CVE-2015-8651

HIGH KEV RANSOMWARE

Adobe Air SDK < 20.0.0.233 - Integer Overflow

Title source: rule

Description

Integer overflow in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR SDK before 20.0.0.233, and Adobe AIR SDK & Compiler before 20.0.0.233 allows attackers to execute arbitrary code via unspecified vectors.

Exploits (1)

nomisec

by Gitlabpro · poc

https://github.com/Gitlabpro/The-analysis-of-the-cve-2015-8651

View on nomisec

References (13)

[Mailing List, Third Party Advisory] http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00045.html

[Mailing List, Third Party Advisory] http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00046.html

[Mailing List, Third Party Advisory] http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00047.html

[Mailing List, Third Party Advisory] http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00048.html

[Third Party Advisory] http://rhn.redhat.com/errata/RHSA-2015-2697.html

[Broken Link, Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/79705

[Broken Link, Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1034544

[Third Party Advisory] https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388

[Third Party Advisory] https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680

[Third Party Advisory] https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722

[Not Applicable, Patch, Vendor Advisory] https://helpx.adobe.com/security/products/flash-player/apsb16-01.html

[Third Party Advisory] https://security.gentoo.org/glsa/201601-03

[Third Party Advisory, US Government Resource] https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2015-8651

Scores

CVSS v3 8.8

EPSS 0.8906

EPSS Percentile 99.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CISA KEV 2022-05-25

VulnCheck KEV 2015-12-28

InTheWild.io 2015-12-28

ENISA EUVD EUVD-2015-8528

Ransomware Use Confirmed

CWE

CWE-190

Status published

Products (22)

adobe/air < 20.0.0.233

adobe/air_sdk < 20.0.0.233

adobe/air_sdk_\&_compiler < 20.0.0.233

adobe/flash_player < 11.2.202.559

hp/insight_control < 7.6

hp/insight_control_server_provisioning < 7.6

hp/matrix_operating_environment 7.6

hp/system_management_homepage < 7.6

hp/systems_insight_manager < 7.6

hp/version_control_repository_manager < 7.6

... and 12 more

Published Dec 28, 2015

KEV Added May 25, 2022

Tracked Since Feb 18, 2026