CVE-2015-3101 : The Flash broker in Adobe Flash Player before 13.0.0.292 and 14.x through 18.x b

The Flash broker in Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160 on Windows and OS X and before 11.2.202.466 on Linux, Adobe AIR before 18.0.0.144 on Windows and before 18.0.0.143 on OS X and Android, Adobe AIR SDK before 18.0.0.144 on Windows and before 18.0.0.143 on OS X, and Adobe AIR SDK & Compiler before 18.0.0.144 on Windows and before 18.0.0.143 on OS X, when Internet Explorer is used, allows attackers to perform a transition from Low Integrity to Medium Integrity via unspecified vectors.

Published 2015-06-10 01:59:44

Updated 2025-04-12 10:46:41

Source Adobe Systems Incorporated

View at NVD, CVE.org

Products affected by CVE-2015-3101

Adobe » Flash Player
Versions up to, including, (<=) 13.0.0.289
cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*
Matching versions
When used together with: Apple » Mac Os X » Version: N/A
When used together with: Microsoft » Windows » Version: N/A
Adobe » Flash Player
Versions up to, including, (<=) 11.2.202.460
cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*
Matching versions
When used together with: Linux » Linux Kernel » Version: N/A
Adobe » Flash Player » Version: 14.0.0.125
cpe:2.3:a:adobe:flash_player:14.0.0.125:*:*:*:*:*:*:*
Matching versions
When used together with: Apple » Mac Os X » Version: N/A
When used together with: Microsoft » Windows » Version: N/A
Adobe » Flash Player » Version: 14.0.0.145
cpe:2.3:a:adobe:flash_player:14.0.0.145:*:*:*:*:*:*:*
Matching versions
When used together with: Apple » Mac Os X » Version: N/A
When used together with: Microsoft » Windows » Version: N/A
Adobe » Flash Player » Version: 14.0.0.179
cpe:2.3:a:adobe:flash_player:14.0.0.179:*:*:*:*:*:*:*
Matching versions
When used together with: Apple » Mac Os X » Version: N/A
When used together with: Microsoft » Windows » Version: N/A
Adobe » Flash Player » Version: 14.0.0.176
cpe:2.3:a:adobe:flash_player:14.0.0.176:*:*:*:*:*:*:*
Matching versions
When used together with: Apple » Mac Os X » Version: N/A
When used together with: Microsoft » Windows » Version: N/A
Adobe » Flash Player » Version: 15.0.0.246
cpe:2.3:a:adobe:flash_player:15.0.0.246:*:*:*:*:*:*:*
Matching versions
When used together with: Apple » Mac Os X » Version: N/A
When used together with: Microsoft » Windows » Version: N/A
Adobe » Flash Player » Version: 15.0.0.152
cpe:2.3:a:adobe:flash_player:15.0.0.152:*:*:*:*:*:*:*
Matching versions
When used together with: Apple » Mac Os X » Version: N/A
When used together with: Microsoft » Windows » Version: N/A
Adobe » Flash Player » Version: 16.0.0.257
cpe:2.3:a:adobe:flash_player:16.0.0.257:*:*:*:*:*:*:*
Matching versions
When used together with: Apple » Mac Os X » Version: N/A
When used together with: Microsoft » Windows » Version: N/A
Adobe » Flash Player » Version: 16.0.0.287
cpe:2.3:a:adobe:flash_player:16.0.0.287:*:*:*:*:*:*:*
Matching versions
When used together with: Apple » Mac Os X » Version: N/A
When used together with: Microsoft » Windows » Version: N/A
Adobe » Flash Player » Version: 15.0.0.167
cpe:2.3:a:adobe:flash_player:15.0.0.167:*:*:*:*:*:*:*
Matching versions
When used together with: Apple » Mac Os X » Version: N/A
When used together with: Microsoft » Windows » Version: N/A
Adobe » Flash Player » Version: 15.0.0.189
cpe:2.3:a:adobe:flash_player:15.0.0.189:*:*:*:*:*:*:*
Matching versions
When used together with: Apple » Mac Os X » Version: N/A
When used together with: Microsoft » Windows » Version: N/A
Adobe » Flash Player » Version: 16.0.0.296
cpe:2.3:a:adobe:flash_player:16.0.0.296:*:*:*:*:*:*:*
Matching versions
When used together with: Apple » Mac Os X » Version: N/A
When used together with: Microsoft » Windows » Version: N/A
Adobe » Flash Player » Version: 17.0.0.134
cpe:2.3:a:adobe:flash_player:17.0.0.134:*:*:*:*:*:*:*
Matching versions
When used together with: Apple » Mac Os X » Version: N/A
When used together with: Microsoft » Windows » Version: N/A
Adobe » Flash Player » Version: 17.0.0.169
cpe:2.3:a:adobe:flash_player:17.0.0.169:*:*:*:*:*:*:*
Matching versions
When used together with: Apple » Mac Os X » Version: N/A
When used together with: Microsoft » Windows » Version: N/A
Adobe » Flash Player » Version: 16.0.0.235
cpe:2.3:a:adobe:flash_player:16.0.0.235:*:*:*:*:*:*:*
Matching versions
When used together with: Apple » Mac Os X » Version: N/A
When used together with: Microsoft » Windows » Version: N/A
Adobe » Flash Player » Version: 15.0.0.223
cpe:2.3:a:adobe:flash_player:15.0.0.223:*:*:*:*:*:*:*
Matching versions
When used together with: Apple » Mac Os X » Version: N/A
When used together with: Microsoft » Windows » Version: N/A
Adobe » Flash Player » Version: 15.0.0.239
cpe:2.3:a:adobe:flash_player:15.0.0.239:*:*:*:*:*:*:*
Matching versions
When used together with: Apple » Mac Os X » Version: N/A
When used together with: Microsoft » Windows » Version: N/A
Adobe » Flash Player » Version: 17.0.0.188
cpe:2.3:a:adobe:flash_player:17.0.0.188:*:*:*:*:*:*:*
Matching versions
When used together with: Apple » Mac Os X » Version: N/A
When used together with: Microsoft » Windows » Version: N/A
Adobe » AIR
Versions up to, including, (<=) 17.0.0.144
cpe:2.3:a:adobe:air:*:*:*:*:*:*:*:*
Matching versions
Adobe » AIR
Versions up to, including, (<=) 17.0.0.172
cpe:2.3:a:adobe:air:*:*:*:*:*:*:*:*
Matching versions
When used together with: Apple » Mac Os X » Version: N/A
When used together with: Microsoft » Windows » Version: N/A
Adobe » Air Sdk & Compiler
Versions up to, including, (<=) 17.0.0.172
cpe:2.3:a:adobe:air_sdk_\&_compiler:*:*:*:*:*:*:*:*
Matching versions
When used together with: Apple » Mac Os X » Version: N/A
When used together with: Microsoft » Windows » Version: N/A
Adobe » Air Sdk
Versions up to, including, (<=) 17.0.0.172
cpe:2.3:a:adobe:air_sdk:*:*:*:*:*:*:*:*
Matching versions
When used together with: Apple » Mac Os X » Version: N/A
When used together with: Microsoft » Windows » Version: N/A
Google » Android
cpe:2.3:o:google:android:*:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2015-3101

EPSS FAQ

0.47%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 62 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2015-3101

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
4.3	MEDIUM	AV:N/AC:M/Au:N/C:N/I:P/A:N	8.6	2.9	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: None Integrity Impact: Partial Availability Impact: None

CWE ids for CVE-2015-3101

CWE-264

Assigned by: nvd@nist.gov (Primary)

References for CVE-2015-3101

https://helpx.adobe.com/security/products/flash-player/apsb15-11.html

Adobe Security Bulletin
Patch;Vendor Advisory

CVEs referencing this url
http://www.securityfocus.com/bid/75089

Adobe Flash Player and AIR CVE-2015-3101 Remote Privilege Escalation Vulnerability
https://security.gentoo.org/glsa/201506-01

Adobe Flash Player: Multiple vulnerabilities (GLSA 201506-01) — Gentoo security

CVEs referencing this url
http://www.securitytracker.com/id/1032519

Adobe Flash Player Multiple Bugs Let Remote Users Bypass ASLR, Obtain Potentially Sensitive Information, and Execute Arbitrary Code - SecurityTracker

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2015-3101

Products affected by CVE-2015-3101

Exploit prediction scoring system (EPSS) score for CVE-2015-3101

CVSS scores for CVE-2015-3101

CWE ids for CVE-2015-3101

References for CVE-2015-3101