CVE-2015-3043

Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, as exploited in the wild in April 2015, a different vulnerability than CVE-2015-0347, CVE-2015-0350, CVE-2015-0352, CVE-2015-0353, CVE-2015-0354, CVE-2015-0355, CVE-2015-0360, CVE-2015-3038, CVE-2015-3041, and CVE-2015-3042.

CVSS v3.0 9.8 CRITICAL
CVSS v2.0 10.0 HIGH

9.8^/10

CVSS v3.0 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

10.0^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00010.html	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00011.html	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00012.html	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00013.html	Mailing List Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2015-0813.html	Third Party Advisory
http://www.securityfocus.com/bid/74062	Broken Link Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1032105	Broken Link Third Party Advisory VDB Entry
https://helpx.adobe.com/security/products/flash-player/apsb15-06.html	Broken Link Patch Vendor Advisory
https://security.gentoo.org/glsa/201504-07	Third Party Advisory
https://www.exploit-db.com/exploits/37536/	Exploit Third Party Advisory VDB Entry
http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00010.html	Mailing List Third Party Advisory
https://www.exploit-db.com/exploits/37536/	Exploit Third Party Advisory VDB Entry
https://security.gentoo.org/glsa/201504-07	Third Party Advisory
https://helpx.adobe.com/security/products/flash-player/apsb15-06.html	Broken Link Patch Vendor Advisory
http://www.securitytracker.com/id/1032105	Broken Link Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/74062	Broken Link Third Party Advisory VDB Entry
http://rhn.redhat.com/errata/RHSA-2015-0813.html	Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00013.html	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00012.html	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00011.html	Mailing List Third Party Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

OR	cpe:2.3:a:adobe:flash_player::::::::
	cpe:2.3:a:adobe:flash_player::::::::

OR	cpe:2.3:o:apple:mac_os_x:-:::::::*
	cpe:2.3:o:microsoft:windows:-:::::::*

Configuration 3 (hide)

OR	cpe:2.3:o:opensuse:evergreen:11.4:::::::*
	cpe:2.3:o:novell:suse_linux_enterprise_desktop:12.0:::::::*
	cpe:2.3:o:novell:suse_linux_enterprise_workstation_extension:12.0:::::::*
	cpe:2.3:o:novell:suse_linux_enterprise_desktop:11.0:sp3::::::
	cpe:2.3:o:opensuse:opensuse:13.1:::::::*
	cpe:2.3:o:opensuse:opensuse:13.2:::::::*

Configuration 4 (hide)

OR	cpe:2.3:o:redhat:enterprise_linux_server:5.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_aus:6.6:::::::*
	cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_eus:6.6:::::::*
	cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_from_rhui:6.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_from_rhui:5.0:::::::*

History

22 Jan 2025, 17:08

Type	Values Removed	Values Added
References	~~(SUSE) http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00013.html - Mailing List, Third Party Advisory~~	() http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00013.html - Mailing List, Third Party Advisory
References	~~(SUSE) http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00012.html - Mailing List, Third Party Advisory~~	() http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00012.html - Mailing List, Third Party Advisory
References	~~(EXPLOIT-DB) https://www.exploit-db.com/exploits/37536/ - Exploit, Third Party Advisory, VDB Entry~~	() https://www.exploit-db.com/exploits/37536/ - Exploit, Third Party Advisory, VDB Entry
References	~~(CONFIRM) https://helpx.adobe.com/security/products/flash-player/apsb15-06.html - Broken Link, Patch, Vendor Advisory~~	() https://helpx.adobe.com/security/products/flash-player/apsb15-06.html - Broken Link, Patch, Vendor Advisory
References	~~(SUSE) http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00010.html - Mailing List, Third Party Advisory~~	() http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00010.html - Mailing List, Third Party Advisory
References	~~(BID) http://www.securityfocus.com/bid/74062 - Broken Link, Third Party Advisory, VDB Entry~~	() http://www.securityfocus.com/bid/74062 - Broken Link, Third Party Advisory, VDB Entry
References	~~(SUSE) http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00011.html - Mailing List, Third Party Advisory~~	() http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00011.html - Mailing List, Third Party Advisory
References	~~(SECTRACK) http://www.securitytracker.com/id/1032105 - Broken Link, Third Party Advisory, VDB Entry~~	() http://www.securitytracker.com/id/1032105 - Broken Link, Third Party Advisory, VDB Entry
References	~~(REDHAT) http://rhn.redhat.com/errata/RHSA-2015-0813.html - Third Party Advisory~~	() http://rhn.redhat.com/errata/RHSA-2015-0813.html - Third Party Advisory
References	~~(GENTOO) https://security.gentoo.org/glsa/201504-07 - Third Party Advisory~~	() https://security.gentoo.org/glsa/201504-07 - Third Party Advisory

16 Jul 2024, 17:34

Type	Values Removed	Values Added
CVSS	v2 : ~~10.0~~ v3 : ~~unknown~~	v2 : 10.0 v3 : 9.8
References	~~(SECTRACK) http://www.securitytracker.com/id/1032105 -~~	(SECTRACK) http://www.securitytracker.com/id/1032105 - Broken Link, Third Party Advisory, VDB Entry
References	~~(EXPLOIT-DB) https://www.exploit-db.com/exploits/37536/ -~~	(EXPLOIT-DB) https://www.exploit-db.com/exploits/37536/ - Exploit, Third Party Advisory, VDB Entry
References	~~(CONFIRM) https://helpx.adobe.com/security/products/flash-player/apsb15-06.html - Patch, Vendor Advisory~~	(CONFIRM) https://helpx.adobe.com/security/products/flash-player/apsb15-06.html - Broken Link, Patch, Vendor Advisory
References	~~(BID) http://www.securityfocus.com/bid/74062 -~~	(BID) http://www.securityfocus.com/bid/74062 - Broken Link, Third Party Advisory, VDB Entry
References	~~(SUSE) http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00011.html - Third Party Advisory~~	(SUSE) http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00011.html - Mailing List, Third Party Advisory
References	~~(GENTOO) https://security.gentoo.org/glsa/201504-07 -~~	(GENTOO) https://security.gentoo.org/glsa/201504-07 - Third Party Advisory
References	~~(SUSE) http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00013.html -~~	(SUSE) http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00013.html - Mailing List, Third Party Advisory
References	~~(SUSE) http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00012.html - Third Party Advisory~~	(SUSE) http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00012.html - Mailing List, Third Party Advisory
References	~~(SUSE) http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00010.html - Third Party Advisory~~	(SUSE) http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00010.html - Mailing List, Third Party Advisory
CPE	cpe:2.3:a:adobe:flash_player:14.0.0.125:::::::* cpe:2.3:o:redhat:enterprise_linux_workstation_supplementary:6.0:::::::* cpe:2.3:o:redhat:enterprise_linux_desktop_supplementary:5.0:client:::::: cpe:2.3:a:adobe:flash_player:15.0.0.246:::::::* cpe:2.3:a:adobe:flash_player:17.0.0.134:::::::* cpe:2.3:a:adobe:flash_player:15.0.0.167:::::::* cpe:2.3:a:adobe:flash_player:15.0.0.152:::::::* cpe:2.3:a:adobe:flash_player:16.0.0.257:::::::* cpe:2.3:o:redhat:enterprise_linux_supplementary:5.0:server:::::: cpe:2.3:a:adobe:flash_player:16.0.0.296:::::::* cpe:2.3:o:redhat:enterprise_linux_server_supplementary:6.0:::::::* cpe:2.3:a:adobe:flash_player:14.0.0.179:::::::* cpe:2.3:a:adobe:flash_player:15.0.0.189:::::::* cpe:2.3:a:adobe:flash_player:16.0.0.235:::::::* cpe:2.3:o:redhat:enterprise_linux_desktop_supplementary:6.0:::::::* cpe:2.3:a:adobe:flash_player:15.0.0.223:::::::* cpe:2.3:a:adobe:flash_player:15.0.0.239:::::::* cpe:2.3:a:adobe:flash_player:16.0.0.287:::::::* cpe:2.3:a:adobe:flash_player:14.0.0.176:::::::* cpe:2.3:o:redhat:enterprise_linux_server_supplementary_eus:6.6.z:::::::* cpe:2.3:a:adobe:flash_player:14.0.0.145:::::::*	cpe:2.3:o:redhat:enterprise_linux_eus:6.6:::::::* cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::* cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::* cpe:2.3:o:redhat:enterprise_linux_server_aus:6.6:::::::* cpe:2.3:o:redhat:enterprise_linux_server_from_rhui:6.0:::::::* cpe:2.3:o:opensuse:evergreen:11.4:::::::* cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:::::::* cpe:2.3:o:redhat:enterprise_linux_server:5.0:::::::* cpe:2.3:o:redhat:enterprise_linux_server_from_rhui:5.0:::::::* cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::* cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:::::::*
First Time		Redhat enterprise Linux Desktop Redhat enterprise Linux Server Aus Redhat enterprise Linux Workstation Redhat enterprise Linux Server From Rhui Redhat enterprise Linux Eus Opensuse evergreen Redhat enterprise Linux Server
CWE	~~NVD-CWE-noinfo~~	CWE-787

Information

Published : 2015-04-14 22:59

Updated : 2025-02-14 15:59

NVD link : CVE-2015-3043

Mitre link : CVE-2015-3043

JSON object : View

Products Affected

redhat

enterprise_linux_server_from_rhui
enterprise_linux_server
enterprise_linux_desktop
enterprise_linux_workstation
enterprise_linux_eus
enterprise_linux_server_aus

novell

suse_linux_enterprise_workstation_extension
suse_linux_enterprise_desktop

apple

mac_os_x

adobe

flash_player

opensuse

opensuse
evergreen

linux

linux_kernel

microsoft

windows

CWE

CWE-787

Out-of-bounds Write

9.8 /10