CVE-2015-0307

Adobe Air < 15.0.0.356 - Memory Corruption

Title source: rule
STIX 2.1

Description

Adobe Flash Player before 13.0.0.260 and 14.x through 16.x before 16.0.0.257 on Windows and OS X and before 11.2.202.429 on Linux, Adobe AIR before 16.0.0.245 on Windows and OS X and before 16.0.0.272 on Android, Adobe AIR SDK before 16.0.0.272, and Adobe AIR SDK & Compiler before 16.0.0.272 allow remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via unspecified vectors.

References (10)

Core 10
Core References
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/62371
Third Party Advisory vendor-advisory x_refsource_gentoo
http://security.gentoo.org/glsa/glsa-201502-02.xml
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/62740
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/62177
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/62252
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1031525
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/72037
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/62187
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/99988

Scores

EPSS 0.0527
EPSS Percentile 91.6%

Details

CWE
CWE-119
Status published
Products (18)
adobe/adobe_air < 15.0.0.356 (2 CPE variants)
adobe/adobe_air_sdk < 15.0.0.356
adobe/adobe_air_sdk_and_compiler < 15.0.0.356
adobe/flash_player 14.0.0.125
adobe/flash_player 14.0.0.145
adobe/flash_player 14.0.0.176
adobe/flash_player 14.0.0.179
adobe/flash_player 15.0.0.144
adobe/flash_player 15.0.0.152
adobe/flash_player 15.0.0.167
... and 8 more
Published Jan 13, 2015
Tracked Since Feb 18, 2026