CVE-2015-5570 : Use-after-free vulnerability in Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-5574, CVE-2015-5581, CVE-2015-5584, and CVE-2015-6682.

Published 2015-09-22 10:59:03

Updated 2017-02-17 02:59:03

Source Adobe Systems Incorporated

View at NVD, CVE.org

Vulnerability category: Memory CorruptionExecute code

Exploit prediction scoring system (EPSS) score for CVE-2015-5570

Probability of exploitation activity in the next 30 days: 1.38%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 85 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2015-5570

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
10.0	HIGH	AV:N/AC:L/Au:N/C:C/I:C/A:C	10.0	10.0	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete

References for CVE-2015-5570

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680

HPSBMU03692 rev.1 - HPE Matrix Operating Environment, Multiple Remote Vulnerabilities

CVEs referencing this url
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722

HPSBMU03691 rev.1 - HPE Insight Control, Multiple Remote Vulnerabilities

CVEs referencing this url
http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00024.html

[security-announce] SUSE-SU-2015:1618-1: important: Security update for

CVEs referencing this url
https://security.gentoo.org/glsa/201509-07

Adobe Flash Player: Multiple vulnerabilities (GLSA 201509-07) — Gentoo security

CVEs referencing this url
http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00022.html

[security-announce] SUSE-SU-2015:1614-1: important: Security update for

CVEs referencing this url
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388

HPSBMU03668 rev.1 - HPE Systems Insight Manager using OpenSSL, Multiple Remote Vulnerabilities

CVEs referencing this url
http://www.securitytracker.com/id/1033629

Adobe Flash Player Bugs Let Remote Users Obtain Potentially Sensitive Information and Execute Arbitrary Code - SecurityTracker

CVEs referencing this url
http://rhn.redhat.com/errata/RHSA-2015-1814.html

RHSA-2015:1814 - Security Advisory - Red Hat Customer Portal

CVEs referencing this url
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04939841

HPSBHF03535 rev.3 - HPE iMC Service Health Manager (SHM) and iMC PLAT running Adobe Flash, Multiple Remote Vulnerabilities

CVEs referencing this url
http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00023.html

[security-announce] openSUSE-SU-2015:1616-1: critical: Security update f

CVEs referencing this url
https://helpx.adobe.com/security/products/flash-player/apsb15-23.html

Adobe Security Bulletin
Patch;Vendor Advisory

CVEs referencing this url
http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00018.html

[security-announce] openSUSE-SU-2015:1781-1: critical: Security update f

CVEs referencing this url
http://www.zerodayinitiative.com/advisories/ZDI-15-447

ZDI-15-447 | Zero Day Initiative
http://www.securityfocus.com/bid/76795

Adobe Flash Player and AIR APSB15-23 Multiple Use After Free Remote Code Execution Vulnerabilities

CVEs referencing this url

Products affected by CVE-2015-5570

Adobe » Flash Player
Versions up to, including, (<=) 13.0.0.289
cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*
Matching versions
When used together with: Apple » Mac Os X » Version: N/A
When used together with: Microsoft » Windows » Version: N/A
Adobe » Flash Player
Versions up to, including, (<=) 11.2.202.508
cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*
Matching versions
When used together with: Linux » Linux Kernel » Version: N/A
Adobe » Flash Player » Version: 14.0.0.125
cpe:2.3:a:adobe:flash_player:14.0.0.125:*:*:*:*:*:*:*
Matching versions
When used together with: Apple » Mac Os X » Version: N/A
When used together with: Microsoft » Windows » Version: N/A
Adobe » Flash Player » Version: 14.0.0.145
cpe:2.3:a:adobe:flash_player:14.0.0.145:*:*:*:*:*:*:*
Matching versions
When used together with: Apple » Mac Os X » Version: N/A
When used together with: Microsoft » Windows » Version: N/A
Adobe » Flash Player » Version: 14.0.0.179
cpe:2.3:a:adobe:flash_player:14.0.0.179:*:*:*:*:*:*:*
Matching versions
When used together with: Apple » Mac Os X » Version: N/A
When used together with: Microsoft » Windows » Version: N/A
Adobe » Flash Player » Version: 14.0.0.176
cpe:2.3:a:adobe:flash_player:14.0.0.176:*:*:*:*:*:*:*
Matching versions
When used together with: Apple » Mac Os X » Version: N/A
When used together with: Microsoft » Windows » Version: N/A
Adobe » Flash Player » Version: 15.0.0.246
cpe:2.3:a:adobe:flash_player:15.0.0.246:*:*:*:*:*:*:*
Matching versions
When used together with: Apple » Mac Os X » Version: N/A
When used together with: Microsoft » Windows » Version: N/A
Adobe » Flash Player » Version: 15.0.0.152
cpe:2.3:a:adobe:flash_player:15.0.0.152:*:*:*:*:*:*:*
Matching versions
When used together with: Apple » Mac Os X » Version: N/A
When used together with: Microsoft » Windows » Version: N/A
Adobe » Flash Player » Version: 16.0.0.257
cpe:2.3:a:adobe:flash_player:16.0.0.257:*:*:*:*:*:*:*
Matching versions
When used together with: Apple » Mac Os X » Version: N/A
When used together with: Microsoft » Windows » Version: N/A
Adobe » Flash Player » Version: 16.0.0.287
cpe:2.3:a:adobe:flash_player:16.0.0.287:*:*:*:*:*:*:*
Matching versions
When used together with: Apple » Mac Os X » Version: N/A
When used together with: Microsoft » Windows » Version: N/A
Adobe » Flash Player » Version: 15.0.0.167
cpe:2.3:a:adobe:flash_player:15.0.0.167:*:*:*:*:*:*:*
Matching versions
When used together with: Apple » Mac Os X » Version: N/A
When used together with: Microsoft » Windows » Version: N/A
Adobe » Flash Player » Version: 15.0.0.189
cpe:2.3:a:adobe:flash_player:15.0.0.189:*:*:*:*:*:*:*
Matching versions
When used together with: Apple » Mac Os X » Version: N/A
When used together with: Microsoft » Windows » Version: N/A
Adobe » Flash Player » Version: 16.0.0.296
cpe:2.3:a:adobe:flash_player:16.0.0.296:*:*:*:*:*:*:*
Matching versions
When used together with: Apple » Mac Os X » Version: N/A
When used together with: Microsoft » Windows » Version: N/A
Adobe » Flash Player » Version: 17.0.0.134
cpe:2.3:a:adobe:flash_player:17.0.0.134:*:*:*:*:*:*:*
Matching versions
When used together with: Apple » Mac Os X » Version: N/A
When used together with: Microsoft » Windows » Version: N/A
Adobe » Flash Player » Version: 17.0.0.169
cpe:2.3:a:adobe:flash_player:17.0.0.169:*:*:*:*:*:*:*
Matching versions
When used together with: Apple » Mac Os X » Version: N/A
When used together with: Microsoft » Windows » Version: N/A
Adobe » Flash Player » Version: 16.0.0.235
cpe:2.3:a:adobe:flash_player:16.0.0.235:*:*:*:*:*:*:*
Matching versions
When used together with: Apple » Mac Os X » Version: N/A
When used together with: Microsoft » Windows » Version: N/A
Adobe » Flash Player » Version: 18.0.0.160
cpe:2.3:a:adobe:flash_player:18.0.0.160:*:*:*:*:*:*:*
Matching versions
When used together with: Apple » Mac Os X » Version: N/A
When used together with: Microsoft » Windows » Version: N/A
Adobe » Flash Player » Version: 18.0.0.194
cpe:2.3:a:adobe:flash_player:18.0.0.194:*:*:*:*:*:*:*
Matching versions
When used together with: Apple » Mac Os X » Version: N/A
When used together with: Microsoft » Windows » Version: N/A
Adobe » Flash Player » Version: 15.0.0.223
cpe:2.3:a:adobe:flash_player:15.0.0.223:*:*:*:*:*:*:*
Matching versions
When used together with: Apple » Mac Os X » Version: N/A
When used together with: Microsoft » Windows » Version: N/A
Adobe » Flash Player » Version: 15.0.0.239
cpe:2.3:a:adobe:flash_player:15.0.0.239:*:*:*:*:*:*:*
Matching versions
When used together with: Apple » Mac Os X » Version: N/A
When used together with: Microsoft » Windows » Version: N/A
Adobe » Flash Player » Version: 17.0.0.188
cpe:2.3:a:adobe:flash_player:17.0.0.188:*:*:*:*:*:*:*
Matching versions
When used together with: Apple » Mac Os X » Version: N/A
When used together with: Microsoft » Windows » Version: N/A
Adobe » Flash Player » Version: 17.0.0.190
cpe:2.3:a:adobe:flash_player:17.0.0.190:*:*:*:*:*:*:*
Matching versions
When used together with: Apple » Mac Os X » Version: N/A
When used together with: Microsoft » Windows » Version: N/A
Adobe » Flash Player » Version: 17.0.0.191
cpe:2.3:a:adobe:flash_player:17.0.0.191:*:*:*:*:*:*:*
Matching versions
When used together with: Apple » Mac Os X » Version: N/A
When used together with: Microsoft » Windows » Version: N/A
Adobe » Flash Player » Version: 18.0.0.203
cpe:2.3:a:adobe:flash_player:18.0.0.203:*:*:*:*:*:*:*
Matching versions
When used together with: Apple » Mac Os X » Version: N/A
When used together with: Microsoft » Windows » Version: N/A
Adobe » Flash Player » Version: 18.0.0.209
cpe:2.3:a:adobe:flash_player:18.0.0.209:*:*:*:*:*:*:*
Matching versions
When used together with: Apple » Mac Os X » Version: N/A
When used together with: Microsoft » Windows » Version: N/A
Adobe » Flash Player » Version: 18.0.0.232
cpe:2.3:a:adobe:flash_player:18.0.0.232:*:*:*:*:*:*:*
Matching versions
When used together with: Apple » Mac Os X » Version: N/A
When used together with: Microsoft » Windows » Version: N/A
Adobe » AIR
Versions up to, including, (<=) 18.0.0.199
cpe:2.3:a:adobe:air:*:*:*:*:*:*:*:*
Matching versions
When used together with: Apple » Mac Os X » Version: N/A
When used together with: Microsoft » Windows » Version: N/A
Adobe » AIR
Versions up to, including, (<=) 18.0.0.143
cpe:2.3:a:adobe:air:*:*:*:*:*:*:*:*
Matching versions
Adobe » Air Sdk & Compiler
Versions up to, including, (<=) 18.0.0.180
cpe:2.3:a:adobe:air_sdk_\&_compiler:*:*:*:*:*:*:*:*
Matching versions
When used together with: Apple » Mac Os X » Version: N/A
When used together with: Microsoft » Windows » Version: N/A
Adobe » Air Sdk
Versions up to, including, (<=) 18.0.0.199
cpe:2.3:a:adobe:air_sdk:*:*:*:*:*:*:*:*
Matching versions
When used together with: Apple » Mac Os X » Version: N/A
When used together with: Microsoft » Windows » Version: N/A
Google » Android
cpe:2.3:o:google:android:*:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2015-5570

Exploit prediction scoring system (EPSS) score for CVE-2015-5570

CVSS scores for CVE-2015-5570

References for CVE-2015-5570

Products affected by CVE-2015-5570