CVE-2015-5576
Adobe Flash Player <18.0.0.241-11.2.202.521 - Memory Corruption
Title source: llmDescription
Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 do not properly restrict discovery of memory addresses, which allows attackers to bypass the ASLR protection mechanism via unspecified vectors.
References (13)
Core 13
Core References
Vendor Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2015-1814.html
Vendor Advisory x_refsource_confirm
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/76802
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00023.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1033629
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00024.html
Various Sources x_refsource_confirm
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04939841
Vendor Advisory x_refsource_confirm
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722
Patch, Vendor Advisory x_refsource_confirm
https://helpx.adobe.com/security/products/flash-player/apsb15-23.html
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00022.html
Third Party Advisory vendor-advisory
x_refsource_gentoo
https://security.gentoo.org/glsa/201509-07
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00018.html
Vendor Advisory x_refsource_confirm
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388
Scores
EPSS
0.0548
EPSS Percentile
91.8%
Details
CWE
CWE-200
Status
published
Products (28)
adobe/air
< 18.0.0.199
adobe/air_sdk
< 18.0.0.199
adobe/air_sdk_\&_compiler
< 18.0.0.180
adobe/flash_player
14.0.0.125
adobe/flash_player
14.0.0.145
adobe/flash_player
14.0.0.176
adobe/flash_player
14.0.0.179
adobe/flash_player
15.0.0.152
adobe/flash_player
15.0.0.167
adobe/flash_player
15.0.0.189
... and 18 more
Published
Sep 22, 2015
Tracked Since
Feb 18, 2026