Vulnerability Details : CVE-2015-8651
Integer overflow in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR SDK before 20.0.0.233, and Adobe AIR SDK & Compiler before 20.0.0.233 allows attackers to execute arbitrary code via unspecified vectors.
Vulnerability category: OverflowExecute code
Products affected by CVE-2015-8651
- cpe:2.3:a:hp:version_control_repository_manager:*:*:*:*:*:*:*:*
- cpe:2.3:a:hp:systems_insight_manager:*:*:*:*:*:*:*:*
- cpe:2.3:a:hp:system_management_homepage:*:*:*:*:*:*:*:*
- cpe:2.3:a:hp:insight_control:*:*:*:*:*:*:*:*
- cpe:2.3:a:hp:matrix_operating_environment:7.6:*:*:*:*:*:*:*
- cpe:2.3:a:hp:insight_control_server_provisioning:*:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*When used together with: Linux » Linux Kernel
- cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:air:*:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:air_sdk_\&_compiler:*:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:air_sdk:*:*:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_desktop:11:sp3:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_desktop:12:sp1:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_desktop:12:-:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_desktop:11:sp4:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_workstation_extension:12:sp1:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_workstation_extension:12:-:*:*:*:*:*:*
- cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:evergreen:11.4:*:*:*:*:*:*:*
CVE-2015-8651 is in the CISA Known Exploited Vulnerabilities Catalog
CISA vulnerability name:
Adobe Flash Player Integer Overflow Vulnerability
CISA required action:
The impacted product is end-of-life and should be disconnected if still in use.
CISA description:
Integer overflow in Adobe Flash Player allows attackers to execute code.
Notes:
https://nvd.nist.gov/vuln/detail/CVE-2015-8651
Added on
2022-05-25
Action due date
2022-06-15
Exploit prediction scoring system (EPSS) score for CVE-2015-8651
63.11%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 98 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2015-8651
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
9.3
|
HIGH | AV:N/AC:M/Au:N/C:C/I:C/A:C |
8.6
|
10.0
|
NIST | |
8.8
|
HIGH | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
2.8
|
5.9
|
NIST | |
8.8
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
2.8
|
5.9
|
134c704f-9b21-4f2e-91b3-4a467353bcc0 | 2025-02-04 |
8.8
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
2.8
|
5.9
|
NIST | 2024-07-01 |
CWE ids for CVE-2015-8651
-
Assigned by: nvd@nist.gov (Primary)
-
The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.Assigned by:
- 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)
- nvd@nist.gov (Primary)
References for CVE-2015-8651
-
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680
HPSBMU03692 rev.1 - HPE Matrix Operating Environment, Multiple Remote VulnerabilitiesThird Party Advisory
-
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722
HPSBMU03691 rev.1 - HPE Insight Control, Multiple Remote VulnerabilitiesThird Party Advisory
-
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388
HPSBMU03668 rev.1 - HPE Systems Insight Manager using OpenSSL, Multiple Remote VulnerabilitiesThird Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00045.html
[security-announce] openSUSE-SU-2015:2400-1: important: Security updateMailing List;Third Party Advisory
-
https://helpx.adobe.com/security/products/flash-player/apsb16-01.html
Adobe Security BulletinNot Applicable;Patch;Vendor Advisory
-
https://security.gentoo.org/glsa/201601-03
Adobe Flash Player: Multiple vulnerabilities (GLSA 201601-03) — Gentoo securityThird Party Advisory
-
http://www.securityfocus.com/bid/79705
Adobe Flash Player and AIR CVE-2015-8651 Unspecified Integer Overflow VulnerabilityBroken Link;Third Party Advisory;VDB Entry
-
http://rhn.redhat.com/errata/RHSA-2015-2697.html
RHSA-2015:2697 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00047.html
[security-announce] SUSE-SU-2015:2402-1: important: Security update forMailing List;Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00046.html
[security-announce] SUSE-SU-2015:2401-1: important: Security update forMailing List;Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00048.html
[security-announce] openSUSE-SU-2015:2403-1: important: Security updateMailing List;Third Party Advisory
-
http://www.securitytracker.com/id/1034544
Adobe Flash Player Multiple Flaws Lets Remote Users Execute Arbitrary Code - SecurityTrackerBroken Link;Third Party Advisory;VDB Entry
Jump to