CVE-2015-0309

Adobe Flash Player < 13.0.0.260 and 14.x-16.x < 16.0.0.257 - Remote Code Execution

Title source: llm
STIX 2.1

Description

Heap-based buffer overflow in Adobe Flash Player before 13.0.0.260 and 14.x through 16.x before 16.0.0.257 on Windows and OS X and before 11.2.202.429 on Linux, Adobe AIR before 16.0.0.245 on Windows and OS X and before 16.0.0.272 on Android, Adobe AIR SDK before 16.0.0.272, and Adobe AIR SDK & Compiler before 16.0.0.272 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-0304.

References (10)

Core 10
Core References
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/62371
Third Party Advisory vendor-advisory x_refsource_gentoo
http://security.gentoo.org/glsa/glsa-201502-02.xml
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/99986
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/62740
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/62177
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/62252
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1031525
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/62187
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/72038

Scores

EPSS 0.0874
EPSS Percentile 94.5%

Details

CWE
CWE-119
Status published
Products (19)
adobe/adobe_air < 15.0.0.356 (2 CPE variants)
adobe/adobe_air_sdk < 15.0.0.356
adobe/adobe_air_sdk_and_compiler < 15.0.0.356
adobe/flash_player 14.0.0.125
adobe/flash_player 14.0.0.145
adobe/flash_player 14.0.0.176
adobe/flash_player 14.0.0.179
adobe/flash_player 15.0.0.144
adobe/flash_player 15.0.0.152
adobe/flash_player 15.0.0.167
... and 9 more
Published Jan 13, 2015
Tracked Since Feb 18, 2026