CVE-2015-3088

Adobe Flash Player <13.0.0.289-17.0.0.188 - Buffer Overflow

Title source: llm

Description

Heap-based buffer overflow in Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188 on Windows and OS X and before 11.2.202.460 on Linux, Adobe AIR before 17.0.0.172, Adobe AIR SDK before 17.0.0.172, and Adobe AIR SDK & Compiler before 17.0.0.172 allows attackers to execute arbitrary code via unspecified vectors.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Google Security Research · textdoswindows

https://www.exploit-db.com/exploits/37844

View Code ZIP pw:eip

References (9)

[Vendor Advisory] http://rhn.redhat.com/errata/RHSA-2015-1005.html

[Patch, Vendor Advisory] https://helpx.adobe.com/security/products/flash-player/apsb15-09.html

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/74609

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/37844/

[Third Party Advisory] https://security.gentoo.org/glsa/201505-02

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1032285

[Mailing List] http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00007.html

[Mailing List] http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00010.html

[Mailing List] http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00016.html

Scores

EPSS 0.7945

EPSS Percentile 99.1%

Details

CWE

CWE-119

Status published

Products (20)

adobe/air < 17.0.0.144

adobe/air_sdk < 17.0.0.144

adobe/air_sdk_\&_compiler < 17.0.0.144

adobe/flash_player 14.0.0.125

adobe/flash_player 14.0.0.145

adobe/flash_player 14.0.0.176

adobe/flash_player 14.0.0.179

adobe/flash_player 15.0.0.152

adobe/flash_player 15.0.0.167

adobe/flash_player 15.0.0.189

... and 10 more

Published May 13, 2015

Tracked Since Feb 18, 2026