CVE-2015-0312 — HIGH (9.3) — White Hats Nepal

Q: How severe is CVE-2015-0312?

CVE-2015-0312 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2015-0312?

Check the references section above for vendor advisories and patch information. Affected products include: Adobe Flash Player, Linux Linux Kernel, Microsoft Internet Explorer, Microsoft Windows 8, Microsoft Windows 8.1.

Vulnerability Description

Double free vulnerability in Adobe Flash Player before 13.0.0.264 and 14.x through 16.x before 16.0.0.296 on Windows and OS X and before 11.2.202.440 on Linux allows attackers to execute arbitrary code via unspecified vectors.

CVSS Score

9.3

HIGH

AV:N/AC:M/Au:N/C:C/I:C/A:C

Confidentiality

COMPLETE

Integrity

COMPLETE

Availability

COMPLETE

Affected Products

Vendor	Product	Versions
Adobe	Flash Player	<= 11.2.202.438
Linux	Linux Kernel	-
Microsoft	Internet Explorer	10
Microsoft	Windows 8	-
Microsoft	Windows 8.1	-
Apple	Macos	-
Microsoft	Windows	-
Adobe	Flash Player Desktop Runtime	<= 16.0.0.287

Related Weaknesses (CWE)

CWE-415

References

http://helpx.adobe.com/security/products/flash-player/apsb15-03.htmlPatchVendor Advisory
http://secunia.com/advisories/62432Third Party Advisory
http://secunia.com/advisories/62543Third Party Advisory
http://secunia.com/advisories/62660Third Party Advisory
http://www.securityfocus.com/bid/72343Third Party AdvisoryVDB Entry
http://www.securitytracker.com/id/1031634Third Party AdvisoryVDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/100394Third Party AdvisoryVDB Entry
https://technet.microsoft.com/library/security/2755801Third Party Advisory
http://helpx.adobe.com/security/products/flash-player/apsb15-03.htmlPatchVendor Advisory
http://secunia.com/advisories/62432Third Party Advisory
http://secunia.com/advisories/62543Third Party Advisory
http://secunia.com/advisories/62660Third Party Advisory
http://www.securityfocus.com/bid/72343Third Party AdvisoryVDB Entry
http://www.securitytracker.com/id/1031634Third Party AdvisoryVDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/100394Third Party AdvisoryVDB Entry

FAQ

What is CVE-2015-0312?

CVE-2015-0312 is a vulnerability with a CVSS score of 9.3 (HIGH). Double free vulnerability in Adobe Flash Player before 13.0.0.264 and 14.x through 16.x before 16.0.0.296 on Windows and OS X and before 11.2.202.440 on Linux allows attackers to execute arbitrary cod...

How severe is CVE-2015-0312?

CVE-2015-0312 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2015-0312?

Check the references section above for vendor advisories and patch information. Affected products include: Adobe Flash Player, Linux Linux Kernel, Microsoft Internet Explorer, Microsoft Windows 8, Microsoft Windows 8.1.