1. Home
  2. CVE Database
  3. CVE-2015-3097
MEDIUM · 5.0

CVE-2015-3097

Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160, Adobe AIR before 18.0.0.144, Adobe AIR SDK before 18.0.0.144, and Adobe AIR SDK & Compiler before 18.0.0.144 on 64-bit Win...

Vulnerability Description

Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160, Adobe AIR before 18.0.0.144, Adobe AIR SDK before 18.0.0.144, and Adobe AIR SDK & Compiler before 18.0.0.144 on 64-bit Windows 7 systems do not properly select a random memory address for the Flash heap, which makes it easier for attackers to conduct unspecified attacks by predicting this address.

CVSS Score

5.0

MEDIUM

AV:N/AC:L/Au:N/C:P/I:N/A:N
Confidentiality
PARTIAL
Integrity
NONE
Availability
NONE

Affected Products

VendorProductVersions
AdobeAir<= 17.0.0.172
AdobeAir Sdk<= 17.0.0.172
AdobeAir Sdk \& Compiler<= 17.0.0.172
AdobeFlash Player<= 13.0.0.289
MicrosoftWindows 7All versions

Related Weaknesses (CWE)

CWE-200

References

FAQ

What is CVE-2015-3097?

CVE-2015-3097 is a vulnerability with a CVSS score of 5.0 (MEDIUM). Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160, Adobe AIR before 18.0.0.144, Adobe AIR SDK before 18.0.0.144, and Adobe AIR SDK & Compiler before 18.0.0.144 on 64-bit Win...

How severe is CVE-2015-3097?

CVE-2015-3097 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2015-3097?

Check the references section above for vendor advisories and patch information. Affected products include: Adobe Air, Adobe Air Sdk, Adobe Air Sdk \& Compiler, Adobe Flash Player, Microsoft Windows 7.