CVE-2015-3113

CRITICAL KEV

Adobe Flash Player Nellymoser Audio Decoding Buffer Overflow

Title source: metasploit

Description

Heap-based buffer overflow in Adobe Flash Player before 13.0.0.296 and 14.x through 18.x before 18.0.0.194 on Windows and OS X and before 11.2.202.468 on Linux allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in June 2015.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotemultiple

https://www.exploit-db.com/exploits/37536

View Code ZIP pw:eip

metasploit WORKING POC GREAT

by Unknown, juan vazquez · rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/browser/adobe_flash_nellymoser_bof.rb

View Code ZIP pw:eip

References (15)

[Mailing List, Third Party Advisory] http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00020.html

[Mailing List, Third Party Advisory] http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00025.html

[Mailing List, Third Party Advisory] http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00002.html

[Mailing List] http://marc.info/?l=bugtraq&m=144050155601375&w=2

[Third Party Advisory] http://rhn.redhat.com/errata/RHSA-2015-1184.html

[Broken Link, Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/75371

[Broken Link, Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1032696

[Issue Tracking] https://bugzilla.redhat.com/show_bug.cgi?id=1235036

[Issue Tracking] https://bugzilla.suse.com/show_bug.cgi?id=935701

[Broken Link] https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04952467

[Broken Link, Patch, Vendor Advisory] https://helpx.adobe.com/security/products/flash-player/apsb15-14.html

[Third Party Advisory] https://security.gentoo.org/glsa/201507-13

[Third Party Advisory] https://www.suse.com/security/cve/CVE-2015-3113.html

[Third Party Advisory, US Government Resource] https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2015-3113

[Issue Tracking] https://github.com/cisagov/vulnrichment/issues/196

Scores

CVSS v3 9.8

EPSS 0.9242

EPSS Percentile 99.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CISA KEV 2022-04-13

VulnCheck KEV 2015-06-23

InTheWild.io 2015-06-23

ENISA EUVD EUVD-2015-3194

CWE

CWE-122 CWE-787

Status published

Products (17)

adobe/flash_player < 13.0.0.296

hp/insight_orchestration < 7.5.0

hp/system_management_homepage < 7.5.0

hp/systems_insight_manager < 7.5

hp/version_control_agent < 7.5.0

hp/version_control_repository_manager 7.6

hp/version_control_repository_manager < 7.5.0

hp/virtual_connect_enterprise_manager < 7.5.0

opensuse/evergreen 11.4

opensuse/opensuse 13.1

... and 7 more

Published Jun 23, 2015

KEV Added Apr 13, 2022

Tracked Since Feb 18, 2026