CVE-2015-0310 — HIGH (7.8) — White Hats Nepal

Q: How severe is CVE-2015-0310?

CVE-2015-0310 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2015-0310?

Check the references section above for vendor advisories and patch information. Affected products include: Adobe Flash Player, Linux Linux Kernel, Apple Mac Os X, Microsoft Windows.

Vulnerability Description

Adobe Flash Player before 13.0.0.262 and 14.x through 16.x before 16.0.0.287 on Windows and OS X and before 11.2.202.438 on Linux does not properly restrict discovery of memory addresses, which allows attackers to bypass the ASLR protection mechanism on Windows, and have an unspecified impact on other platforms, via unknown vectors, as exploited in the wild in January 2015.

CVSS Score

7.8

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Adobe	Flash Player	< 11.2.202.438
Linux	Linux Kernel	-
Apple	Mac Os X	-
Microsoft	Windows	-

Related Weaknesses (CWE)

CWE-200

References

http://helpx.adobe.com/security/products/flash-player/apsb15-02.htmlPatchVendor Advisory
http://secunia.com/advisories/62452Broken Link
http://secunia.com/advisories/62601Broken Link
http://secunia.com/advisories/62660Broken Link
http://secunia.com/advisories/62740Broken Link
http://security.gentoo.org/glsa/glsa-201502-02.xmlThird Party Advisory
http://www.securityfocus.com/bid/72261Broken LinkThird Party AdvisoryVDB Entry
http://www.securitytracker.com/id/1031609Broken LinkThird Party AdvisoryVDB Entry
http://helpx.adobe.com/security/products/flash-player/apsb15-02.htmlPatchVendor Advisory
http://secunia.com/advisories/62452Broken Link
http://secunia.com/advisories/62601Broken Link
http://secunia.com/advisories/62660Broken Link
http://secunia.com/advisories/62740Broken Link
http://security.gentoo.org/glsa/glsa-201502-02.xmlThird Party Advisory
http://www.securityfocus.com/bid/72261Broken LinkThird Party AdvisoryVDB Entry

FAQ

What is CVE-2015-0310?

CVE-2015-0310 is a vulnerability with a CVSS score of 7.8 (HIGH). Adobe Flash Player before 13.0.0.262 and 14.x through 16.x before 16.0.0.287 on Windows and OS X and before 11.2.202.438 on Linux does not properly restrict discovery of memory addresses, which allows...

How severe is CVE-2015-0310?

CVE-2015-0310 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2015-0310?

Check the references section above for vendor advisories and patch information. Affected products include: Adobe Flash Player, Linux Linux Kernel, Apple Mac Os X, Microsoft Windows.