CVE-2015-0318
published 2015-02-06CVE-2015-0318: Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows attackers to execute…
PriorityP275critical10CVSS 2.0
AVNACLAuNCCICAC
EXPLOIT
EPSS
75.78%
99.5th percentile
Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-0314, CVE-2015-0316, CVE-2015-0321, CVE-2015-0329, and CVE-2015-0330.
Affected
16 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| adobe | flash_player | <= 13.0.0.264 | — |
| adobe | flash_player | <= 11.2.202.440 | — |
| adobe | flash_player | — | — |
| adobe | flash_player | — | — |
| adobe | flash_player | — | — |
| adobe | flash_player | — | — |
| adobe | flash_player | — | — |
| adobe | flash_player | — | — |
| adobe | flash_player | — | — |
| adobe | flash_player | — | — |
| adobe | flash_player | — | — |
| adobe | flash_player | — | — |
| adobe | flash_player | — | — |
| adobe | flash_player | — | — |
| adobe | flash_player | — | — |
| adobe | flash_player | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →The exploit delivers a SWF file via HTTP with Content-Type 'application/x-shockwave-flash' and a 'Pragma: no-cache' header; detect HTTP responses serving .swf files with this header combination in browser exploit context. ↗
- →The exploit targets Adobe Flash Player version exactly 16.0.0.235 on Windows 7 via Internet Explorer; detections should flag this specific Flash version loading SWF content from untrusted sources. ↗
- →The exploit HTML template embeds a SWF with 'allowScriptAccess=always' and passes a base64-encoded PowerShell payload via the FlashVars 'sh' parameter; monitor for Flash objects with these attributes in HTML. ↗
- →The vulnerability is a PCRE compilation logic error in the handling of the \c escape sequence followed by a multi-byte UTF8 character, enabling arbitrary PCRE bytecode execution inside Flash; inspect SWF files for malformed PCRE regex patterns with \c followed by multi-byte UTF8. ↗
- →The Metasploit module uses a randomly named .swf file (rand_text_alpha) served from the same exploit URI; look for HTML pages that embed a dynamically named .swf alongside base64-encoded FlashVars content. ↗
- ·The Metasploit module explicitly restricts exploitation to Flash version 16.0.0.235 only, though other versions are noted as vulnerable; broader version coverage requires additional validation. ↗
- ·The module targets Windows 7 with Internet Explorer exclusively; other OS/browser combinations (including Linux and OS X) are listed as vulnerable in the CVE but are not covered by this exploit module. ↗
- ·The payload space is limited to 1024 bytes with NOP insertion disabled; staged or larger payloads may not function correctly with this exploit. ↗
CVSS provenance
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
osv10.0CRITICAL
vendor_redhat10.0CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-mpr3-3rvw-34fm: Adobe Flash Player before 13
ghsa_unreviewed·2022-05-17·CVSS 10.0
CVE-2015-0321 [CRITICAL] GHSA-mpr3-3rvw-34fm: Adobe Flash Player before 13
Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-0314, CVE-2015-0316, CVE-2015-0318, CVE-2015-0329, and CVE-2015-0330.
GHSA
GHSA-vc44-hgc6-fwjh: Adobe Flash Player before 13
ghsa_unreviewed·2022-05-17·CVSS 10.0
CVE-2015-0318 [CRITICAL] GHSA-vc44-hgc6-fwjh: Adobe Flash Player before 13
Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-0314, CVE-2015-0316, CVE-2015-0321, CVE-2015-0329, and CVE-2015-0330.
GHSA
GHSA-j95f-27mc-m626: Adobe Flash Player before 13
ghsa_unreviewed·2022-05-17·CVSS 10.0
CVE-2015-0316 [CRITICAL] GHSA-j95f-27mc-m626: Adobe Flash Player before 13
Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-0314, CVE-2015-0318, CVE-2015-0321, CVE-2015-0329, and CVE-2015-0330.
GHSA
GHSA-x6rp-xp9w-qxcr: Adobe Flash Player before 13
ghsa_unreviewed·2022-05-17·CVSS 10.0
CVE-2015-0314 [CRITICAL] GHSA-x6rp-xp9w-qxcr: Adobe Flash Player before 13
Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-0316, CVE-2015-0318, CVE-2015-0321, CVE-2015-0329, and CVE-2015-0330.
GHSA
GHSA-2m4h-74g6-655h: Adobe Flash Player before 13
ghsa_unreviewed·2022-05-17·CVSS 10.0
CVE-2015-0329 [CRITICAL] GHSA-2m4h-74g6-655h: Adobe Flash Player before 13
Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-0314, CVE-2015-0316, CVE-2015-0318, CVE-2015-0321, and CVE-2015-0330.
GHSA
GHSA-27gx-7jvx-fj3g: Adobe Flash Player before 13
ghsa_unreviewed·2022-05-17·CVSS 10.0
CVE-2015-0330 [CRITICAL] GHSA-27gx-7jvx-fj3g: Adobe Flash Player before 13
Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-0314, CVE-2015-0316, CVE-2015-0318, CVE-2015-0321, and CVE-2015-0329.
OSV
CVE-2015-0314: Adobe Flash Player before 13
osv·2015-02-06·CVSS 10.0
CVE-2015-0314 [CRITICAL] CVE-2015-0314: Adobe Flash Player before 13
Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-0316, CVE-2015-0318, CVE-2015-0321, CVE-2015-0329, and CVE-2015-0330.
OSV
CVE-2015-0318: Adobe Flash Player before 13
osv·2015-02-06·CVSS 10.0
CVE-2015-0318 [CRITICAL] CVE-2015-0318: Adobe Flash Player before 13
Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-0314, CVE-2015-0316, CVE-2015-0321, CVE-2015-0329, and CVE-2015-0330.
OSV
CVE-2015-0329: Adobe Flash Player before 13
osv·2015-02-06·CVSS 10.0
CVE-2015-0329 [CRITICAL] CVE-2015-0329: Adobe Flash Player before 13
Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-0314, CVE-2015-0316, CVE-2015-0318, CVE-2015-0321, and CVE-2015-0330.
OSV
CVE-2015-0330: Adobe Flash Player before 13
osv·2015-02-06·CVSS 10.0
CVE-2015-0330 [CRITICAL] CVE-2015-0330: Adobe Flash Player before 13
Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-0314, CVE-2015-0316, CVE-2015-0318, CVE-2015-0321, and CVE-2015-0329.
OSV
CVE-2015-0321: Adobe Flash Player before 13
osv·2015-02-06·CVSS 10.0
CVE-2015-0321 [CRITICAL] CVE-2015-0321: Adobe Flash Player before 13
Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-0314, CVE-2015-0316, CVE-2015-0318, CVE-2015-0329, and CVE-2015-0330.
OSV
CVE-2015-0316: Adobe Flash Player before 13
osv·2015-02-06·CVSS 10.0
CVE-2015-0316 [CRITICAL] CVE-2015-0316: Adobe Flash Player before 13
Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-0314, CVE-2015-0318, CVE-2015-0321, CVE-2015-0329, and CVE-2015-0330.
Project0
(^Exploiting)\s*(CVE-2015-0318)\s*(in)\s*(Flash$) - Project Zero
project_zero·2015-02-01·CVSS 10.0
CVE-2015-0318 [CRITICAL] (^Exploiting)\s*(CVE-2015-0318)\s*(in)\s*(Flash$) - Project Zero
Posted by Mark Brand, Irregular Expressionist
So; issue 199/PSIRT-3161/CVE-2015-0318. Quick summary - it’s a bug in the PCRE regex engine as used in Flash. (Note that the published version of the avmplus code is significantly out of date; there are a number of other vulnerabilities present that have already been fixed by Adobe; so auditing it can be a little frustrating!).
Spoiler: it’s exploitable. Grab the exploit from the issues page and read along.
So, for a little bit of background - PCRE is the regular expression library used in Flash to back their implementation of the RegExp object. PCRE is a complex library, that supports several different operating modes, including a JIT. However, the mode that is used by Flash is one in which the regex string is parsed and compiled to an i
Red Hat
flash-plugin: multiple code execution flaws (APSB15-04)
vendor_redhat·2015-02-04·CVSS 10.0
CVE-2015-0314 [CRITICAL] flash-plugin: multiple code execution flaws (APSB15-04)
flash-plugin: multiple code execution flaws (APSB15-04)
Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-0316, CVE-2015-0318, CVE-2015-0321, CVE-2015-0329, and CVE-2015-0330.
Red Hat
flash-plugin: multiple code execution flaws (APSB15-04)
vendor_redhat·2015-02-04·CVSS 10.0
CVE-2015-0330 [CRITICAL] flash-plugin: multiple code execution flaws (APSB15-04)
flash-plugin: multiple code execution flaws (APSB15-04)
Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-0314, CVE-2015-0316, CVE-2015-0318, CVE-2015-0321, and CVE-2015-0329.
Red Hat
flash-plugin: multiple code execution flaws (APSB15-04)
vendor_redhat·2015-02-04·CVSS 10.0
CVE-2015-0316 [CRITICAL] flash-plugin: multiple code execution flaws (APSB15-04)
flash-plugin: multiple code execution flaws (APSB15-04)
Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-0314, CVE-2015-0318, CVE-2015-0321, CVE-2015-0329, and CVE-2015-0330.
Red Hat
flash-plugin: multiple code execution flaws (APSB15-04)
vendor_redhat·2015-02-04·CVSS 10.0
CVE-2015-0329 [CRITICAL] flash-plugin: multiple code execution flaws (APSB15-04)
flash-plugin: multiple code execution flaws (APSB15-04)
Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-0314, CVE-2015-0316, CVE-2015-0318, CVE-2015-0321, and CVE-2015-0330.
Red Hat
flash-plugin: multiple code execution flaws (APSB15-04)
vendor_redhat·2015-02-04·CVSS 10.0
CVE-2015-0318 [CRITICAL] flash-plugin: multiple code execution flaws (APSB15-04)
flash-plugin: multiple code execution flaws (APSB15-04)
Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-0314, CVE-2015-0316, CVE-2015-0321, CVE-2015-0329, and CVE-2015-0330.
Red Hat
flash-plugin: multiple code execution flaws (APSB15-04)
vendor_redhat·2015-02-04·CVSS 10.0
CVE-2015-0321 [CRITICAL] flash-plugin: multiple code execution flaws (APSB15-04)
flash-plugin: multiple code execution flaws (APSB15-04)
Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-0314, CVE-2015-0316, CVE-2015-0318, CVE-2015-0329, and CVE-2015-0330.
No detection rules found.
Exploit-DB
Adobe Flash Player - PCRE Regex (Metasploit)
exploitdb·2015-03-17
CVE-2015-0318 Adobe Flash Player - PCRE Regex (Metasploit)
Adobe Flash Player - PCRE Regex (Metasploit)
---
##
# This module requires Metasploit: http://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
require 'msf/core'
class Metasploit3 "Adobe Flash Player PCRE Regex Vulnerability",
'Description' => %q{
This module exploits a vulnerability found in Adobe Flash Player. A compilation logic error
in the PCRE engine, specifically in the handling of the \c escape sequence when followed by
a multi-byte UTF8 character, allows arbitrary execution of PCRE bytecode.
},
'License' => MSF_LICENSE,
'Author' =>
[
'Mark Brand', # Found vuln
'sinn3r' # MSF
],
'References' =>
[
[ 'CVE', '2015-0318' ],
[ 'URL', 'http://googleprojectzero.blogspot.com/2015/02/exploitingscve-2015-0318sinsflash.html' ],
[ 'URL', 'https://
Metasploit
Adobe Flash Player PCRE Regex Vulnerability
metasploit
Adobe Flash Player PCRE Regex Vulnerability
Adobe Flash Player PCRE Regex Vulnerability
This module exploits a vulnerability found in Adobe Flash Player. A compilation logic error in the PCRE engine, specifically in the handling of the \c escape sequence when followed by a multi-byte UTF8 character, allows arbitrary execution of PCRE bytecode.
http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00006.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-02/msg00007.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-02/msg00008.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-02/msg00009.htmlhttp://rhn.redhat.com/errata/RHSA-2015-0140.htmlhttp://secunia.com/advisories/62777http://secunia.com/advisories/62886http://secunia.com/advisories/62895http://security.gentoo.org/glsa/glsa-201502-02.xmlhttp://www.securityfocus.com/bid/72514http://www.securitytracker.com/id/1031706https://exchange.xforce.ibmcloud.com/vulnerabilities/100702https://helpx.adobe.com/security/products/flash-player/apsb15-04.htmlhttps://technet.microsoft.com/library/security/2755801http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00006.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-02/msg00007.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-02/msg00008.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-02/msg00009.htmlhttp://rhn.redhat.com/errata/RHSA-2015-0140.htmlhttp://secunia.com/advisories/62777http://secunia.com/advisories/62886http://secunia.com/advisories/62895http://security.gentoo.org/glsa/glsa-201502-02.xmlhttp://www.securityfocus.com/bid/72514http://www.securitytracker.com/id/1031706https://exchange.xforce.ibmcloud.com/vulnerabilities/100702https://helpx.adobe.com/security/products/flash-player/apsb15-04.htmlhttps://technet.microsoft.com/library/security/2755801
2015-02-06
Published