CVE-2015-5116: Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0.0.203 on Windows and OS X and before 11.2.202.481 on Linux, Adobe AIR before 18.0.0.180…

medium5CVSS 3.1

AVNACLAuNCPINAN

EXPLOIT

Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0.0.203 on Windows and OS X and before 11.2.202.481 on Linux, Adobe AIR before 18.0.0.180, Adobe AIR SDK before 18.0.0.180, and Adobe AIR SDK & Compiler before 18.0.0.180 allow remote attackers to bypass the Same Origin Policy via unspecified vectors, a different vulnerability than CVE-2014-0578, CVE-2015-3115, CVE-2015-3116, and CVE-2015-3125.

Affected

25 ranges

Vendor	Product	Version range	Fixed in
adobe	air	<= 18.0.0.144	—
adobe	air_sdk	<= 18.0.0.144	—
adobe	air_sdk_compiler	<= 18.0.0.144	—
adobe	flash_player	<= 11.2.202.468	—
adobe	flash_player	<= 13.0.0.289	—
adobe	flash_player	—	—
adobe	flash_player	—	—
adobe	flash_player	—	—
adobe	flash_player	—	—
adobe	flash_player	—	—
adobe	flash_player	—	—
adobe	flash_player	—	—
adobe	flash_player	—	—
adobe	flash_player	—	—
adobe	flash_player	—	—
adobe	flash_player	—	—
adobe	flash_player	—	—
adobe	flash_player	—	—
adobe	flash_player	—	—
adobe	flash_player	—	—
adobe	flash_player	—	—
adobe	flash_player	—	—
adobe	flash_player	—	—
adobe	flash_player	—	—
adobe	flash_player	—	—

CVSS provenance

nvd5.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N

osv5.0MEDIUM