CVE-2015-0310

HIGH KEV RANSOMWARE

Adobe Flash Player < 11.2.202.438 - Information Disclosure

Title source: rule

Description

Adobe Flash Player before 13.0.0.262 and 14.x through 16.x before 16.0.0.287 on Windows and OS X and before 11.2.202.438 on Linux does not properly restrict discovery of memory addresses, which allows attackers to bypass the ASLR protection mechanism on Windows, and have an unspecified impact on other platforms, via unknown vectors, as exploited in the wild in January 2015.

References (10)

[Patch, Vendor Advisory] http://helpx.adobe.com/security/products/flash-player/apsb15-02.html

[Broken Link] http://secunia.com/advisories/62452

[Broken Link] http://secunia.com/advisories/62601

[Broken Link] http://secunia.com/advisories/62660

[Broken Link] http://secunia.com/advisories/62740

[Third Party Advisory] http://security.gentoo.org/glsa/glsa-201502-02.xml

[Broken Link, Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/72261

[Broken Link, Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1031609

[Third Party Advisory, US Government Resource] https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2015-0310

[Issue Tracking] https://github.com/cisagov/vulnrichment/issues/196

Scores

CVSS v3 7.8

EPSS 0.1011

EPSS Percentile 93.1%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CISA KEV 2022-05-25

VulnCheck KEV 2015-01-16

InTheWild.io 2015-01-16

ENISA EUVD EUVD-2015-0323

Ransomware Use Confirmed

CWE

CWE-200

Status published

Products (1)

adobe/flash_player < 11.2.202.438

Published Jan 23, 2015

KEV Added May 25, 2022

Tracked Since Feb 18, 2026