CVE-2015-0311
published 2015-01-23CVE-2015-0311: Unspecified vulnerability in Adobe Flash Player through 13.0.0.262 and 14.x, 15.x, and 16.x through 16.0.0.287 on Windows and OS X and through 11.2.202.438 on…
PriorityP198critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
KEVITWEXPLOITRansomware
CISA Known Exploited Vulnerabilitydue 2022-05-04
Exploited in the wild
EPSS
85.82%
99.7th percentile
Unspecified vulnerability in Adobe Flash Player through 13.0.0.262 and 14.x, 15.x, and 16.x through 16.0.0.287 on Windows and OS X and through 11.2.202.438 on Linux allows remote attackers to execute arbitrary code via unknown vectors, as exploited in the wild in January 2015.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| adobe | flash_player | <= 11.2.202.438 | — |
| adobe | flash_player | <= 13.0.0.262 | — |
| adobe | flash_player | >= 14.0.0.125 < 16.0.0.287 | 16.0.0.287 |
| microsoft | internet_explorer | — | — |
| microsoft | internet_explorer | — | — |
| suse | linux_enterprise_desktop | — | — |
| suse | linux_enterprise_desktop | — | — |
| suse | linux_enterprise_workstation_extension | — | — |
Detection & IOCsextracted from sources · hover to see the quote
snort↗
SIDs: 33271-33274, 33286
snort↗
SIDs: 29066, 31332, 33182, 33183, 33184, 33185, 33186, 33187, 33188
- →CVE-2015-0311 exploit delivered only to specific User Agents (Internet Explorer and Firefox on Windows 8 and below); Chrome-based or non-standard user agents are served different exploits — filter for non-Chrome UA strings receiving Flash content from Angler EK infrastructure. ↗
- →Angler EK used multi-tier subdomain infrastructure (~1800 landing/exploit subdomains + ~650 redirect subdomains) with algorithmically generated subdomain names (e.g. acfbbfhdahfeh.legitdomain.info) — detect high-entropy subdomain patterns resolving to the listed IPs. ↗
- →New CVE-2015-0311 variants had very low AV detection rates (1/57–3/57) at time of campaign; rely on network-based detection (IDS/NGFW) rather than AV alone for these hashes. ↗
- →Exploit delivered via drive-by-download (malvertising) targeting Internet Explorer and Firefox on Windows 8 and below — prioritize monitoring of these browser/OS combinations for Flash exploit activity. ↗
- →Domains used for exploitation were registered one day and used for only ~24 hours before rotation — short TTL/newly registered domains resolving to the listed IPs are a strong signal of Angler EK activity. ↗
- ·The ~1800 exploit/landing-page domains and ~650 redirect domains are not statically listed in the report; only the backing IP addresses are provided. Block by IP rather than domain for coverage. ↗
- ·The domain list for the earlier campaign (as of 1/23/2015) is referenced as an external link and not reproduced in the blog post; only the two associated IPs (46.105.251.7 & 94.23.247.180) are directly actionable. ↗
- ·Snort SIDs 33271-33274 and 33286 (new variants campaign) and SIDs 29066, 31332, 33182-33188 (initial 0-day campaign) should be verified against the latest Snort/Defense Center ruleset as they may have been updated since publication. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
osv9.8CRITICAL
vulncheck9.8CRITICAL
cisa9.8CRITICAL
vendor_redhat9.8CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA
Adobe Flash Player Remote Code Execution Vulnerability
cisa·2022-04-13·CVSS 9.8
CVE-2015-0311 [CRITICAL] Adobe Flash Player Remote Code Execution Vulnerability
Vulnerability: Adobe Flash Player Remote Code Execution Vulnerability
Affected: Adobe Flash Player
Unspecified vulnerability in Adobe Flash Player allows remote attackers to execute code.
Required Action: The impacted product is end-of-life and should be disconnected if still in use.
Notes: https://nvd.nist.gov/vuln/detail/CVE-2015-0311
Remediation Due Date: 2022-05-04
Red Hat
flash-plugin: multiple critical vulnerabilities (APSA15-01)(APSB15-03)
vendor_redhat·2015-01-26·CVSS 9.8
CVE-2015-0311 [CRITICAL] flash-plugin: multiple critical vulnerabilities (APSA15-01)(APSB15-03)
flash-plugin: multiple critical vulnerabilities (APSA15-01)(APSB15-03)
Unspecified vulnerability in Adobe Flash Player through 13.0.0.262 and 14.x, 15.x, and 16.x through 16.0.0.287 on Windows and OS X and through 11.2.202.438 on Linux allows remote attackers to execute arbitrary code via unknown vectors, as exploited in the wild in January 2015.
GHSA
GHSA-xvc3-rmmw-6hxp: Unspecified vulnerability in Adobe Flash Player through 13
ghsa_unreviewed·2022-05-17
CVE-2015-0311 [HIGH] GHSA-xvc3-rmmw-6hxp: Unspecified vulnerability in Adobe Flash Player through 13
Unspecified vulnerability in Adobe Flash Player through 13.0.0.262 and 14.x, 15.x, and 16.x through 16.0.0.287 on Windows and OS X and through 11.2.202.438 on Linux allows remote attackers to execute arbitrary code via unknown vectors, as exploited in the wild in January 2015.
OSV
CVE-2015-0311: Unspecified vulnerability in Adobe Flash Player through 13
osv·2015-01-23·CVSS 9.8
CVE-2015-0311 [CRITICAL] CVE-2015-0311: Unspecified vulnerability in Adobe Flash Player through 13
Unspecified vulnerability in Adobe Flash Player through 13.0.0.262 and 14.x, 15.x, and 16.x through 16.0.0.287 on Windows and OS X and through 11.2.202.438 on Linux allows remote attackers to execute arbitrary code via unknown vectors, as exploited in the wild in January 2015.
VulnCheck
Adobe Flash Player Remote Code Execution Vulnerability
vulncheck·2015·CVSS 9.8
CVE-2015-0311 [CRITICAL] Adobe Flash Player Remote Code Execution Vulnerability
Adobe Flash Player Remote Code Execution Vulnerability
Unspecified vulnerability in Adobe Flash Player allows remote attackers to execute code.
Affected: Adobe Flash Player
Required Action: The impacted product is end-of-life and should be disconnected if still in use.
Known Ransomware Campaign Use: Known
Exploitation References: https://docs.google.com/spreadsheets/d/1lkNJ0uQwbeC1ZTRrxdtuPLCIl7mlUreoKfSIgajnSyY/edit; https://www.cve.org/CVERecord?id=CVE-2015-0311; https://www.fireeye.com/blog/threat-research/2015/01/a_different_exploit.html; https://threatpost.com/cryptolocker-variant-coming-after-gamers/111611/; https://blog.talosintelligence.com/2015/04/threat-spotlight-teslacrypt-decrypt-it.html; https://dl.acm.org/doi/pdf/10.1145/3465481.3465758; https://www.cisa.gov/sites/defaul
No detection rules found.
Exploit-DB
Adobe Flash Player - ByteArray UncompressViaZlibVariant Use-After-Free (Metasploit)
exploitdb·2015-03-12
CVE-2015-0311 Adobe Flash Player - ByteArray UncompressViaZlibVariant Use-After-Free (Metasploit)
Adobe Flash Player - ByteArray UncompressViaZlibVariant Use-After-Free (Metasploit)
---
##
# This module requires Metasploit: http://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
require 'msf/core'
class Metasploit3 'Adobe Flash Player ByteArray UncompressViaZlibVariant Use After Free',
'Description' => %q{
This module exploits an use after free vulnerability in Adobe Flash Player. The
vulnerability occurs in the ByteArray::UncompressViaZlibVariant method, when trying
to uncompress() a malformed byte stream. This module has been tested successfully
on Windows 7 SP1 (32 bits), IE 8 to IE 11 and Flash 16.0.0.287, 16.0.0.257 and
16.0.0.235.
},
'License' => MSF_LICENSE,
'Author' =>
[
'Unknown', # Vulnerability discovery and exploit in the wild
Metasploit
Adobe Flash Player ByteArray UncompressViaZlibVariant Use After Free
metasploit
Adobe Flash Player ByteArray UncompressViaZlibVariant Use After Free
Adobe Flash Player ByteArray UncompressViaZlibVariant Use After Free
This module exploits a use after free vulnerability in Adobe Flash Player. The vulnerability occurs in the ByteArray::UncompressViaZlibVariant method, when trying to uncompress() a malformed byte stream. This module has been tested successfully on: * Windows 7 SP1 (32 bits), IE 8 to IE 11 and Flash 16.0.0.287, 16.0.0.257 and 16.0.0.235. * Windows 7 SP1 (32-bit), Firefox 38.0.5 and Adobe Flash 16.0.0.287. * Windows 8.1, Firefox 38.0.5 and Adobe Flash 16.0.0.305. * Linux Mint "Rebecca" (32 bits), Firefox 33.0 and Flash 11.2.202.424.
Unit42
The Latest Flash UAF Vulnerabilities in Exploit Kits
blogs_unit42·2015-05-28
The Latest Flash UAF Vulnerabilities in Exploit Kits
## The Latest Flash UAF Vulnerabilities in Exploit Kits
Tao Yan
Published: May 28, 2015
Threat Research
Vulnerabilities
Adobe Flash
ByteArray
Flash UAF
## Introduction
Recently, several popular exploit kits, including Angler, Flash EK, SweetOrange, Fiesta andNeutrino[1], have included several use-after-free (UAF) vulnerabilities in Adobe Flash to exploit victims’ browsers. Previously, these exploit kits typically used out-of-bounds access (OBA) vulnerabilities in Adobe Flash, as these types of vulnerabilities can be exploited universally and stably [2], and require less effort to exploit compared to UAF vulnerabilities. In order to detect these newly added UAF vulnerabilities, we analyzed the code found in the exploit kits to determine which vulnerabilities are present and how
Unit42
The Latest Flash UAF Vulnerabilities in Exploit Kits
blogs_unit42·2015-05-28
The Latest Flash UAF Vulnerabilities in Exploit Kits
### Introduction
Recently, several popular exploit kits, including Angler, Flash EK, SweetOrange, Fiesta andNeutrino[1], have included several use-after-free (UAF) vulnerabilities in Adobe Flash to exploit victims’ browsers. Previously, these exploit kits typically used out-of-bounds access (OBA) vulnerabilities in Adobe Flash, as these types of vulnerabilities can be exploited universally and stably [2], and require less effort to exploit compared to UAF vulnerabilities. In order to detect these newly added UAF vulnerabilities, we analyzed the code found in the exploit kits to determine which vulnerabilities are present and how they are exploited.
### Obfuscation in exploit kits
To determine the vulnerabilities within each exploit kit, we first had to overcoming the various obfuscation
Talos
Threat Spotlight: TeslaCrypt - Decrypt It Yourself
blogs_talos·2015-04-27
Threat Spotlight: TeslaCrypt - Decrypt It Yourself
This post was authored by: Andrea Allievi, Earl Carter & Emmanuel Tacheau
Update 4/28: Windows files recompiled with backward compatibility in Visual Studio 2008
Update 5/8: We've made the source code available via Github here
After the takedown of Cryptolocker, we have seen the rise of Cryptowall. Cryptowall 2 introduced “features” such as advanced anti-debugging techniques, only to have many of those features removed in Cryptowall 3. Ransomware is becoming an extremely lucrative business, leading to many variants and campaigns targeting even localized regions in their own specific languages. Although it is possible that these multiple variants are sponsored by the same threat actor, the most likely conclusion is that multiple threat actors are jumping in to claim a portion of an ever
Talos
Threat Spotlight: TeslaCrypt - Decrypt It Yourself
blogs_talos·2015-04-27
Threat Spotlight: TeslaCrypt - Decrypt It Yourself
## Threat Spotlight: TeslaCrypt - Decrypt It Yourself
This post was authored by: Andrea Allievi , Earl Carter & Emmanuel Tacheau
Update 4/28: Windows files recompiled with backward compatibility in Visual Studio 2008
Update 5/8: We've made the source code available via Github here
After the takedown of Cryptolocker, we have seen the rise of Cryptowall. Cryptowall 2 introduced “features” such as advanced anti-debugging techniques, only to have many of those features removed in Cryptowall 3. Ransomware is becoming an extremely lucrative business, leading to many variants and campaigns targeting even localized regions in their own specific languages. Although it is possible that these multiple variants are sponsored by the same threat actor, the most likely conclusion is that multiple thr
Talos
Angler Exploit Kit - New Variants
blogs_talos·2015-02-03·CVSS 9.8
CVE-2015-0311 [CRITICAL] Angler Exploit Kit - New Variants
This post was authored by Nick Biasini
On January 27th, Talos researchers began observing a new Angler Exploit Kit (EK) campaign using new variants associated with (CVE-2015-0311). Based on our telemetry data the campaign lasted from January 26th until January 30th with the majority of the events occurring on January 28th & 29th.
Researchers detected the new campaign when referencing a known hash that was delivering the recent Flash 0-day (CVE-2015-0311). During this investigation several layers of subdomains are being used to avoid detection. As of the writing of this blog ~1800 domains have been seen being used by the following IP addresses:
- 85.25.107.126
- 207.182.149.14
- 178.32.131.248
- 178.32.131.185
- 85.25.107.127
These domains are associated with the landing page and exploit
Talos
Angler Exploit Kit - New Variants
blogs_talos·2015-02-03·CVSS 9.8
CVE-2015-0311 [CRITICAL] Angler Exploit Kit - New Variants
## Angler Exploit Kit - New Variants
This post was authored by Nick Biasini
On January 27th, Talos researchers began observing a new Angler Exploit Kit (EK) campaign using new variants associated with ( CVE-2015-0311) . Based on our telemetry data the campaign lasted from January 26th until January 30th with the majority of the events occurring on January 28th & 29th.
Researchers detected the new campaign when referencing a known hash that was delivering the recent Flash 0-day (CVE-2015-0311). During this investigation several layers of subdomains are being used to avoid detection. As of the writing of this blog ~1800 domains have been seen being used by the following IP addresses:
85.25.107.126
207.182.149.14
178.32.131.248
178.32.131.185
85.25.107.127 These domains are associated
Qualys
February 0-day for Adobe Flash - Update 2 | Qualys
blogs_qualys·2015-02-02·CVSS 9.8
CVE-2015-0313 [CRITICAL] February 0-day for Adobe Flash - Update 2 | Qualys
Update2: The patch rollout for CVE-2015-0313 has begun . First Adobe Flash autoupdaters, then later the downloadable package plus Chrome and IE.
Update : More evidence on the 0-day (CVE-2015-0313) in the latest Adobe Flash. Trend now believes that it is the Hanjuan Exploit Kit, not Angler that is actively using the 0-day. In addition their testing has shown that the exploit is unable to escape the Google Chrome Sandbox, so Flash running under Google Chrome is still safe. This is actually good news and similar to the last 0-day CVE-2015-0311. Cisco’s Talos group meanwhile reports on further variants of CVE-2015-0311 and their telemetry gives an idea of the spread of the attack that uses an ad network.
Adobe will patch the 0-day this week.
Original : After Adobe fixed two 0-days ( APSB15-
Qualys
February 0-day for Adobe Flash - Update 2 | Qualys
blogs_qualys·2015-02-02·CVSS 9.8
CVE-2015-0313 [CRITICAL] February 0-day for Adobe Flash - Update 2 | Qualys
Update2: The patch rollout for CVE-2015-0313 has begun. First Adobe Flash autoupdaters, then later the downloadable package plus Chrome and IE.
Update: More evidence on the 0-day (CVE-2015-0313) in the latest Adobe Flash. Trend now believes that it is the Hanjuan Exploit Kit, not Angler that is actively using the 0-day. In addition their testing has shown that the exploit is unable to escape the Google Chrome Sandbox, so Flash running under Google Chrome is still safe. This is actually good news and similar to the last 0-day CVE-2015-0311. Cisco’s Talos group meanwhile reports on further variants of CVE-2015-0311 and their telemetry gives an idea of the spread of the attack that uses an ad network.
Adobe will patch the 0-day this week.
Original: After Adobe fixed two 0-days (APSB15-02 a
Talos
Flash 0-day Exploited by Angler Exploit Kit
blogs_talos·2015-01-23·CVSS 8.8
[HIGH] Flash 0-day Exploited by Angler Exploit Kit
## Flash 0-day Exploited by Angler Exploit Kit
This post was authored by Nick Biasini , Earl Carter and Jaeson Schultz
Flash has long been a favorite target among Exploit Kits (EK). In October 2014 the Angler EK was believed to be targeting a new Flash vulnerability . The bug that the Angler exploit kit was attempting to exploit had been “accidentally” patched by Adobe’s APSB14-22 update. According to F-Secure , the vulnerability that Angler was actually attempting to exploit was an entirely new bug, CVE-2014-8439 . The bug was severe enough that Adobe fixed it out-of-band.
Fast forward to January 2015. With the emergence of this new Flash 0-day bug , we have more evidence that the Angler Exploit Kit developers are actively working on discovering fresh bugs in Flash for themselves. The
Talos
Flash 0-day Exploited by Angler Exploit Kit
blogs_talos·2015-01-23·CVSS 8.8
CVE-2014-8439 [HIGH] Flash 0-day Exploited by Angler Exploit Kit
This post was authored by Nick Biasini, Earl Carter and Jaeson Schultz
Flash has long been a favorite target among Exploit Kits (EK). In October 2014 the Angler EK was believed to be targeting a new Flash vulnerability. The bug that the Angler exploit kit was attempting to exploit had been “accidentally” patched by Adobe’s APSB14-22 update. According to F-Secure, the vulnerability that Angler was actually attempting to exploit was an entirely new bug, CVE-2014-8439. The bug was severe enough that Adobe fixed it out-of-band.
Fast forward to January 2015. With the emergence of this new Flash 0-day bug, we have more evidence that the Angler Exploit Kit developers are actively working on discovering fresh bugs in Flash for themselves. The group is incorporating these exploits into the Angler
Qualys
New 0-day vulnerability in Adobe Flash - Update 5 | Qualys
blogs_qualys·2015-01-21·CVSS 7.8
CVE-2015-0311 [HIGH] New 0-day vulnerability in Adobe Flash - Update 5 | Qualys
Update: Adobe has published a new version of the Flash player (16.0.0.296) that addresses CVE-2015-0311). At the moment only users of the automated Adobe Update service are getting the update. You can go into your control panel and perform a manual update to see the version and trigger a manual update if necessary:
So that means that at the moment my Safari browser is the tool of choice to use. Google Chrome and Internet Explorer use their own update mechanism, which is normally an advantage as they tend to be fast and convenient have not gotten their automated updates yet.You can check on the version of your Flash plugin here at the official Adobe page. A downloadable standalone update (APSB15-03) suitable for enterprise patch management systems is expected next week. If you decide not t
Recorded Future
The History of Ashiyane: Iran’s First Security Forum
blogs_recorded_future
The History of Ashiyane: Iran’s First Security Forum
# The History of Ashiyane: Iran’s First Security Forum
Scope Note*: Recorded Future conducted research on the evolution of Ashiyane Forum, the first and largest security forum in Iran. Sources of this research include the Recorded FutureⓇ Platform, direct forum interaction, open source research, and interviews with a former Iranian hacker who claims firsthand knowledge of Iran’s security forums.*
This report will be of greatest interest to organizations seeking to understand the rapidly changing criminal and state-sponsored cyber threats emerging from Iran to better protect their organizations.
### Executive Summary
In a previous report, Insikt Group documented the relationship between the Iranian government, contractors used for offensive cyber operations, and the trust communities th
Recorded Future
The History of Ashiyane: Iran’s First Security Forum | Recorded Future
blogs_recorded_future
The History of Ashiyane: Iran’s First Security Forum | Recorded Future
## The History of Ashiyane: Iran’s First Security Forum
This report will be of greatest interest to organizations seeking to understand the rapidly changing criminal and state-sponsored cyber threats emerging from Iran to better protect their organizations.
## Executive Summary
In a previous report , Insikt Group documented the relationship between the Iranian government, contractors used for offensive cyber operations, and the trust communities that begin with Iranian security forums. This report further explores the historical links between Iran’s primary security forum, Ashiyane Forum, and the Iranian government. Recorded Future observed forum posts from over 20,000 Ashiyane Forum members and found a trend in Iranian hacker migration following Ashiyane Forum’s shutdown in August 2018
Bugzilla
CVE-2015-0311 CVE-2015-0312 flash-plugin: multiple critical vulnerabilities (APSA15-01)(APSB15-03)
bugzilla·2015-01-23·CVSS 9.8
CVE-2015-0311 [CRITICAL] CVE-2015-0311 CVE-2015-0312 flash-plugin: multiple critical vulnerabilities (APSA15-01)(APSB15-03)
CVE-2015-0311 CVE-2015-0312 flash-plugin: multiple critical vulnerabilities (APSA15-01)(APSB15-03)
The following flaw has been fixed in Adobe Flash Player 11.2.202.440:
* These updates resolve a use-after-free vulnerability that could lead to code execution (CVE-2015-0311).
* These updates resolve a double-free vulnerability that could lead to code execution (CVE-2015-0312).
External References:
https://helpx.adobe.com/security/products/flash-player/apsa15-01.html
https://helpx.adobe.com/security/products/flash-player/apsb15-03.html
Discussion:
This issue has been addressed in the following products:
Supplementary for Red Hat Enterprise Linux 5
Supplementary for Red Hat Enterprise Linux 6
Via RHSA-2015:0094 https://rhn.redhat.com/errata/RHSA-2015-0094.html
Bugzilla
(CVE-2015-0311) Blocklist request for flash 0days affecting version 16.0.0.287, 13.0.0.262, and 11.2.202.438
bugzilla·2015-01-22·CVSS 7.8
CVE-2015-0311 [HIGH] (CVE-2015-0311) Blocklist request for flash 0days affecting version 16.0.0.287, 13.0.0.262, and 11.2.202.438
(CVE-2015-0311) Blocklist request for flash 0days affecting version 16.0.0.287, 13.0.0.262, and 11.2.202.438
a 0-day was found in flash according to https://blog.malwarebytes.org/exploits-2/2015/01/new-adobe-flash-zero-day-found-in-the-wild/ and a update to version 16.0.0.287 was apparently done today.
So i guess we need to blocklist older versions of flash due to the 0day like version 16.0.0.257
note: if we do the blocklist, could this be cordinated with schalk (:espressive) so we don't melt plugincheck again like last time when there was a flash 0day ? :)
Discussion:
Is there a CVE or other post that details which versions of Flash are affected?
---
Details:
https://helpx.adobe.com/security/products/flash-player/apsb15-02.html
This fixes _a_ bug that was exploited in the wild (CV
http://helpx.adobe.com/security/products/flash-player/apsa15-01.htmlhttp://helpx.adobe.com/security/products/flash-player/apsb15-03.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-01/msg00027.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-01/msg00031.htmlhttp://malware.dontneedcoffee.com/2015/01/unpatched-vulnerability-0day-in-flash.htmlhttp://secunia.com/advisories/62432http://secunia.com/advisories/62543http://secunia.com/advisories/62650http://secunia.com/advisories/62660http://secunia.com/advisories/62740http://security.gentoo.org/glsa/glsa-201502-02.xmlhttp://www.securityfocus.com/bid/72283http://www.securitytracker.com/id/1031597https://technet.microsoft.com/library/security/2755801http://helpx.adobe.com/security/products/flash-player/apsa15-01.htmlhttp://helpx.adobe.com/security/products/flash-player/apsb15-03.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-01/msg00027.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-01/msg00031.htmlhttp://malware.dontneedcoffee.com/2015/01/unpatched-vulnerability-0day-in-flash.htmlhttp://secunia.com/advisories/62432http://secunia.com/advisories/62543http://secunia.com/advisories/62650http://secunia.com/advisories/62660http://secunia.com/advisories/62740http://security.gentoo.org/glsa/glsa-201502-02.xmlhttp://www.securityfocus.com/bid/72283http://www.securitytracker.com/id/1031597https://technet.microsoft.com/library/security/2755801https://github.com/cisagov/vulnrichment/issues/196https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2015-0311
2015-01-23
Published
2022-04-13
Added to CISA KEV
Exploited in the wild