CVE-2015-3113
published 2015-06-23CVE-2015-3113: Heap-based buffer overflow in Adobe Flash Player before 13.0.0.296 and 14.x through 18.x before 18.0.0.194 on Windows and OS X and before 11.2.202.468 on Linux…
PriorityP196critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
KEVITWEXPLOIT
CISA Known Exploited Vulnerabilitydue 2022-05-04
Exploited in the wild
EPSS
99.94%
100.0th percentile
Heap-based buffer overflow in Adobe Flash Player before 13.0.0.296 and 14.x through 18.x before 18.0.0.194 on Windows and OS X and before 11.2.202.468 on Linux allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in June 2015.
Affected
19 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| adobe | flash_player | < 13.0.0.296 | 13.0.0.296 |
| adobe | flash_player | < 11.2.202.468 | 11.2.202.468 |
| adobe | flash_player | >= 14.0.0.125 < 18.0.0.194 | 18.0.0.194 |
| hp | insight_orchestration | < 7.5.0 | 7.5.0 |
| hp | system_management_homepage | < 7.5.0 | 7.5.0 |
| hp | systems_insight_manager | < 7.5 | 7.5 |
| hp | version_control_agent | < 7.5.0 | 7.5.0 |
| hp | version_control_repository_manager | < 7.5.0 | 7.5.0 |
| hp | version_control_repository_manager | — | — |
| hp | virtual_connect_enterprise_manager | < 7.5.0 | 7.5.0 |
| opensuse | evergreen | — | — |
| opensuse | opensuse | — | — |
| opensuse | opensuse | — | — |
| redhat | enterprise_linux_desktop | — | — |
| redhat | enterprise_linux_eus | — | — |
| redhat | enterprise_linux_server | — | — |
| redhat | enterprise_linux_workstation | — | — |
| suse | linux_enterprise_desktop | — | — |
| suse | linux_enterprise_workstation_extension | — | — |
Detection & IOCsextracted from sources · hover to see the quote
bytes↗
XOR key 0x12, subtraction key 0x11, XOR key 0x85 (payload decryption algorithm)
- →Pirpi payload (Pirpi.2015) is a PE DLL delivered via steganography embedded in an animated GIF (v.gif); shellcode decrypts and executes the payload hidden within the GIF using XOR/subtraction keys 0x12, 0x11, 0x85. ↗
- →Pirpi C2 communication uses HTTP GET requests; exfiltrated data is transmitted in the HTTP Cookie header field in encrypted form — hunt for anomalous Cookie values in outbound GET traffic. ↗
- →Pirpi checks for configuration file vcl.tmp in %APPDATA% or %TEMP% on startup; presence of this file is a host-based indicator of compromise. ↗
- →Shellcode uses ROR-7 hashing on kernel32.dll export names to locate API functions; constant 0xC917432 identifies LoadLibraryA — use this constant as a memory/shellcode scan signature. ↗
- →CVE-2015-3113 exploit was integrated into Magnitude exploit kit (as of June 27, 2015) and Angler exploit kit (June 29, 2015); network detections should cover these EK traffic patterns. ↗
- →The exploit targets the video decoding component of Flash and uses ROP techniques; known targeted browsers/OS combinations are Internet Explorer on Windows 7 and below, and Firefox on Windows XP. ↗
- ·Pirpi uses hardcoded C2 domains encoded inside the binary as fallback if vcl.tmp configuration file is absent; specific hardcoded domains for the CVE-2015-3113 campaign are not disclosed in the sources. ↗
- ·UPS/APT3 is known to serve malicious payloads only within very limited windows of time and only to victims matching their desired profile, making dynamic payload retrieval for analysis difficult. ↗
- ·The C2 URL structure differs between Pirpi.2014 and Pirpi.2015 variants; both use HTTP GET with Cookie-based exfiltration but the URL path format is not identical across variants. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
osv9.8CRITICAL
vulncheck9.8CRITICAL
cisa9.8CRITICAL
vendor_redhat9.8CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
Adobe Flash Player up to 13.0.0.296/18.0.0.194 memory corruption (RHSA-2015:1184 / EDB-41681)
vuldb·2026-04-22·CVSS 9.8
CVE-2015-3113 [CRITICAL] Adobe Flash Player up to 13.0.0.296/18.0.0.194 memory corruption (RHSA-2015:1184 / EDB-41681)
A vulnerability has been found in Adobe Flash Player up to 13.0.0.296/18.0.0.194 and classified as critical. Impacted is an unknown function. The manipulation leads to memory corruption.
This vulnerability is uniquely identified as CVE-2015-3113. The attack is possible to be carried out remotely. Moreover, an exploit is present.
A worm is spreading, which is automatically exploiting this vulnerability.
The affected component should be upgraded.
GHSA
GHSA-fcrm-7q5r-w4rw: Heap-based buffer overflow in Adobe Flash Player before 13
ghsa_unreviewed·2022-05-17
CVE-2015-3113 [HIGH] CWE-119 GHSA-fcrm-7q5r-w4rw: Heap-based buffer overflow in Adobe Flash Player before 13
Heap-based buffer overflow in Adobe Flash Player before 13.0.0.296 and 14.x through 18.x before 18.0.0.194 on Windows and OS X and before 11.2.202.468 on Linux allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in June 2015.
OSV
CVE-2015-3113: Heap-based buffer overflow in Adobe Flash Player before 13
osv·2015-06-23·CVSS 9.8
CVE-2015-3113 [CRITICAL] CVE-2015-3113: Heap-based buffer overflow in Adobe Flash Player before 13
Heap-based buffer overflow in Adobe Flash Player before 13.0.0.296 and 14.x through 18.x before 18.0.0.194 on Windows and OS X and before 11.2.202.468 on Linux allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in June 2015.
VulnCheck
Adobe Flash Player Heap-Based Buffer Overflow Vulnerability
vulncheck·2015·CVSS 9.8
CVE-2015-3113 [CRITICAL] CWE-119 Adobe Flash Player Heap-Based Buffer Overflow Vulnerability
Adobe Flash Player Heap-Based Buffer Overflow Vulnerability
Heap-based buffer overflow vulnerability in Adobe Flash Player allows remote attackers to execute code.
Affected: Adobe Flash Player
Required Action: The impacted product is end-of-life and should be disconnected if still in use.
Exploitation References: https://docs.google.com/spreadsheets/d/1lkNJ0uQwbeC1ZTRrxdtuPLCIl7mlUreoKfSIgajnSyY/edit; https://www.cve.org/CVERecord?id=CVE-2015-3113; https://www.fireeye.com/blog/threat-research/2015/06/operation-clandestine-wolf-adobe-flash-zero-day.html; https://dl.acm.org/doi/pdf/10.1145/3465481.3465758; https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json
Remediation Due: 2022-05-04
CISA
Adobe Flash Player Heap-Based Buffer Overflow Vulnerability
cisa·2022-04-13·CVSS 9.8
CVE-2015-3113 [CRITICAL] CWE-119 Adobe Flash Player Heap-Based Buffer Overflow Vulnerability
Vulnerability: Adobe Flash Player Heap-Based Buffer Overflow Vulnerability
Affected: Adobe Flash Player
Heap-based buffer overflow vulnerability in Adobe Flash Player allows remote attackers to execute code.
Required Action: The impacted product is end-of-life and should be disconnected if still in use.
Notes: https://nvd.nist.gov/vuln/detail/CVE-2015-3113
Remediation Due Date: 2022-05-04
Red Hat
flash-plugin: code execution issue fixed in APSB15-14
vendor_redhat·2015-06-23·CVSS 9.8
CVE-2015-3113 [CRITICAL] flash-plugin: code execution issue fixed in APSB15-14
flash-plugin: code execution issue fixed in APSB15-14
Heap-based buffer overflow in Adobe Flash Player before 13.0.0.296 and 14.x through 18.x before 18.0.0.194 on Windows and OS X and before 11.2.202.468 on Linux allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in June 2015.
No detection rules found.
Exploit-DB
Adobe Flash Player - Nellymoser Audio Decoding Buffer Overflow (Metasploit)
exploitdb·2015-07-08·CVSS 9.8
CVE-2015-3113 [CRITICAL] Adobe Flash Player - Nellymoser Audio Decoding Buffer Overflow (Metasploit)
Adobe Flash Player - Nellymoser Audio Decoding Buffer Overflow (Metasploit)
---
##
# This module requires Metasploit: http://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
require 'msf/core'
class MetasploitModule 'Adobe Flash Player Nellymoser Audio Decoding Buffer Overflow',
'Description' => %q{
This module exploits a buffer overflow on Adobe Flash Player when handling nellymoser
encoded audio inside a FLV video, as exploited in the wild on June 2015. This module
has been tested successfully on:
Windows 7 SP1 (32-bit), IE11 and Adobe Flash 18.0.0.160,
Windows 7 SP1 (32-bit), Firefox 38.0.5 and Adobe Flash 18.0.0.160,
Windows 8.1, Firefox 38.0.5 and Adobe Flash 18.0.0.160,
Linux Mint "Rebecca" (32 bits), Firefox 33.0 and Adobe Flash 11.2.20
Metasploit
Adobe Flash Player Nellymoser Audio Decoding Buffer Overflow
metasploit·CVSS 9.8
[CRITICAL] Adobe Flash Player Nellymoser Audio Decoding Buffer Overflow
Adobe Flash Player Nellymoser Audio Decoding Buffer Overflow
This module exploits a buffer overflow on Adobe Flash Player when handling nellymoser encoded audio inside a FLV video, as exploited in the wild on June 2015. This module has been tested successfully on: Windows 7 SP1 (32-bit), IE11 and Adobe Flash 18.0.0.160, Windows 7 SP1 (32-bit), Firefox 38.0.5 and Adobe Flash 18.0.0.160, Windows 8.1, Firefox 38.0.5 and Adobe Flash 18.0.0.160, Linux Mint "Rebecca" (32 bits), Firefox 33.0 and Adobe Flash 11.2.202.466, and Ubuntu 14.04.2 LTS, Firefox 35.01, and Adobe Flash 11.2.202.466. Note that this exploit is effective against both CVE-2015-3113 and the earlier CVE-2015-3043, since CVE-2015-3113 is effectively a regression to the same root cause as CVE-2015-3043.
Zscaler
Bad Actors On GMHOST Alexander Mulgin Serginovic | Zscaler
blogs_zscaler·2016-01-12·CVSS 9.8
[CRITICAL] Bad Actors On GMHOST Alexander Mulgin Serginovic | Zscaler
Provide users with seamless, secure, reliable access to applications and data.
Build and run secure cloud apps, enable zero trust cloud connectivity, and protect workloads from data center to cloud.
Provide zero trust connectivity for IoT and OT devices and secure remote access to OT systems.
Provide zero trust site-to-site connectivity and reliable access to B2B apps for partners.
Industry Report
Zscaler: A Leader in the 2025 Gartner® Magic Quadrant™ for Security Service Edge (SSE)
USE CASES
INDUSTRY & MARKET SOLUTIONS
PARTNERS
TECHNOLOGY PARTNERS
Resource Center
Events & Trainings
Security Research & Services
Tools
Community & Support
CXO REVOLUTIONARIES
Amplifying the voices of real-world digital and zero trust pioneers
Discover how it began and where it’s going
Meet o
Unit42
UPS: Observations on CVE-2015-3113, Prior Zero-Days and the Pirpi Payload
blogs_unit42·2015-07-27·CVSS 9.8
CVE-2015-3113 [CRITICAL] UPS: Observations on CVE-2015-3113, Prior Zero-Days and the Pirpi Payload
A June 23 FireEye blog post titled “Operation Clandestine Wolf” discussed a cyber espionage group, known as APT3, that had been exploiting a zero-day vulnerability in Adobe Flash. Unit 42 also tracks the APT3 group using the name UPS, which is an intrusion set with Chinese origins that is known for having early access to zero-day vulnerabilities and delivering a backdoor called Pirpi.
The UPS group has exploited several zero-day vulnerabilities, most recently using the zero-days released in the Hacking Team breach that we discussed in our July 10 blog post, “APT Group UPS Targets US Government with Hacking Team Flash Exploit”. However, the most recent original zero-day released by this group is tracked by CVE-2015-3113, which has similarities to the once zero-day vulnerabilities CVE-2014-
Unit42
UPS: Observations on CVE-2015-3113, Prior Zero-Days and the Pirpi Payload
blogs_unit42·2015-07-27·CVSS 9.8
CVE-2015-3113 [CRITICAL] UPS: Observations on CVE-2015-3113, Prior Zero-Days and the Pirpi Payload
## UPS: Observations on CVE-2015-3113, Prior Zero-Days and the Pirpi Payload
Robert Falcone
Richard Wartell
Published: July 27, 2015
Threat Research
Vulnerabilities
ActionScript
Adobe Flash
APT3
Internet Explorer
Operation Clandestine Wolf
Pirpi
Shellcode
Steganography
UPS
Zero-days
A June 23 FireEye blog post titled “Operation Clandestine Wolf” discussed a cyber espionage group, known as APT3, that had been exploiting a zero-day vulnerability in Adobe Flash. Unit 42 also tracks the APT3 group using the name UPS, which is an intrusion set with Chinese origins that is known for having early access to zero-day vulnerabilities and delivering a backdoor called Pirpi.
The UPS group has exploited several zero-day vulnerabilities, most recently using the zero-days released in th
Unit42
APT Group UPS Targets US Government with Hacking Team Flash Exploit
blogs_unit42·2015-07-10·CVSS 9.8
[CRITICAL] APT Group UPS Targets US Government with Hacking Team Flash Exploit
On July 8, 2015, Unit 42 used the AutoFocus Threat Intelligence service to locate and investigate activity consistent with a spear-phishing attack targeting the US Government. The attack exploited an Adobe Flash vulnerability that stems from the zero-day vulnerabilities exposed from this month’s Hacking Team data breach.
The spear-phishing attack used a link to a Flash exploit hosted on two subdomains of a legitimate website, perrydale[.]com; rpt.perrydale[.]com and report.perrydale[.]com. Both domains resolve to the same Ukraine-based IP 194.44.130.179.
There are no indications at this time that the actual website has been compromised, rather, this is more likely a case of DNS hijacking. The Flash exploits, specifically located at rpt.perrydale[.]com/en/show.swf and report.perrydale[.]c
Unit42
APT Group UPS Targets US Government with Hacking Team Flash Exploit
blogs_unit42·2015-07-10·CVSS 9.8
[CRITICAL] APT Group UPS Targets US Government with Hacking Team Flash Exploit
Threat Research Center
Threat Research
Malware
## APT Group UPS Targets US Government with Hacking Team Flash Exploit
Bryan Lee
Robert Falcone
Published: July 10, 2015
Malware
Threat Research
ActionScript
Adobe Flash
Hacking Team
On July 8, 2015, Unit 42 used the AutoFocus Threat Intelligence service to locate and investigate activity consistent with a spear-phishing attack targeting the US Government. The attack exploited an Adobe Flash vulnerability that stems from the zero-day vulnerabilities exposed from this month’s Hacking Team data breach.
The spear-phishing attack used a link to a Flash exploit hosted on two subdomains of a legitimate website, perrydale[.]com; rpt.perrydale[.]com and report.perrydale[.]com. Both domains resolve to the same Ukraine-based IP 194.44.130
Qualys
Update - New 0-day for Adobe Flash | Qualys
blogs_qualys·2015-06-23·CVSS 9.8
[CRITICAL] Update - New 0-day for Adobe Flash | Qualys
Update: A bit less than a week that Adobe released a fix for a 0-day in Flash and now the attack has migrated into at least two commonly available exploit kits – Magnitude (as of June 27) and Angler (June 29). The security researcher @kafeine documented in his blog both findings. I hope you are patched already because the exploit is now mainstream.
Original: Adobe came out today with an out-of-band patch (APSB15-14) for their Flash Player, the fifth time that Flash has required an out-of-band fix for a 0-day. FireEye had notified them of a critical vulnerability (CVE-2015-3113) that they discovered in use in Asia. They believeit was developed by the group called APT3 and used in targeted attacks against a number of industries. The vulnerability lies in the video decoding part of Flash and
Qualys
Update - New 0-day for Adobe Flash | Qualys
blogs_qualys·2015-06-23·CVSS 9.8
[CRITICAL] Update - New 0-day for Adobe Flash | Qualys
Update : A bit less than a week that Adobe released a fix for a 0-day in Flash and now the attack has migrated into at least two commonly available exploit kits – Magnitude (as of June 27) and Angler (June 29). The security researcher @kafeine documented in his blog both findings. I hope you are patched already because the exploit is now mainstream.
Original : Adobe came out today with an out-of-band patch (APSB15-14) for their Flash Player, the fifth time that Flash has required an out-of-band fix for a 0-day. FireEye had notified them of a critical vulnerability (CVE-2015-3113) that they discovered in use in Asia. They believe it was developed by the group called APT3 and used in targeted attacks against a number of industries. The vulnerability lies in the video decoding part of Flash
Krebs
Emergency Patch for Adobe Flash Zero-Day
blogs_krebs·2015-06-23·CVSS 9.8
CVE-2015-3113 [CRITICAL] Emergency Patch for Adobe Flash Zero-Day
Adobe Systems Inc. today released an emergency update to fix a dangerous security hole in its widely-installed Flash Player browser plugin. The company warned that the vulnerability is already being exploited in targeted attacks, and urged users to update the program as quickly as possible.
In an advisory issued Tuesday morning, Adobe said the latest version of Flash — v. 18.0.0.194 on Windows and Mac OS X — fixes a critical flaw (CVE-2015-3113) that is being actively exploited in “limited, targeted attacks.” The company said systems running Internet Explorer for Windows 7 and below, as well as Firefox on Windows XP, are known targets of these exploits.
If you’re unsure whether your browser has Flash installed or what version it may be running, browse to this link. Adobe Flash Player ins
Krebs
Emergency Patch for Adobe Flash Zero-Day – Krebs on Security
blogs_krebs·2015-06-01·CVSS 9.8
CVE-2015-3113 [CRITICAL] Emergency Patch for Adobe Flash Zero-Day – Krebs on Security
Adobe Systems Inc . today released an emergency update to fix a dangerous security hole in its widely-installed Flash Player browser plugin. The company warned that the vulnerability is already being exploited in targeted attacks, and urged users to update the program as quickly as possible.
In an advisory issued Tuesday morning, Adobe said the latest version of Flash — v. 18.0.0.194 on Windows and Mac OS X — fixes a critical flaw (CVE-2015-3113) that is being actively exploited in “limited, targeted attacks.” The company said systems running Internet Explorer for Windows 7 and below, as well as Firefox on Windows XP , are known targets of these exploits.
If you’re unsure whether your browser has Flash installed or what version it may be running, browse to this link . Adobe Flash Player
Threat Intel
APT3 (APT3, Gothic Panda, Pirpi)
threat_intel·CVSS 9.8
[CRITICAL] APT3 (APT3, Gothic Panda, Pirpi)
# Threat Actor Profile: APT3
ATT&CK ID: G0022
Also known as: APT3, Gothic Panda, Pirpi, UPS Team, Buckeye, Threat Group-0110, TG-0110
Suspected origin: China
## Overview
APT3 is a China-based threat group that researchers have attributed to China's Ministry of State Security.(Citation: FireEye Clandestine Wolf)(Citation: Recorded Future APT3 May 2017) This group is responsible for the campaigns known as Operation Clandestine Fox, Operation Clandestine Wolf, and Operation Double Tap.(Citation: FireEye Clandestine Wolf)(Citation: FireEye Operation Double Tap) As of June 2015, the group appears to have shifted from targeting primarily US victims to primarily political organizations in Hong Kong.(Citation: Symantec Buckeye)
## Techniques (TTPs)
### Initial Access
- T1566.002 Spearphishing L
arXiv
Investigation of Advanced Persistent Threats Network-based Tactics, Techniques and Procedures
arxiv_fulltext·2025-02-12
Investigation of Advanced Persistent Threats Network-based Tactics, Techniques and Procedures
Investigation of Advanced Persistent Threats Network-based Tactics, Techniques and Procedures
Almuthanna Alageel
and
Sergio Maffeis
Department of Computing
Imperial College London
London, United Kingdom
plain
plain
## Abstract
The scarcity of data and the high complexity of Advanced Persistent Threats (APTs) attacks have created challenges in comprehending their behavior and hindered the exploration of effective detection techniques.
To create an effective APT detection strategy, it is important to examine the Tactics, Techniques, and Procedures (TTPs) that have been reported by the industry. These TTPs can be difficult to classify as either malicious or legitimate. When developing an approach for the next generation of network intrusion detection systems (NIDS), it is necessary to
Bugzilla
(CVE-2015-3113) Blocklist vulnerable versions of Flash Player plugin (18.0.0.194 and lower)
bugzilla·2015-06-24·CVSS 9.8
CVE-2015-3113 [CRITICAL] (CVE-2015-3113) Blocklist vulnerable versions of Flash Player plugin (18.0.0.194 and lower)
(CVE-2015-3113) Blocklist vulnerable versions of Flash Player plugin (18.0.0.194 and lower)
New versions of the Flash Player plugin have been released in response to a 0-day disclosure: https://helpx.adobe.com/security/products/flash-player/apsb15-14.html
From the bulletin:
> Adobe recommends users update their product installations to the latest versions:
> * Users of the Adobe Flash Player Desktop Runtime for Windows and Macintosh should update
> to Adobe Flash Player 18.0.0.194.
> * Users of the Adobe Flash Player Extended Support Release should update to Adobe Flash
> Player 13.0.0.296.
> * Users of Adobe Flash Player for Linux should update to Adobe Flash Player 11.2.202.468.
We need to block versions lower than those listed above.
Discussion:
The blocks have been staged:
Flash
Bugzilla
CVE-2015-3113 flash-plugin: code execution issue fixed in APSB15-14
bugzilla·2015-06-23·CVSS 9.8
CVE-2015-3113 [CRITICAL] CVE-2015-3113 flash-plugin: code execution issue fixed in APSB15-14
CVE-2015-3113 flash-plugin: code execution issue fixed in APSB15-14
Adobe Security Bulletin APSB15-14 for Adobe Flash Player describes a flaw that can possibly lead to code execution when Flash Player is used to play a specially crafted SWF file.
Quoting from the APSB15-14:
Adobe has released security updates for Adobe Flash Player for Windows, Macintosh and Linux. These updates address a critical vulnerability (CVE-2015-3113) that could potentially allow an attacker to take control of the affected system.
Adobe is aware of reports that CVE-2015-3113 is being actively exploited in the wild via limited, targeted attacks. Systems running Internet Explorer for Windows 7 and below, as well as Firefox on Windows XP, are known targets.
External References:
https://helpx.adobe.com/security
http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00020.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-06/msg00025.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-07/msg00002.htmlhttp://marc.info/?l=bugtraq&m=144050155601375&w=2http://rhn.redhat.com/errata/RHSA-2015-1184.htmlhttp://www.securityfocus.com/bid/75371http://www.securitytracker.com/id/1032696https://bugzilla.redhat.com/show_bug.cgi?id=1235036https://bugzilla.suse.com/show_bug.cgi?id=935701https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04952467https://helpx.adobe.com/security/products/flash-player/apsb15-14.htmlhttps://security.gentoo.org/glsa/201507-13https://www.suse.com/security/cve/CVE-2015-3113.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-06/msg00020.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-06/msg00025.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-07/msg00002.htmlhttp://marc.info/?l=bugtraq&m=144050155601375&w=2http://rhn.redhat.com/errata/RHSA-2015-1184.htmlhttp://www.securityfocus.com/bid/75371http://www.securitytracker.com/id/1032696https://bugzilla.redhat.com/show_bug.cgi?id=1235036https://bugzilla.suse.com/show_bug.cgi?id=935701https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04952467https://helpx.adobe.com/security/products/flash-player/apsb15-14.htmlhttps://security.gentoo.org/glsa/201507-13https://www.suse.com/security/cve/CVE-2015-3113.htmlhttps://github.com/cisagov/vulnrichment/issues/196https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2015-3113
2015-06-23
Published
2022-04-13
Added to CISA KEV
Exploited in the wild