fkie_nvd - fkie_cve-2015-5584

fkie_cve-2015-5584

Vulnerability from fkie_nvd

Published

2015-09-22 10:59

Modified

2024-11-21 02:33

Severity ?

Summary

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-5570, CVE-2015-5574, CVE-2015-5581, and CVE-2015-6682.

References

URL	Tags
psirt@adobe.com	http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00022.html
psirt@adobe.com	http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00023.html
psirt@adobe.com	http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00024.html
psirt@adobe.com	http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00018.html
psirt@adobe.com	http://rhn.redhat.com/errata/RHSA-2015-1814.html
psirt@adobe.com	http://www.securityfocus.com/bid/76795
psirt@adobe.com	http://www.securitytracker.com/id/1033629
psirt@adobe.com	https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04939841
psirt@adobe.com	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388
psirt@adobe.com	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680
psirt@adobe.com	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722
psirt@adobe.com	https://helpx.adobe.com/security/products/flash-player/apsb15-23.html	Patch, Vendor Advisory
psirt@adobe.com	https://security.gentoo.org/glsa/201509-07
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00022.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00023.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00024.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00018.html
af854a3a-2127-422b-91ae-364da2661108	http://rhn.redhat.com/errata/RHSA-2015-1814.html
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/76795
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1033629
af854a3a-2127-422b-91ae-364da2661108	https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04939841
af854a3a-2127-422b-91ae-364da2661108	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388
af854a3a-2127-422b-91ae-364da2661108	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680
af854a3a-2127-422b-91ae-364da2661108	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722
af854a3a-2127-422b-91ae-364da2661108	https://helpx.adobe.com/security/products/flash-player/apsb15-23.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/201509-07

Impacted products

Vendor	Product	Version
adobe	flash_player	*
adobe	flash_player	14.0.0.125
adobe	flash_player	14.0.0.145
adobe	flash_player	14.0.0.176
adobe	flash_player	14.0.0.179
adobe	flash_player	15.0.0.152
adobe	flash_player	15.0.0.167
adobe	flash_player	15.0.0.189
adobe	flash_player	15.0.0.223
adobe	flash_player	15.0.0.239
adobe	flash_player	15.0.0.246
adobe	flash_player	16.0.0.235
adobe	flash_player	16.0.0.257
adobe	flash_player	16.0.0.287
adobe	flash_player	16.0.0.296
adobe	flash_player	17.0.0.134
adobe	flash_player	17.0.0.169
adobe	flash_player	17.0.0.188
adobe	flash_player	17.0.0.190
adobe	flash_player	17.0.0.191
adobe	flash_player	18.0.0.160
adobe	flash_player	18.0.0.194
adobe	flash_player	18.0.0.203
adobe	flash_player	18.0.0.209
adobe	flash_player	18.0.0.232
apple	mac_os_x	-
microsoft	windows	-
adobe	flash_player	*
linux	linux_kernel	-
adobe	air	*
google	android	*
adobe	air	*
adobe	air_sdk	*
adobe	air_sdk_\&_compiler	*
apple	mac_os_x	-
microsoft	windows	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E2E515D4-87A7-4CB5-8C91-0A95BE8F283B",
              "versionEndIncluding": "13.0.0.289",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:14.0.0.125:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5D7202D-56DF-400B-9F09-E7D9938222D3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:14.0.0.145:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D4F0D21-A64B-46C1-9591-96529661DF0B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:14.0.0.176:*:*:*:*:*:*:*",
              "matchCriteriaId": "86961019-3B81-458E-949F-A2F006EA55FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:14.0.0.179:*:*:*:*:*:*:*",
              "matchCriteriaId": "25895BE9-71FD-4DE7-90FC-0199470A8738",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:15.0.0.152:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D55A950-7D48-413C-AD43-6AC64FBE790C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:15.0.0.167:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1A22B74-453D-4A8A-B79A-2B3143A0D995",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:15.0.0.189:*:*:*:*:*:*:*",
              "matchCriteriaId": "3FE4B077-67D1-4B25-976E-715FB6B2A1D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:15.0.0.223:*:*:*:*:*:*:*",
              "matchCriteriaId": "BFC91B68-6B35-47BD-BC02-3F836E772CF3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:15.0.0.239:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3BE6004-C30A-46E2-9F25-785E12BBF640",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:15.0.0.246:*:*:*:*:*:*:*",
              "matchCriteriaId": "CFE8E51F-7A32-41A4-B03A-73E52EB64C04",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:16.0.0.235:*:*:*:*:*:*:*",
              "matchCriteriaId": "3E13E927-A77C-4681-AFDE-A5A14093234D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:16.0.0.257:*:*:*:*:*:*:*",
              "matchCriteriaId": "27629FF0-5EB9-476F-B5B3-115F663AB65E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:16.0.0.287:*:*:*:*:*:*:*",
              "matchCriteriaId": "C0AB583F-3EBD-47B6-975E-7754CC32CCA7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:16.0.0.296:*:*:*:*:*:*:*",
              "matchCriteriaId": "B58DE1A9-0510-4B65-AB18-75F9263A7818",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:17.0.0.134:*:*:*:*:*:*:*",
              "matchCriteriaId": "1BC4FAD0-4A54-4EDF-BE39-28138B34E719",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:17.0.0.169:*:*:*:*:*:*:*",
              "matchCriteriaId": "BE1FBC20-3DE6-4426-9E97-42AFCEF8CEE4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:17.0.0.188:*:*:*:*:*:*:*",
              "matchCriteriaId": "40EF2221-DE87-4D8F-B92D-8FD21EEBEABA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:17.0.0.190:*:*:*:*:*:*:*",
              "matchCriteriaId": "3DF6FE30-4B7A-49EB-8571-C2C6E6F8F10C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:17.0.0.191:*:*:*:*:*:*:*",
              "matchCriteriaId": "907BA8C1-3C18-420B-A607-1798C72C28A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:18.0.0.160:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B8349AC-871D-4320-B361-D5877CD4DDC5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:18.0.0.194:*:*:*:*:*:*:*",
              "matchCriteriaId": "950A7A0E-8241-430A-BA17-49C650079DCE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:18.0.0.203:*:*:*:*:*:*:*",
              "matchCriteriaId": "B73C55A2-A88A-4245-820F-0DEAC707A40D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:18.0.0.209:*:*:*:*:*:*:*",
              "matchCriteriaId": "E60B5CBA-1ADB-4577-AF7C-687F08E0DC58",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:18.0.0.232:*:*:*:*:*:*:*",
              "matchCriteriaId": "7400BCB7-3C83-4995-BEC2-9D32367D9EC0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4781BF1E-8A4E-4AFF-9540-23D523EE30DD",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "40C5B719-043A-45CB-A00E-34FE19F32AE6",
              "versionEndIncluding": "11.2.202.508",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:air:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "990E3AB4-FAD2-476D-AFFE-9D0E070BA588",
              "versionEndIncluding": "18.0.0.143",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:google:android:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8255F035-04C8-4158-B301-82101711939C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:adobe:air:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E6ADB5A-7C12-4CED-89DA-DACFD2D842A8",
              "versionEndIncluding": "18.0.0.199",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:air_sdk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1DAE3C44-B900-4F9D-84E1-17FA67587210",
              "versionEndIncluding": "18.0.0.199",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:adobe:air_sdk_\\\u0026_compiler:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A5E0EBC1-529C-40F7-864F-E08F6D5FFBAD",
              "versionEndIncluding": "18.0.0.180",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4781BF1E-8A4E-4AFF-9540-23D523EE30DD",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Use-after-free vulnerability in Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK \u0026 Compiler before 19.0.0.190 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-5570, CVE-2015-5574, CVE-2015-5581, and CVE-2015-6682."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de uso despu\u00e9s de liberaci\u00f3n de memoria en Adobe Flash Player en versiones anteriores a 18.0.0.241 y 19.x en versiones anteriores a 19.0.0.185 en Windows y OS X y en versiones anteriores a 11.2.202.521 en Linux, Adobe AIR en versiones anteriores a 19.0.0.190, Adobe AIR SDK en versiones anteriores a 19.0.0.190 y Adobe AIR SDK \u0026 Compiler en versiones anteriores a 19.0.0.190, permite a atacantes ejecutar c\u00f3digo arbitrario a trav\u00e9s de vectores no especificados, una vulnerabilidad diferente a CVE-2015-5570, CVE-2015-5574, CVE-2015-5581 y CVE-2015-6682."
    }
  ],
  "evaluatorComment": "\u003ca href=\"http://cwe.mitre.org/data/definitions/416.html\"\u003eCWE-416: Use After Free\u003c/a\u003e",
  "id": "CVE-2015-5584",
  "lastModified": "2024-11-21T02:33:20.437",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": true,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2015-09-22T10:59:15.530",
  "references": [
    {
      "source": "psirt@adobe.com",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00022.html"
    },
    {
      "source": "psirt@adobe.com",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00023.html"
    },
    {
      "source": "psirt@adobe.com",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00024.html"
    },
    {
      "source": "psirt@adobe.com",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00018.html"
    },
    {
      "source": "psirt@adobe.com",
      "url": "http://rhn.redhat.com/errata/RHSA-2015-1814.html"
    },
    {
      "source": "psirt@adobe.com",
      "url": "http://www.securityfocus.com/bid/76795"
    },
    {
      "source": "psirt@adobe.com",
      "url": "http://www.securitytracker.com/id/1033629"
    },
    {
      "source": "psirt@adobe.com",
      "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04939841"
    },
    {
      "source": "psirt@adobe.com",
      "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388"
    },
    {
      "source": "psirt@adobe.com",
      "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680"
    },
    {
      "source": "psirt@adobe.com",
      "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722"
    },
    {
      "source": "psirt@adobe.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://helpx.adobe.com/security/products/flash-player/apsb15-23.html"
    },
    {
      "source": "psirt@adobe.com",
      "url": "https://security.gentoo.org/glsa/201509-07"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00022.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00023.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00024.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00018.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2015-1814.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/76795"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1033629"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04939841"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://helpx.adobe.com/security/products/flash-player/apsb15-23.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.gentoo.org/glsa/201509-07"
    }
  ],
  "sourceIdentifier": "psirt@adobe.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

cve-2015-5584

Vulnerability from cvelistv5

Published

2015-09-22 10:00

Modified

2024-08-06 06:50