CVE-2015-3113 — CRITICAL (9.8)

Q: How severe is CVE-2015-3113?

CVE-2015-3113 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Q: Is there a patch for CVE-2015-3113?

Check the references section above for vendor advisories and patch information. Affected products include: Adobe Flash Player, Apple Mac Os X, Microsoft Windows, Linux Linux Kernel, Opensuse Evergreen.

Vulnerability Description

Heap-based buffer overflow in Adobe Flash Player before 13.0.0.296 and 14.x through 18.x before 18.0.0.194 on Windows and OS X and before 11.2.202.468 on Linux allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in June 2015.

CVSS Score

9.8

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Adobe	Flash Player	< 13.0.0.296
Apple	Mac Os X	-
Microsoft	Windows	-
Linux	Linux Kernel	-
Opensuse	Evergreen	11.4
Opensuse	Opensuse	13.1
Suse	Linux Enterprise Desktop	12
Suse	Linux Enterprise Workstation Extension	12
Hp	Insight Orchestration	< 7.5.0
Hp	System Management Homepage	< 7.5.0
Hp	Systems Insight Manager	< 7.5
Hp	Version Control Agent	< 7.5.0
Hp	Version Control Repository Manager	< 7.5.0
Hp	Virtual Connect Enterprise Manager	< 7.5.0
Redhat	Enterprise Linux Desktop	6.0
Redhat	Enterprise Linux Eus	6.6
Redhat	Enterprise Linux Server	6.0
Redhat	Enterprise Linux Workstation	6.0

Related Weaknesses (CWE)

CWE-122 CWE-787

References

http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00020.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00025.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00002.htmlMailing ListThird Party Advisory
http://marc.info/?l=bugtraq&m=144050155601375&w=2Mailing List
http://rhn.redhat.com/errata/RHSA-2015-1184.htmlThird Party Advisory
http://www.securityfocus.com/bid/75371Broken LinkThird Party AdvisoryVDB Entry
http://www.securitytracker.com/id/1032696Broken LinkThird Party AdvisoryVDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=1235036Issue Tracking
https://bugzilla.suse.com/show_bug.cgi?id=935701Issue Tracking
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-cBroken Link
https://helpx.adobe.com/security/products/flash-player/apsb15-14.htmlBroken LinkPatchVendor Advisory
https://security.gentoo.org/glsa/201507-13Third Party Advisory
https://www.suse.com/security/cve/CVE-2015-3113.htmlThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00020.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00025.htmlMailing ListThird Party Advisory

FAQ

What is CVE-2015-3113?

CVE-2015-3113 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Heap-based buffer overflow in Adobe Flash Player before 13.0.0.296 and 14.x through 18.x before 18.0.0.194 on Windows and OS X and before 11.2.202.468 on Linux allows remote attackers to execute arbit...

How severe is CVE-2015-3113?

CVE-2015-3113 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2015-3113?

Check the references section above for vendor advisories and patch information. Affected products include: Adobe Flash Player, Apple Mac Os X, Microsoft Windows, Linux Linux Kernel, Opensuse Evergreen.