PT-2015-1171 · Adobe+3 · Flash Player+3

Published

2015-01-22

·

Updated

2025-11-17

·

CVE-2015-0310

CVSS v3.1

10

Critical

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Adobe Flash Player versions prior to 13.0.0.262 Adobe Flash Player versions 14.x through 16.x before 16.0.0.287 on Windows and OS X Adobe Flash Player versions prior to 11.2.202.438 on Linux
Description The issue is due to a memory handling error, allowing attackers to bypass the ASLR protection mechanism on Windows and have an unspecified impact on other platforms. This can be exploited by remote attackers to bypass access restrictions for further attacks. The issue was exploited in the wild in January 2015.
Recommendations For Adobe Flash Player versions prior to 13.0.0.262, update to version 13.0.0.262 or later. For Adobe Flash Player versions 14.x through 16.x before 16.0.0.287 on Windows and OS X, update to version 16.0.0.287 or later. For Adobe Flash Player versions prior to 11.2.202.438 on Linux, update to version 11.2.202.438 or later.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-200CWE-264

Related Identifiers

ALT-PU-2015-1076
BDU:2015-10058
BDU:2015-10059
CVE-2015-0310
OPENSUSE-SU-2015_0110-1
OPENSUSE-SU-2015_0174-1
RHSA-2015:0094
RHSA-2015_0094
SUSE-SU-2015_0129-1
SUSE-SU-2015_0135-1

Affected Products

Alt Linux
Flash Player
Red Hat
Suse