CVE-2015-8651 — HIGH (8.8) — White Hats Nepal

Q: How severe is CVE-2015-8651?

CVE-2015-8651 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2015-8651?

Check the references section above for vendor advisories and patch information. Affected products include: Adobe Air Sdk, Adobe Air Sdk \& Compiler, Apple Iphone Os, Apple Mac Os X, Google Android.

Vulnerability Description

Integer overflow in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR SDK before 20.0.0.233, and Adobe AIR SDK & Compiler before 20.0.0.233 allows attackers to execute arbitrary code via unspecified vectors.

CVSS Score

8.8

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Adobe	Air Sdk	< 20.0.0.233
Adobe	Air Sdk \& Compiler	< 20.0.0.233
Apple	Iphone Os	All versions
Apple	Mac Os X	All versions
Google	Android	All versions
Microsoft	Windows	All versions
Adobe	Flash Player	< 11.2.202.559
Linux	Linux Kernel	All versions
Adobe	Air	< 20.0.0.233
Redhat	Enterprise Linux Desktop	5.0
Redhat	Enterprise Linux Server	5.0
Redhat	Enterprise Linux Workstation	5.0
Opensuse	Evergreen	11.4
Opensuse	Opensuse	13.1
Suse	Linux Enterprise Desktop	11
Suse	Linux Enterprise Workstation Extension	12
Hp	Insight Control	< 7.6
Hp	Insight Control Server Provisioning	< 7.6
Hp	Matrix Operating Environment	7.6
Hp	System Management Homepage	< 7.6

Related Weaknesses (CWE)

CWE-190

References

http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00045.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00046.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00047.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00048.htmlMailing ListThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2015-2697.htmlThird Party Advisory
http://www.securityfocus.com/bid/79705Broken LinkThird Party AdvisoryVDB Entry
http://www.securitytracker.com/id/1034544Broken LinkThird Party AdvisoryVDB Entry
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-cThird Party Advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-cThird Party Advisory
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-cThird Party Advisory
https://helpx.adobe.com/security/products/flash-player/apsb16-01.htmlNot ApplicablePatchVendor Advisory
https://security.gentoo.org/glsa/201601-03Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00045.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00046.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00047.htmlMailing ListThird Party Advisory

FAQ

What is CVE-2015-8651?

CVE-2015-8651 is a vulnerability with a CVSS score of 8.8 (HIGH). Integer overflow in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR SDK before 20....

How severe is CVE-2015-8651?

CVE-2015-8651 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2015-8651?

Check the references section above for vendor advisories and patch information. Affected products include: Adobe Air Sdk, Adobe Air Sdk \& Compiler, Apple Iphone Os, Apple Mac Os X, Google Android.