CVE-2015-8657, CVE-2015-8658, and CVE-2015-8820. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within MPEG-4 parsing. A specially crafted MP4 file can force Adobe Flash to read memory past the end of an allocated object. An attacker could leverage this vulnerability to execute code under the context of the current process. Security flaws exist in several Adobe products. The following products and versions are affected: Adobe Flash Player Desktop Runtime 19.0.0.245 and earlier versions based on Windows and Macintosh platforms and Adobe Flash Player Extended Support Release 18.0.0.261 and earlier versions, Adobe Flash based on Windows, Macintosh, Linux and ChromeOS platforms Player for Google Chrome 19.0.0.245 and earlier, Adobe Flash Player for Microsoft Edge and Internet Explorer 11 on Windows 10 19.0.0.245 and earlier, Adobe Flash Player for Internet Explorer 10 and 11 19.0 on Windows 8.0 and 8.1 .0.245 and earlier versions, Adobe Flash Player for Linux 11.2.202.548 and earlier versions based on Linux platforms, AIR Desktop Runtime 19.0.0.241 and earlier versions based on Windows and Macintosh platforms, AIR SDK based on Windows, Macintosh, Android and iOS platforms 19.0.0.241 and earlier versions and AIR SDK & Compiler 19.0.0

Trust: 2.43

sources: NVD: CVE-2015-8654 // JVNDB: JVNDB-2015-006963 // ZDI: ZDI-15-658 // VULHUB: VHN-86615 // VULMON: CVE-2015-8654

AFFECTED PRODUCTS

vendor:	adobe	model:	air desktop runtime	scope:	lte	version:	19.0.0.241	Trust: 1.0
vendor:	adobe	model:	air sdk	scope:	lte	version:	19.0.0.241	Trust: 1.0
vendor:	adobe	model:	flash player desktop runtime	scope:	lte	version:	19.0.0.245	Trust: 1.0
vendor:	adobe	model:	flash player	scope:	lte	version:	19.0.0.245	Trust: 1.0
vendor:	adobe	model:	air	scope:	lte	version:	19.0.0.241	Trust: 1.0
vendor:	adobe	model:	air sdk \& compiler	scope:	lte	version:	19.0.0.241	Trust: 1.0
vendor:	adobe	model:	flash player	scope:	lte	version:	11.2.202.548	Trust: 1.0
vendor:	adobe	model:	flash player	scope:	lte	version:	18.0.0.261	Trust: 1.0
vendor:	google	model:	chrome	scope:	lt	version:	47.0.2526.80 (windows/macintosh/linux/chrome os)	Trust: 0.8
vendor:	adobe	model:	air	scope:	lt	version:	20.0.0.204 (android)	Trust: 0.8
vendor:	adobe	model:	air	scope:	lt	version:	desktop runtime 20.0.0.204 (windows/macintosh)	Trust: 0.8
vendor:	adobe	model:	air sdk	scope:	lt	version:	20.0.0.204 (windows/macintosh/android/ios)	Trust: 0.8
vendor:	adobe	model:	air sdk & compiler	scope:	lt	version:	20.0.0.204 (windows/macintosh/android/ios)	Trust: 0.8
vendor:	adobe	model:	flash player	scope:	lt	version:	11.2.202.554 (linux)	Trust: 0.8
vendor:	adobe	model:	flash player	scope:	lt	version:	20.0.0.228 (windows 10 edition microsoft edge/internet explorer 11)	Trust: 0.8
vendor:	adobe	model:	flash player	scope:	lt	version:	20.0.0.228 (windows 8.0 and 8.1 edition internet explorer 10/11)	Trust: 0.8
vendor:	adobe	model:	flash player	scope:	lt	version:	20.0.0.228 (windows/macintosh/linux/chromeos edition chrome)	Trust: 0.8
vendor:	adobe	model:	flash player	scope:	lt	version:	desktop runtime (firefox and safari support for ) 20.0.0.235 (windows/macintosh)	Trust: 0.8
vendor:	adobe	model:	flash player	scope:	lt	version:	desktop runtime (internet explorer support for ) 20.0.0.228 (windows/macintosh)	Trust: 0.8
vendor:	adobe	model:	flash player	scope:	lt	version:	continuous support release 18.0.0.268 (windows/macintosh)	Trust: 0.8
vendor:	microsoft	model:	edge	scope:	eq	version:	(windows 10)	Trust: 0.8
vendor:	microsoft	model:	internet explorer	scope:	eq	version:	10 (windows 8/windows server 2012/windows rt)	Trust: 0.8
vendor:	microsoft	model:	internet explorer	scope:	eq	version:	11 (windows 8.1/windows server 2012 r2/windows rt 8.1/windows 10)	Trust: 0.8
vendor:	adobe	model:	flash	scope:	-	version:	-	Trust: 0.7
vendor:	adobe	model:	flash player	scope:	eq	version:	20.0.0.286	Trust: 0.6
vendor:	adobe	model:	flash player	scope:	eq	version:	19.0.0.207	Trust: 0.6
vendor:	adobe	model:	flash player	scope:	eq	version:	19.0.0.245	Trust: 0.6
vendor:	adobe	model:	flash player	scope:	eq	version:	19.0.0.185	Trust: 0.6
vendor:	adobe	model:	flash player	scope:	eq	version:	20.0.0.228	Trust: 0.6
vendor:	adobe	model:	flash player	scope:	eq	version:	18.0.0.261	Trust: 0.6
vendor:	adobe	model:	flash player	scope:	eq	version:	19.0.0.226	Trust: 0.6
vendor:	adobe	model:	flash player	scope:	eq	version:	11.2.202.548	Trust: 0.6
vendor:	adobe	model:	flash player	scope:	eq	version:	20.0.0.235	Trust: 0.6
vendor:	adobe	model:	air sdk \\\& compiler	scope:	eq	version:	19.0.0.241	Trust: 0.6

sources: ZDI: ZDI-15-658 // JVNDB: JVNDB-2015-006963 // CNNVD: CNNVD-201603-036 // NVD: CVE-2015-8654

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2015-8654
value:	HIGH
Trust: 1.0
NVD:	CVE-2015-8654
value:	HIGH
Trust: 0.8
ZDI:	CVE-2015-8654
value:	MEDIUM
Trust: 0.7
CNNVD:	CNNVD-201603-036
value:	HIGH
Trust: 0.6
VULHUB:	VHN-86615
value:	HIGH
Trust: 0.1
VULMON:	CVE-2015-8654
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2015-8654
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
ZDI:	CVE-2015-8654
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.7
VULHUB:	VHN-86615
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2015-8654
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0

sources: ZDI: ZDI-15-658 // VULHUB: VHN-86615 // VULMON: CVE-2015-8654 // JVNDB: JVNDB-2015-006963 // CNNVD: CNNVD-201603-036 // NVD: CVE-2015-8654

PROBLEMTYPE DATA

problemtype:	CWE-787	Trust: 1.1
problemtype:	CWE-119	Trust: 0.9

sources: VULHUB: VHN-86615 // JVNDB: JVNDB-2015-006963 // NVD: CVE-2015-8654

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201603-036

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201603-036

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-006963

PATCH

title:	APSB15-32	url:	https://helpx.adobe.com/security/products/flash-player/apsb15-32.html	Trust: 1.5
title:	APSB15-32	url:	https://helpx.adobe.com/jp/security/products/flash-player/apsb15-32.html	Trust: 0.8
title:	Google Chrome	url:	https://www.google.com/intl/ja/chrome/browser/features.html	Trust: 0.8
title:	Stable Channel Update	url:	http://googlechromereleases.blogspot.jp/2015/12/stable-channel-update_8.html	Trust: 0.8
title:	Stable Channel Update for Chrome OS	url:	http://googlechromereleases.blogspot.jp/2015/12/stable-channel-update-for-chrome-os_9.html	Trust: 0.8
title:	Update for Vulnerabilities in Adobe Flash Player in Internet Explorer and Microsoft Edge (2755801)	url:	https://technet.microsoft.com/en-us/library/security/2755801	Trust: 0.8
title:	Internet Explorer および Microsoft Edge 上の Adobe Flash Player の脆弱性に対応する更新プログラム (2755801)	url:	https://technet.microsoft.com/ja-jp/library/security/2755801	Trust: 0.8
title:	アドビシステムズ社 Adobe Flash Player の脆弱性に関するお知らせ	url:	http://www.fmworld.net/biz/common/adobe/20151210f.html	Trust: 0.8
title:	Multiple Adobe Product Buffer Overflow Vulnerability Fix	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=60397	Trust: 0.6
title:	Red Hat: Critical: flash-plugin security update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20152593 - Security Advisory	Trust: 0.1
title:	CVE-Study	url:	https://github.com/thdusdl1219/CVE-Study	Trust: 0.1

sources: ZDI: ZDI-15-658 // VULMON: CVE-2015-8654 // JVNDB: JVNDB-2015-006963 // CNNVD: CNNVD-201603-036

EXTERNAL IDS

db:	NVD	id:	CVE-2015-8654	Trust: 3.3
db:	ZDI	id:	ZDI-15-658	Trust: 2.5
db:	BID	id:	84160	Trust: 1.8
db:	JVNDB	id:	JVNDB-2015-006963	Trust: 0.8
db:	ZDI_CAN	id:	ZDI-CAN-3415	Trust: 0.7
db:	CNNVD	id:	CNNVD-201603-036	Trust: 0.7
db:	VULHUB	id:	VHN-86615	Trust: 0.1
db:	VULMON	id:	CVE-2015-8654	Trust: 0.1

sources: ZDI: ZDI-15-658 // VULHUB: VHN-86615 // VULMON: CVE-2015-8654 // JVNDB: JVNDB-2015-006963 // CNNVD: CNNVD-201603-036 // NVD: CVE-2015-8654

REFERENCES

url:	https://helpx.adobe.com/security/products/flash-player/apsb15-32.html	Trust: 2.5
url:	http://www.securityfocus.com/bid/84160	Trust: 1.8
url:	http://www.zerodayinitiative.com/advisories/zdi-15-658	Trust: 1.8
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-8654	Trust: 0.8
url:	https://www.ipa.go.jp/security/ciadr/vul/20151209-adobeflashplayer.html	Trust: 0.8
url:	https://www.jpcert.or.jp/at/2015/at150042.html	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-8654	Trust: 0.8
url:	https://www.npa.go.jp/cyberpolice/topics/?seq=17283	Trust: 0.8
url:	https://cwe.mitre.org/data/definitions/787.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2015:2593	Trust: 0.1
url:	http://tools.cisco.com/security/center/viewalert.x?alertid=42571	Trust: 0.1

sources: ZDI: ZDI-15-658 // VULHUB: VHN-86615 // VULMON: CVE-2015-8654 // JVNDB: JVNDB-2015-006963 // CNNVD: CNNVD-201603-036 // NVD: CVE-2015-8654

CREDITS

AbdulAziz Hariri - HPE Zero Day Initiative

Trust: 0.7

sources: ZDI: ZDI-15-658

SOURCES

db:	ZDI	id:	ZDI-15-658
db:	VULHUB	id:	VHN-86615
db:	VULMON	id:	CVE-2015-8654
db:	JVNDB	id:	JVNDB-2015-006963
db:	CNNVD	id:	CNNVD-201603-036
db:	NVD	id:	CVE-2015-8654

LAST UPDATE DATE

2024-11-23T22:07:52.120000+00:00

SOURCES UPDATE DATE

db:	ZDI	id:	ZDI-15-658	date:	2016-03-02T00:00:00
db:	VULHUB	id:	VHN-86615	date:	2023-01-30T00:00:00
db:	VULMON	id:	CVE-2015-8654	date:	2023-05-08T00:00:00
db:	JVNDB	id:	JVNDB-2015-006963	date:	2016-03-08T00:00:00
db:	CNNVD	id:	CNNVD-201603-036	date:	2023-02-01T00:00:00
db:	NVD	id:	CVE-2015-8654	date:	2024-11-21T02:38:54.220

SOURCES RELEASE DATE

db:	ZDI	id:	ZDI-15-658	date:	2016-03-02T00:00:00
db:	VULHUB	id:	VHN-86615	date:	2016-03-04T00:00:00
db:	VULMON	id:	CVE-2015-8654	date:	2016-03-04T00:00:00
db:	JVNDB	id:	JVNDB-2015-006963	date:	2016-03-08T00:00:00
db:	CNNVD	id:	CNNVD-201603-036	date:	2016-03-07T00:00:00
db:	NVD	id:	CVE-2015-8654	date:	2016-03-04T23:59:03.280