CVE-2015-6679 : Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and O

Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 allow attackers to bypass the Same Origin Policy and obtain sensitive information via unspecified vectors.

Published 2015-09-22 10:59:21

Updated 2025-04-12 10:46:41

Source Adobe Systems Incorporated

View at NVD, CVE.org

Products affected by CVE-2015-6679

Adobe » Flash Player
Versions up to, including, (<=) 13.0.0.289
cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*
Matching versions
When used together with: Apple » Mac Os X
When used together with: Microsoft » Windows
Adobe » Flash Player
Versions up to, including, (<=) 11.2.202.508
cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*
Matching versions
When used together with: Linux » Linux Kernel
Adobe » Flash Player » Version: 14.0.0.125
cpe:2.3:a:adobe:flash_player:14.0.0.125:*:*:*:*:*:*:*
Matching versions
When used together with: Apple » Mac Os X
When used together with: Microsoft » Windows
Adobe » Flash Player » Version: 14.0.0.145
cpe:2.3:a:adobe:flash_player:14.0.0.145:*:*:*:*:*:*:*
Matching versions
When used together with: Apple » Mac Os X
When used together with: Microsoft » Windows
Adobe » Flash Player » Version: 14.0.0.179
cpe:2.3:a:adobe:flash_player:14.0.0.179:*:*:*:*:*:*:*
Matching versions
When used together with: Apple » Mac Os X
When used together with: Microsoft » Windows
Adobe » Flash Player » Version: 14.0.0.176
cpe:2.3:a:adobe:flash_player:14.0.0.176:*:*:*:*:*:*:*
Matching versions
When used together with: Apple » Mac Os X
When used together with: Microsoft » Windows
Adobe » Flash Player » Version: 15.0.0.246
cpe:2.3:a:adobe:flash_player:15.0.0.246:*:*:*:*:*:*:*
Matching versions
When used together with: Apple » Mac Os X
When used together with: Microsoft » Windows
Adobe » Flash Player » Version: 15.0.0.152
cpe:2.3:a:adobe:flash_player:15.0.0.152:*:*:*:*:*:*:*
Matching versions
When used together with: Apple » Mac Os X
When used together with: Microsoft » Windows
Adobe » Flash Player » Version: 16.0.0.257
cpe:2.3:a:adobe:flash_player:16.0.0.257:*:*:*:*:*:*:*
Matching versions
When used together with: Apple » Mac Os X
When used together with: Microsoft » Windows
Adobe » Flash Player » Version: 16.0.0.287
cpe:2.3:a:adobe:flash_player:16.0.0.287:*:*:*:*:*:*:*
Matching versions
When used together with: Apple » Mac Os X
When used together with: Microsoft » Windows
Adobe » Flash Player » Version: 15.0.0.167
cpe:2.3:a:adobe:flash_player:15.0.0.167:*:*:*:*:*:*:*
Matching versions
When used together with: Apple » Mac Os X
When used together with: Microsoft » Windows
Adobe » Flash Player » Version: 15.0.0.189
cpe:2.3:a:adobe:flash_player:15.0.0.189:*:*:*:*:*:*:*
Matching versions
When used together with: Apple » Mac Os X
When used together with: Microsoft » Windows
Adobe » Flash Player » Version: 16.0.0.296
cpe:2.3:a:adobe:flash_player:16.0.0.296:*:*:*:*:*:*:*
Matching versions
When used together with: Apple » Mac Os X
When used together with: Microsoft » Windows
Adobe » Flash Player » Version: 17.0.0.134
cpe:2.3:a:adobe:flash_player:17.0.0.134:*:*:*:*:*:*:*
Matching versions
When used together with: Apple » Mac Os X
When used together with: Microsoft » Windows
Adobe » Flash Player » Version: 17.0.0.169
cpe:2.3:a:adobe:flash_player:17.0.0.169:*:*:*:*:*:*:*
Matching versions
When used together with: Apple » Mac Os X
When used together with: Microsoft » Windows
Adobe » Flash Player » Version: 16.0.0.235
cpe:2.3:a:adobe:flash_player:16.0.0.235:*:*:*:*:*:*:*
Matching versions
When used together with: Apple » Mac Os X
When used together with: Microsoft » Windows
Adobe » Flash Player » Version: 18.0.0.160
cpe:2.3:a:adobe:flash_player:18.0.0.160:*:*:*:*:*:*:*
Matching versions
When used together with: Apple » Mac Os X
When used together with: Microsoft » Windows
Adobe » Flash Player » Version: 18.0.0.194
cpe:2.3:a:adobe:flash_player:18.0.0.194:*:*:*:*:*:*:*
Matching versions
When used together with: Apple » Mac Os X
When used together with: Microsoft » Windows
Adobe » Flash Player » Version: 15.0.0.223
cpe:2.3:a:adobe:flash_player:15.0.0.223:*:*:*:*:*:*:*
Matching versions
When used together with: Apple » Mac Os X
When used together with: Microsoft » Windows
Adobe » Flash Player » Version: 15.0.0.239
cpe:2.3:a:adobe:flash_player:15.0.0.239:*:*:*:*:*:*:*
Matching versions
When used together with: Apple » Mac Os X
When used together with: Microsoft » Windows
Adobe » Flash Player » Version: 17.0.0.188
cpe:2.3:a:adobe:flash_player:17.0.0.188:*:*:*:*:*:*:*
Matching versions
When used together with: Apple » Mac Os X
When used together with: Microsoft » Windows
Adobe » Flash Player » Version: 17.0.0.190
cpe:2.3:a:adobe:flash_player:17.0.0.190:*:*:*:*:*:*:*
Matching versions
When used together with: Apple » Mac Os X
When used together with: Microsoft » Windows
Adobe » Flash Player » Version: 17.0.0.191
cpe:2.3:a:adobe:flash_player:17.0.0.191:*:*:*:*:*:*:*
Matching versions
When used together with: Apple » Mac Os X
When used together with: Microsoft » Windows
Adobe » Flash Player » Version: 18.0.0.203
cpe:2.3:a:adobe:flash_player:18.0.0.203:*:*:*:*:*:*:*
Matching versions
When used together with: Apple » Mac Os X
When used together with: Microsoft » Windows
Adobe » Flash Player » Version: 18.0.0.209
cpe:2.3:a:adobe:flash_player:18.0.0.209:*:*:*:*:*:*:*
Matching versions
When used together with: Apple » Mac Os X
When used together with: Microsoft » Windows
Adobe » Flash Player » Version: 18.0.0.232
cpe:2.3:a:adobe:flash_player:18.0.0.232:*:*:*:*:*:*:*
Matching versions
When used together with: Apple » Mac Os X
When used together with: Microsoft » Windows
Adobe » AIR
Versions up to, including, (<=) 18.0.0.143
cpe:2.3:a:adobe:air:*:*:*:*:*:*:*:*
Matching versions
When used together with: Google » Android
Adobe » AIR
Versions up to, including, (<=) 18.0.0.199
cpe:2.3:a:adobe:air:*:*:*:*:*:*:*:*
Matching versions
When used together with: Apple » Mac Os X
When used together with: Microsoft » Windows
Adobe » Air Sdk & Compiler
Versions up to, including, (<=) 18.0.0.180
cpe:2.3:a:adobe:air_sdk_\&_compiler:*:*:*:*:*:*:*:*
Matching versions
When used together with: Apple » Mac Os X
When used together with: Microsoft » Windows
Adobe » Air Sdk
Versions up to, including, (<=) 18.0.0.199
cpe:2.3:a:adobe:air_sdk:*:*:*:*:*:*:*:*
Matching versions
When used together with: Apple » Mac Os X
When used together with: Microsoft » Windows

Exploit prediction scoring system (EPSS) score for CVE-2015-6679

EPSS FAQ

3.42%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 87 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2015-6679

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
5.0	MEDIUM	AV:N/AC:L/Au:N/C:P/I:N/A:N	10.0	2.9	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: None Availability Impact: None

CWE ids for CVE-2015-6679

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2015-6679

https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680

HPSBMU03692 rev.1 - HPE Matrix Operating Environment, Multiple Remote Vulnerabilities

CVEs referencing this url
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722

HPSBMU03691 rev.1 - HPE Insight Control, Multiple Remote Vulnerabilities

CVEs referencing this url
http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00024.html

[security-announce] SUSE-SU-2015:1618-1: important: Security update for

CVEs referencing this url
https://security.gentoo.org/glsa/201509-07

Adobe Flash Player: Multiple vulnerabilities (GLSA 201509-07) — Gentoo security

CVEs referencing this url
http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00022.html

[security-announce] SUSE-SU-2015:1614-1: important: Security update for

CVEs referencing this url
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388

HPSBMU03668 rev.1 - HPE Systems Insight Manager using OpenSSL, Multiple Remote Vulnerabilities

CVEs referencing this url
http://www.securitytracker.com/id/1033629

Adobe Flash Player Bugs Let Remote Users Obtain Potentially Sensitive Information and Execute Arbitrary Code - SecurityTracker

CVEs referencing this url
http://rhn.redhat.com/errata/RHSA-2015-1814.html

RHSA-2015:1814 - Security Advisory - Red Hat Customer Portal

CVEs referencing this url
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04939841

HPSBHF03535 rev.3 - HPE iMC Service Health Manager (SHM) and iMC PLAT running Adobe Flash, Multiple Remote Vulnerabilities

CVEs referencing this url
http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00023.html

[security-announce] openSUSE-SU-2015:1616-1: critical: Security update f

CVEs referencing this url
https://helpx.adobe.com/security/products/flash-player/apsb15-23.html

Adobe Security Bulletin
Patch;Vendor Advisory

CVEs referencing this url
http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00018.html

[security-announce] openSUSE-SU-2015:1781-1: critical: Security update f

CVEs referencing this url
http://www.securityfocus.com/bid/76806

Adobe Flash Player and AIR CVE-2015-6679 Same Origin Policy Security Bypass Vulnerability

Jump to

Vulnerability Details : CVE-2015-6679

Products affected by CVE-2015-6679

Exploit prediction scoring system (EPSS) score for CVE-2015-6679

CVSS scores for CVE-2015-6679

CWE ids for CVE-2015-6679

References for CVE-2015-6679