CVE-2015-5576

Adobe Flash Player <18.0.0.241-11.2.202.521 - Memory Corruption

Title source: llm
STIX 2.1

Description

Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 do not properly restrict discovery of memory addresses, which allows attackers to bypass the ASLR protection mechanism via unspecified vectors.

References (13)

Core 13
Core References
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2015-1814.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/76802
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1033629
Third Party Advisory vendor-advisory x_refsource_gentoo
https://security.gentoo.org/glsa/201509-07

Scores

EPSS 0.0548
EPSS Percentile 91.8%

Details

CWE
CWE-200
Status published
Products (28)
adobe/air < 18.0.0.199
adobe/air_sdk < 18.0.0.199
adobe/air_sdk_\&_compiler < 18.0.0.180
adobe/flash_player 14.0.0.125
adobe/flash_player 14.0.0.145
adobe/flash_player 14.0.0.176
adobe/flash_player 14.0.0.179
adobe/flash_player 15.0.0.152
adobe/flash_player 15.0.0.167
adobe/flash_player 15.0.0.189
... and 18 more
Published Sep 22, 2015
Tracked Since Feb 18, 2026