CVE-2015-0337 — Adobe Flash Player vulnerability

CWE-2646 documents6 sources

Severity

5.0MEDIUMNVD

EPSS

0.7%

top 28.37%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Adobe Flash Player

Timeline

PublishedMar 13

Latest updateMay 17

Description

Adobe Flash Player before 13.0.0.277 and 14.x through 17.x before 17.0.0.134 on Windows and OS X and before 11.2.202.451 on Linux allows remote attackers to bypass the Same Origin Policy via unspecified vectors.

CVSS vector

AV:N/AC:L/C:N/I:P/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

▶NVDadobe/flash_player11.2.202.442+16

Patches

Patch: helpx.adobe.com ↗Patch: helpx.adobe.com ↗

🔴Vulnerability Details

GHSA

GHSA-cpwg-j57v-cvjg: Adobe Flash Player before 13↗2022-05-17

▶

OSV

CVE-2015-0337: Adobe Flash Player before 13↗2015-03-13

▶

📋Vendor Advisories

Red Hat

flash-plugin: cross-domain policy bypass (APSB15-05)↗2015-03-12

▶

💬Community

HackerOne

Flash Cross Domain Policy Bypass by Using File Upload and Redirection - only in Chrome↗2015-05-06

▶

Bugzilla

CVE-2015-0337 flash-plugin: cross-domain policy bypass (APSB15-05)↗2015-03-13

▶