CVE-2015-7632 — HIGH (9.3) — White Hats Nepal

Q: How severe is CVE-2015-7632?

CVE-2015-7632 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2015-7632?

Check the references section above for vendor advisories and patch information. Affected products include: Adobe Flash Player, Linux Linux Kernel, Adobe Air, Google Android, Apple Mac Os X.

Vulnerability Description

Buffer overflow in Adobe Flash Player before 18.0.0.252 and 19.x before 19.0.0.207 on Windows and OS X and before 11.2.202.535 on Linux, Adobe AIR before 19.0.0.213, Adobe AIR SDK before 19.0.0.213, and Adobe AIR SDK & Compiler before 19.0.0.213 allows attackers to execute arbitrary code via a Loader object with a crafted loaderBytes property.

CVSS Score

9.3

HIGH

AV:N/AC:M/Au:N/C:C/I:C/A:C

Confidentiality

COMPLETE

Integrity

COMPLETE

Availability

COMPLETE

Affected Products

Vendor	Product	Versions
Adobe	Flash Player	<= 11.2.202.521
Linux	Linux Kernel	-
Adobe	Air	<= 19.0.0.190
Google	Android	All versions
Apple	Mac Os X	-
Microsoft	Windows	-
Adobe	Air Sdk	<= 19.0.0.190
Adobe	Air Sdk \& Compiler	<= 19.0.0.190

Related Weaknesses (CWE)

CWE-119

References

FAQ

What is CVE-2015-7632?

CVE-2015-7632 is a vulnerability with a CVSS score of 9.3 (HIGH). Buffer overflow in Adobe Flash Player before 18.0.0.252 and 19.x before 19.0.0.207 on Windows and OS X and before 11.2.202.535 on Linux, Adobe AIR before 19.0.0.213, Adobe AIR SDK before 19.0.0.213, a...

How severe is CVE-2015-7632?

CVE-2015-7632 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2015-7632?

Check the references section above for vendor advisories and patch information. Affected products include: Adobe Flash Player, Linux Linux Kernel, Adobe Air, Google Android, Apple Mac Os X.