Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160 on Windows and OS X and before 11.2.202.466 on Linux, Adobe AIR before 18.0.0.144 on Windows and before 18.0.0.143 on OS X and Android, Adobe AIR SDK before 18.0.0.144 on Windows and before 18.0.0.143 on OS X, and Adobe AIR SDK & Compiler before 18.0.0.144 on Windows and before 18.0.0.143 on OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
Published 2015-06-10 01:59:47
Updated 2016-12-31 02:59:27
View at NVD,   CVE.org
Vulnerability category: OverflowMemory CorruptionExecute codeDenial of service

Exploit prediction scoring system (EPSS) score for CVE-2015-3105

97.38%
Probability of exploitation activity in the next 30 days EPSS Score History
~ 100 %
Percentile, the proportion of vulnerabilities that are scored at or less

Metasploit modules for CVE-2015-3105

  • Adobe Flash Player Drawing Fill Shader Memory Corruption
    Disclosure Date: 2015-05-12
    First seen: 2020-04-26
    exploit/multi/browser/adobe_flash_shader_drawing_fill
    This module exploits a memory corruption happening when applying a Shader as a drawing fill as exploited in the wild on June 2015. This module has been tested successfully on: Windows 7 SP1 (32-bit), IE11 and Adobe Flash 17.0.0.188, Windows 7 SP1 (32-bit), Firefox 3

CVSS scores for CVE-2015-3105

Base Score Base Severity CVSS Vector Exploitability Score Impact Score Score Source First Seen
10.0
HIGH AV:N/AC:L/Au:N/C:C/I:C/A:C
10.0
10.0
NIST

CWE ids for CVE-2015-3105

References for CVE-2015-3105

Products affected by CVE-2015-3105

This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!