Vulnerability Details : CVE-2015-0313
Public exploit exists!
Use-after-free vulnerability in Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in February 2015, a different vulnerability than CVE-2015-0315, CVE-2015-0320, and CVE-2015-0322.
Vulnerability category: Memory CorruptionExecute code
CVE-2015-0313 is in the CISA Known Exploited Vulnerabilities Catalog
CISA vulnerability name:
Adobe Flash Player Use-After-Free Vulnerability
CISA required action:
The impacted product is end-of-life and should be disconnected if still in use.
CISA description:
Use-after-free vulnerability in Adobe Flash Player allows remote attackers to execute code.
Added on
2022-04-13
Action due date
2022-05-04
Exploit prediction scoring system (EPSS) score for CVE-2015-0313
Probability of exploitation activity in the next 30 days: 97.29%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 100 % EPSS Score History EPSS FAQ
Metasploit modules for CVE-2015-0313
-
Adobe Flash Player ByteArray With Workers Use After Free
Disclosure Date: 2015-02-02First seen: 2020-04-26exploit/windows/browser/adobe_flash_worker_byte_array_uafThis module exploits a use-after-free vulnerability in Adobe Flash Player. The vulnerability occurs when the ByteArray assigned to the current ApplicationDomain is freed from an ActionScript worker, which can fill the memory and notify the main thread to corrupt the
CVSS scores for CVE-2015-0313
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST |
References for CVE-2015-0313
-
http://www.osvdb.org/117853
404 Not Found
-
https://technet.microsoft.com/library/security/2755801
Microsoft Security Advisory 2755801 | Microsoft Docs
-
https://www.exploit-db.com/exploits/36579/
-
http://www.securityfocus.com/bid/72429
- http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00008.html
- https://helpx.adobe.com/security/products/flash-player/apsb15-04.html
- http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00007.html
- http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00009.html
-
http://packetstormsecurity.com/files/131189/Adobe-Flash-Player-ByteArray-With-Workers-Use-After-Free.html
Adobe Flash Player ByteArray With Workers Use After Free ≈ Packet Storm
-
http://www.securitytracker.com/id/1031686
Adobe Flash Player Use-After-Free Memory Error Lets Remote Users Execute Arbitrary Code - SecurityTracker
-
https://helpx.adobe.com/security/products/flash-player/apsa15-02.html
Adobe Security BulletinVendor Advisory
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/100641
Adobe Flash Player code execution CVE-2015-0313 Vulnerability Report
-
http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00006.html
[security-announce] SUSE-SU-2015:0236-1: critical: Security update for f
Products affected by CVE-2015-0313
- cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:14.0.0.125:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:14.0.0.145:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:14.0.0.179:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:14.0.0.176:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:15.0.0.246:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:15.0.0.152:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:16.0.0.257:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:16.0.0.287:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:15.0.0.167:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:15.0.0.189:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:16.0.0.296:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:16.0.0.235:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:15.0.0.223:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:15.0.0.239:*:*:*:*:*:*:*