CVE-2015-3133

EXPLOITED RANSOMWARE

Adobe Flash Player <13.0.0.302,14.x<18.0.0.203 - Memory Corruption

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2015-3133 has been observed exploited in the wild (reported by VulnCheck KEV), including in ransomware campaigns.

Description

Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0.0.203 on Windows and OS X and before 11.2.202.481 on Linux, Adobe AIR before 18.0.0.180, Adobe AIR SDK before 18.0.0.180, and Adobe AIR SDK & Compiler before 18.0.0.180 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-3117, CVE-2015-3123, CVE-2015-3130, CVE-2015-3134, and CVE-2015-4431.

References (7)

Core 7
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1032810
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/75591
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2015-1214.html
Third Party Advisory vendor-advisory x_refsource_gentoo
https://security.gentoo.org/glsa/201507-13

Scores

EPSS 0.0531
EPSS Percentile 91.6%

Details

VulnCheck KEV 2015-06-29
Ransomware Use Confirmed
CWE
CWE-119
Status published
Products (24)
adobe/air < 18.0.0.144
adobe/air_sdk < 18.0.0.144
adobe/air_sdk_\&_compiler < 18.0.0.144
adobe/flash_player 14.0.0.125
adobe/flash_player 14.0.0.145
adobe/flash_player 14.0.0.176
adobe/flash_player 14.0.0.179
adobe/flash_player 15.0.0.152
adobe/flash_player 15.0.0.167
adobe/flash_player 15.0.0.189
... and 14 more
Published Jul 09, 2015
Tracked Since Feb 18, 2026