CVE-2015-0311

CVSS v3.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Adobe Flash Player versions prior to 13.0.0.263 Adobe Flash Player versions 14.x through 16.x prior to 16.0.0.288 Adobe Flash Player version 11.2.202.438 and earlier on Linux

Description The issue is related to a use-after-free vulnerability in the ByteArray::UncompressViaZlibVariant() function, allowing a remote attacker to execute arbitrary code or cause a denial of service via a specially crafted swf file. This vulnerability has been exploited in the wild, with reports of its use in January 2015.

Recommendations For Adobe Flash Player versions prior to 13.0.0.263, update to version 13.0.0.263 or later. For Adobe Flash Player versions 14.x through 16.x prior to 16.0.0.288, update to version 16.0.0.288 or later. For Adobe Flash Player version 11.2.202.438 and earlier on Linux, update to a version later than 11.2.202.438.

Exploit

Fix

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-17CWE-416

Related Identifiers

ALT-PU-2015-1076

ALT-PU-2015-1103

BDU:2015-09810

BDU:2015-09811

BDU:2015-10322

CVE-2015-0311

MGASA-2015-0043

OPENSUSE-SU-2015_0150-1

OPENSUSE-SU-2015_0174-1

RHSA-2015:0094

RHSA-2015_0094

SUSE-SU-2015_0151-1

SUSE-SU-2015_0163-1

Affected Products

Alt Linux

Flash Player

Red Hat

Suse

CVE-2015-0311

Weakness Enumeration

Related Identifiers

Affected Products

References · 35