Unspecified vulnerability in Adobe Flash Player through 13.0.0.262 and 14.x, 15.x, and 16.x through 16.0.0.287 on Windows and OS X and through 11.2.202.438 on Linux allows remote attackers to execute arbitrary code via unknown vectors, as exploited in the wild in January 2015.
Published 2015-01-23 21:59:05
Updated 2015-02-14 03:00:02
View at NVD,   CVE.org
Vulnerability category: Execute code

CVE-2015-0311 is in the CISA Known Exploited Vulnerabilities Catalog

CISA vulnerability name:
Adobe Flash Player Remote Code Execution Vulnerability
CISA required action:
The impacted product is end-of-life and should be disconnected if still in use.
CISA description:
Unspecified vulnerability in Adobe Flash Player allows remote attackers to execute code.
Added on 2022-04-13 Action due date 2022-05-04

Exploit prediction scoring system (EPSS) score for CVE-2015-0311

97.28%
Probability of exploitation activity in the next 30 days EPSS Score History
~ 100 %
Percentile, the proportion of vulnerabilities that are scored at or less

Metasploit modules for CVE-2015-0311

  • Adobe Flash Player ByteArray UncompressViaZlibVariant Use After Free
    Disclosure Date: 2014-04-28
    First seen: 2020-04-26
    exploit/multi/browser/adobe_flash_uncompress_zlib_uaf
    This module exploits a use after free vulnerability in Adobe Flash Player. The vulnerability occurs in the ByteArray::UncompressViaZlibVariant method, when trying to uncompress() a malformed byte stream. This module has been tested successfully on: * Windows

CVSS scores for CVE-2015-0311

Base Score Base Severity CVSS Vector Exploitability Score Impact Score Score Source First Seen
10.0
HIGH AV:N/AC:L/Au:N/C:C/I:C/A:C
10.0
10.0
NIST

References for CVE-2015-0311

Products affected by CVE-2015-0311

This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!