⚠ Actively exploited

Added to CISA KEV on 2022-04-13. Federal agencies required to patch by 2022-05-04. Required action: The impacted product is end-of-life and should be disconnected if still in use..

CVE-2015-0311 — Adobe Flash Player vulnerability

15 documents11 sources

Severity

9.8CRITICALNVD

EPSS

92.8%

top 0.24%

CISA KEV

KEV

Added 2022-04-13

Due 2022-05-04

Exploit

Exploited in wild

Active exploitation observed

Affected products

Adobe Flash Player Microsoft Internet Explorer Suse Linux Enterprise Desktop +1 more

Timeline

PublishedJan 23

KEV addedApr 13

KEV dueMay 4

Latest updateMay 17

CISA Required Action: The impacted product is end-of-life and should be disconnected if still in use.

Description

Unspecified vulnerability in Adobe Flash Player through 13.0.0.262 and 14.x, 15.x, and 16.x through 16.0.0.287 on Windows and OS X and through 11.2.202.438 on Linux allows remote attackers to execute arbitrary code via unknown vectors, as exploited in the wild in January 2015.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages4 packages

▶NVDadobe/flash_player14.0.0.125 — 16.0.0.287+2

▶NVDsuse/linux_enterprise_desktop11, 12+1

▶NVDsuse/linux_enterprise_workstation_extension12

▶NVDmicrosoft/internet_explorer10, 11+1

Patches

Patch: technet.microsoft.com ↗Patch: technet.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-xvc3-rmmw-6hxp: Unspecified vulnerability in Adobe Flash Player through 13↗2022-05-17

▶

CVEList

CVE-2015-0311: Unspecified vulnerability in Adobe Flash Player through 13↗2015-01-23

▶

OSV

CVE-2015-0311: Unspecified vulnerability in Adobe Flash Player through 13↗2015-01-23

▶

VulnCheck

Adobe Flash Player Remote Code Execution Vulnerability↗2015

▶

💥Exploits & PoCs

Exploit-DB

Adobe Flash Player - ByteArray UncompressViaZlibVariant Use-After-Free (Metasploit)↗2015-03-12

▶

📋Vendor Advisories

CISA

Adobe Flash Player Remote Code Execution Vulnerability↗2022-04-13

▶

Red Hat

flash-plugin: multiple critical vulnerabilities (APSA15-01)(APSB15-03)↗2015-01-26

▶

🕵️Threat Intelligence

Talos

Angler Exploit Kit - New Variants↗2015-02-03

▶

Talos

Angler Exploit Kit - New Variants↗2015-02-03

▶

Qualys

February 0-day for Adobe Flash - Update 2 | Qualys↗2015-02-02

▶

Qualys

February 0-day for Adobe Flash - Update 2 | Qualys↗2015-02-02

▶

Qualys

New 0-day vulnerability in Adobe Flash - Update 5 | Qualys↗2015-01-21

▶

💬Community

Bugzilla

CVE-2015-0311 CVE-2015-0312 flash-plugin: multiple critical vulnerabilities (APSA15-01)(APSB15-03)↗2015-01-23

▶

Bugzilla

(CVE-2015-0311) Blocklist request for flash 0days affecting version 16.0.0.287, 13.0.0.262, and 11.2.202.438↗2015-01-22

▶