CVE-2015-3097 — Sensitive Information Exposure in Adobe AIR

CWE-200 — Sensitive Information Exposure4 documents4 sources

Severity

5.0MEDIUMNVD

EPSS

9.2%

top 7.28%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Adobe AIR Adobe AIR SDK Adobe AIR SDK Compiler +1 more

Timeline

PublishedJun 10

Latest updateMay 17

Description

Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160, Adobe AIR before 18.0.0.144, Adobe AIR SDK before 18.0.0.144, and Adobe AIR SDK & Compiler before 18.0.0.144 on 64-bit Windows 7 systems do not properly select a random memory address for the Flash heap, which makes it easier for attackers to conduct unspecified attacks by predicting this address.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages4 packages

▶NVDadobe/flash_player13.0.0.289+17

▶NVDadobe/air_sdk_compiler17.0.0.172

▶NVDadobe/air17.0.0.172

▶NVDadobe/air_sdk17.0.0.172

Patches

Patch: helpx.adobe.com ↗Patch: helpx.adobe.com ↗Patch: helpx.adobe.com ↗

🔴Vulnerability Details

GHSA

GHSA-5g7h-j329-988v: Adobe Flash Player before 13↗2022-05-17

▶

OSV

CVE-2015-3097: Adobe Flash Player before 13↗2015-06-10

▶

CVEList

CVE-2015-3097: Adobe Flash Player before 13↗2015-06-10

▶