Vulnerability Details : CVE-2015-0313
Public exploit exists!
Use-after-free vulnerability in Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in February 2015, a different vulnerability than CVE-2015-0315, CVE-2015-0320, and CVE-2015-0322.
Vulnerability category: Memory CorruptionExecute code
Products affected by CVE-2015-0313
- cpe:2.3:a:microsoft:internet_explorer:10:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:internet_explorer:11:-:*:*:*:*:*:*
- cpe:2.3:a:microsoft:edge:-:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_desktop:11:sp3:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_desktop:12:-:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_workstation_extension:12:-:*:*:*:*:*:*
- cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:evergreen:11.4:*:*:*:*:*:*:*
CVE-2015-0313 is in the CISA Known Exploited Vulnerabilities Catalog
CISA vulnerability name:
Adobe Flash Player Use-After-Free Vulnerability
CISA required action:
The impacted product is end-of-life and should be disconnected if still in use.
CISA description:
Use-after-free vulnerability in Adobe Flash Player allows remote attackers to execute code.
Notes:
https://nvd.nist.gov/vuln/detail/CVE-2015-0313
Added on
2022-04-13
Action due date
2022-05-04
Exploit prediction scoring system (EPSS) score for CVE-2015-0313
93.40%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 100 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2015-0313
-
Adobe Flash Player ByteArray With Workers Use After Free
Disclosure Date: 2015-02-02First seen: 2020-04-26exploit/windows/browser/adobe_flash_worker_byte_array_uafThis module exploits a use-after-free vulnerability in Adobe Flash Player. The vulnerability occurs when the ByteArray assigned to the current ApplicationDomain is freed from an ActionScript worker, which can fill the memory and notify the main thread to corrupt the
CVSS scores for CVE-2015-0313
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST | |
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
134c704f-9b21-4f2e-91b3-4a467353bcc0 | 2025-02-04 |
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST | 2024-07-02 |
CWE ids for CVE-2015-0313
-
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.Assigned by:
- 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)
- nvd@nist.gov (Primary)
References for CVE-2015-0313
-
http://secunia.com/advisories/62528
Sign inBroken Link
-
http://www.osvdb.org/117853
404 Not FoundBroken Link
-
https://technet.microsoft.com/library/security/2755801
Microsoft Security Advisory 2755801 | Microsoft DocsPatch;Vendor Advisory
-
https://www.exploit-db.com/exploits/36579/
Exploit;Third Party Advisory;VDB Entry
-
http://www.securityfocus.com/bid/72429
Broken Link;Third Party Advisory;VDB Entry
-
http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00008.html
Mailing List;Third Party Advisory
-
https://helpx.adobe.com/security/products/flash-player/apsb15-04.html
Broken Link
-
http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00007.html
Mailing List;Third Party Advisory
-
http://secunia.com/advisories/62895
Broken Link
-
http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00009.html
Mailing List;Third Party Advisory
-
http://packetstormsecurity.com/files/131189/Adobe-Flash-Player-ByteArray-With-Workers-Use-After-Free.html
Adobe Flash Player ByteArray With Workers Use After Free ≈ Packet StormExploit;Third Party Advisory;VDB Entry
-
http://www.securitytracker.com/id/1031686
Adobe Flash Player Use-After-Free Memory Error Lets Remote Users Execute Arbitrary Code - SecurityTrackerBroken Link;Third Party Advisory;VDB Entry
-
https://helpx.adobe.com/security/products/flash-player/apsa15-02.html
Adobe Security BulletinVendor Advisory
-
http://secunia.com/advisories/62777
Sign inBroken Link
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/100641
Adobe Flash Player code execution CVE-2015-0313 Vulnerability ReportThird Party Advisory;VDB Entry
-
http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00006.html
[security-announce] SUSE-SU-2015:0236-1: critical: Security update for fMailing List;Third Party Advisory
Jump to