Executive Summary

Informations
Name CVE-2015-0311 First vendor Publication 2015-01-23
Vendor Cve Last vendor Modification 2015-02-14

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score 10 Attack Range Network
Cvss Impact Score 10 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Unspecified vulnerability in Adobe Flash Player through 13.0.0.262 and 14.x, 15.x, and 16.x through 16.0.0.287 on Windows and OS X and through 11.2.202.438 on Linux allows remote attackers to execute arbitrary code via unknown vectors, as exploited in the wild in January 2015.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0311

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:28471
 
Oval ID: oval:org.mitre.oval:def:28471
Title: Adobe Flash Player 14.x though 16.0.0.287 and 13.x through 13.0.0.262 can cause a crash and potentially allow an attacker to take control of the Windows platform
Description: Unspecified vulnerability in Adobe Flash Player through 13.0.0.262 and 14.x, 15.x, and 16.x through 16.0.0.287 on Windows and OS X and through 11.2.202.438 on Linux allows remote attackers to execute arbitrary code via unknown vectors, as exploited in the wild in January 2015.
Family: windows Class: vulnerability
Reference(s): APSA15-01
CVE-2015-0311
Version: 7
Platform(s): Microsoft Windows Server 2003
Microsoft Windows XP
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows Server 2008 R2
Microsoft Windows 7
Microsoft Windows Server 2012
Microsoft Windows 8
Microsoft Windows Server 2012 R2
Microsoft Windows 8.1
Product(s): Adobe Flash Player
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 337

OpenVAS Exploits

Date Description
2013-03-28 Name : Adobe Air Multiple Vulnerabilities - December12 (Mac OS X)
File : nvt/gb_adobe_air_mult_vuln_dec12_macosx.nasl
2013-03-28 Name : Adobe Air Multiple Vulnerabilities - December12 (Windows)
File : nvt/gb_adobe_air_mult_vuln_dec12_win.nasl
2012-12-14 Name : Adobe Flash Player Multiple Vulnerabilities - December12 (Linux)
File : nvt/gb_adobe_flash_player_mult_vuln_dec12_lin.nasl
2012-12-14 Name : Adobe Flash Player Multiple Vulnerabilities - December12 (Mac OS X)
File : nvt/gb_adobe_prdts_mult_vuln_dec12_macosx.nasl
2012-12-14 Name : Adobe Flash Player Multiple Vulnerabilities - December12 (Windows)
File : nvt/gb_adobe_prdts_mult_vuln_dec12_win.nasl

Snort® IPS/IDS

Date Description
2016-03-15 Adobe Flash Player ByteArray domainMemory use after free attempt
RuleID : 37628 - Revision : 3 - Type : FILE-FLASH
2016-03-15 Adobe Flash Player ByteArray domainMemory use after free attempt
RuleID : 37627 - Revision : 3 - Type : FILE-FLASH
2016-03-14 Adobe Flash Player ByteArray domainMemory use after free attempt
RuleID : 36157 - Revision : 3 - Type : FILE-FLASH
2016-03-14 Adobe Flash Player ByteArray domainMemory use after free attempt
RuleID : 36156 - Revision : 3 - Type : FILE-FLASH
2016-03-14 Adobe Flash Player ByteArray domainMemory use after free attempt
RuleID : 36155 - Revision : 3 - Type : FILE-FLASH
2016-03-14 Adobe Flash Player ByteArray domainMemory use after free attempt
RuleID : 36154 - Revision : 3 - Type : FILE-FLASH
2015-08-04 Adobe Flash Player ByteArray uncompress domainMemory use after free attempt
RuleID : 35049 - Revision : 3 - Type : FILE-FLASH
2015-08-04 Adobe Flash Player ByteArray uncompress domainMemory use after free attempt
RuleID : 35048 - Revision : 4 - Type : FILE-FLASH
2015-04-30 Nuclear exploit kit obfuscated file download
RuleID : 33983 - Revision : 5 - Type : EXPLOIT-KIT
2015-04-30 Nuclear exploit kit landing page detected
RuleID : 33982 - Revision : 3 - Type : EXPLOIT-KIT
2015-04-30 Nuclear exploit kit flash file download
RuleID : 33981 - Revision : 4 - Type : EXPLOIT-KIT
2015-03-12 Adobe Flash Player ByteArray uncompress domainMemory use after free attempt
RuleID : 33410 - Revision : 4 - Type : FILE-FLASH
2015-03-12 Adobe Flash Player ByteArray uncompress domainMemory use after free attempt
RuleID : 33409 - Revision : 3 - Type : FILE-FLASH
2015-03-12 Adobe Flash Player ByteArray uncompress domainMemory use after free attempt
RuleID : 33408 - Revision : 4 - Type : FILE-FLASH
2015-03-12 Adobe Flash Player ByteArray uncompress domainMemory use after free attempt
RuleID : 33407 - Revision : 3 - Type : FILE-FLASH
2015-03-12 Adobe Flash Player ByteArray uncompress domainMemory use after free attempt
RuleID : 33406 - Revision : 4 - Type : FILE-FLASH
2015-03-12 Adobe Flash Player ByteArray uncompress domainMemory use after free attempt
RuleID : 33405 - Revision : 3 - Type : FILE-FLASH
2015-03-12 Adobe Flash Player ByteArray uncompress domainMemory use after free attempt
RuleID : 33404 - Revision : 4 - Type : FILE-FLASH
2015-03-12 Adobe Flash Player ByteArray uncompress domainMemory use after free attempt
RuleID : 33403 - Revision : 3 - Type : FILE-FLASH
2015-03-12 Adobe Flash Player ByteArray uncompress domainMemory use after free attempt
RuleID : 33402 - Revision : 4 - Type : FILE-FLASH
2015-03-12 Adobe Flash Player ByteArray uncompress domainMemory use after free attempt
RuleID : 33401 - Revision : 3 - Type : FILE-FLASH
2015-03-12 Adobe Flash Player ByteArray uncompress domainMemory use after free attempt
RuleID : 33400 - Revision : 4 - Type : FILE-FLASH
2015-03-12 Adobe Flash Player ByteArray uncompress domainMemory use after free attempt
RuleID : 33399 - Revision : 3 - Type : FILE-FLASH
2015-03-12 Adobe Flash Player ByteArray uncompress domainMemory use after free attempt
RuleID : 33398 - Revision : 4 - Type : FILE-FLASH
2015-03-12 Adobe Flash Player ByteArray uncompress domainMemory use after free attempt
RuleID : 33397 - Revision : 3 - Type : FILE-FLASH
2015-03-12 Adobe Flash Player ByteArray uncompress domainMemory use after free attempt
RuleID : 33396 - Revision : 4 - Type : FILE-FLASH
2015-03-12 Adobe Flash Player ByteArray uncompress domainMemory use after free attempt
RuleID : 33395 - Revision : 3 - Type : FILE-FLASH
2015-03-12 Adobe Flash Player ByteArray uncompress domainMemory use after free attempt
RuleID : 33394 - Revision : 4 - Type : FILE-FLASH
2015-03-12 Adobe Flash Player ByteArray uncompress domainMemory use after free attempt
RuleID : 33393 - Revision : 3 - Type : FILE-FLASH
2015-03-12 Adobe Flash Player ByteArray uncompress domainMemory use after free attempt
RuleID : 33392 - Revision : 4 - Type : FILE-FLASH
2015-03-12 Adobe Flash Player ByteArray uncompress domainMemory use after free attempt
RuleID : 33391 - Revision : 3 - Type : FILE-FLASH
2015-03-12 Adobe Flash Player ByteArray uncompress domainMemory use after free attempt
RuleID : 33390 - Revision : 4 - Type : FILE-FLASH
2015-03-12 Adobe Flash Player ByteArray uncompress domainMemory use after free attempt
RuleID : 33389 - Revision : 3 - Type : FILE-FLASH
2015-03-12 Adobe Flash Player ByteArray uncompress domainMemory use after free attempt
RuleID : 33388 - Revision : 4 - Type : FILE-FLASH
2015-03-12 Adobe Flash Player ByteArray uncompress domainMemory use after free attempt
RuleID : 33387 - Revision : 3 - Type : FILE-FLASH
2015-03-12 Adobe Flash Player ByteArray uncompress domainMemory use after free attempt
RuleID : 33386 - Revision : 4 - Type : FILE-FLASH
2015-03-12 Adobe Flash Player ByteArray uncompress domainMemory use after free attempt
RuleID : 33385 - Revision : 3 - Type : FILE-FLASH
2015-03-12 Adobe Flash Player ByteArray uncompress domainMemory use after free attempt
RuleID : 33384 - Revision : 4 - Type : FILE-FLASH
2015-03-12 Adobe Flash Player ByteArray uncompress domainMemory use after free attempt
RuleID : 33383 - Revision : 3 - Type : FILE-FLASH
2015-03-12 Adobe Flash Player ByteArray uncompress domainMemory use after free attempt
RuleID : 33382 - Revision : 4 - Type : FILE-FLASH
2015-03-12 Adobe Flash Player ByteArray uncompress domainMemory use after free attempt
RuleID : 33381 - Revision : 3 - Type : FILE-FLASH
2015-03-12 Adobe Flash Player ByteArray uncompress domainMemory use after free attempt
RuleID : 33380 - Revision : 4 - Type : FILE-FLASH
2015-03-12 Adobe Flash Player ByteArray uncompress domainMemory use after free attempt
RuleID : 33379 - Revision : 3 - Type : FILE-FLASH
2015-03-12 Adobe Flash Player ByteArray uncompress domainMemory use after free attempt
RuleID : 33378 - Revision : 4 - Type : FILE-FLASH
2015-03-12 Adobe Flash Player ByteArray uncompress domainMemory use after free attempt
RuleID : 33377 - Revision : 3 - Type : FILE-FLASH
2015-03-12 Adobe Flash Player ByteArray uncompress domainMemory use after free attempt
RuleID : 33376 - Revision : 4 - Type : FILE-FLASH
2015-03-12 Adobe Flash Player ByteArray uncompress domainMemory use after free attempt
RuleID : 33375 - Revision : 3 - Type : FILE-FLASH
2015-03-12 Adobe Flash Player ByteArray uncompress domainMemory use after free attempt
RuleID : 33374 - Revision : 4 - Type : FILE-FLASH
2015-03-12 Adobe Flash Player ByteArray uncompress domainMemory use after free attempt
RuleID : 33373 - Revision : 3 - Type : FILE-FLASH
2015-03-12 Adobe Flash Player ByteArray uncompress domainMemory use after free attempt
RuleID : 33372 - Revision : 4 - Type : FILE-FLASH
2015-03-12 Adobe Flash Player ByteArray uncompress domainMemory use after free attempt
RuleID : 33371 - Revision : 3 - Type : FILE-FLASH
2015-03-12 Adobe Flash Player ByteArray uncompress domainMemory use after free attempt
RuleID : 33370 - Revision : 4 - Type : FILE-FLASH
2015-03-12 Adobe Flash Player ByteArray uncompress domainMemory use after free attempt
RuleID : 33369 - Revision : 3 - Type : FILE-FLASH
2015-03-12 Adobe Flash Player ByteArray uncompress domainMemory use after free attempt
RuleID : 33368 - Revision : 4 - Type : FILE-FLASH
2015-03-12 Adobe Flash Player ByteArray uncompress domainMemory use after free attempt
RuleID : 33367 - Revision : 4 - Type : FILE-FLASH
2015-03-04 Angler exploit kit Adobe Flash SWF exploit download
RuleID : 33274 - Revision : 2 - Type : EXPLOIT-KIT
2015-03-04 Angler exploit kit Adobe Flash SWF exploit download
RuleID : 33273 - Revision : 2 - Type : EXPLOIT-KIT
2015-03-04 Angler exploit kit Adobe Flash SWF exploit download
RuleID : 33272 - Revision : 2 - Type : EXPLOIT-KIT
2015-03-04 Angler exploit kit Adobe Flash SWF exploit download
RuleID : 33271 - Revision : 3 - Type : EXPLOIT-KIT

Metasploit Database

id Description
2014-04-28 Adobe Flash Player ByteArray UncompressViaZlibVariant Use After Free
2014-04-28 Adobe Flash Player ByteArray UncompressViaZlibVariant Use After Free

Nessus® Vulnerability Scanner

Date Description
2015-07-09 Name : The remote Windows host has a browser plugin installed that is affected by mu...
File : smb_kb3065823.nasl - Type : ACT_GATHER_INFO
2015-06-24 Name : The remote Windows host has a browser plugin installed that is affected by a ...
File : smb_kb3074219.nasl - Type : ACT_GATHER_INFO
2015-06-09 Name : The remote Windows host has a browser plugin installed that is affected by mu...
File : smb_kb3065820.nasl - Type : ACT_GATHER_INFO
2015-05-12 Name : The remote Windows host has a browser plugin installed that is affected by mu...
File : smb_kb3061904.nasl - Type : ACT_GATHER_INFO
2015-04-16 Name : The remote Windows host has a browser plugin that is affected by multiple vul...
File : smb_kb3049508.nasl - Type : ACT_GATHER_INFO
2015-03-13 Name : The remote Windows host has a browser plugin that is affected by multiple vul...
File : smb_kb3044132.nasl - Type : ACT_GATHER_INFO
2015-02-09 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201502-02.nasl - Type : ACT_GATHER_INFO
2015-02-06 Name : The remote Windows host has a browser plugin that is affected by multiple vul...
File : smb_kb3021953.nasl - Type : ACT_GATHER_INFO
2015-01-30 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2015-81.nasl - Type : ACT_GATHER_INFO
2015-01-29 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_flash-player-150127.nasl - Type : ACT_GATHER_INFO
2015-01-28 Name : The remote Windows host has a browser plugin that is affected by multiple cod...
File : smb_kb3035034.nasl - Type : ACT_GATHER_INFO
2015-01-28 Name : The remote Red Hat host is missing a security update.
File : redhat-RHSA-2015-0094.nasl - Type : ACT_GATHER_INFO
2015-01-28 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2015-78.nasl - Type : ACT_GATHER_INFO
2015-01-27 Name : The remote Mac OS X host contains a web browser that is affected by multiple ...
File : macosx_google_chrome_40_0_2214_93.nasl - Type : ACT_GATHER_INFO
2015-01-27 Name : The remote Windows host contains a web browser that is affected by multiple r...
File : google_chrome_40_0_2214_93.nasl - Type : ACT_GATHER_INFO
2015-01-27 Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_37a87adea59f11e4958e0011d823eebd.nasl - Type : ACT_GATHER_INFO
2015-01-26 Name : The remote Mac OS X host has a browser plugin that is affected by multiple co...
File : macosx_flash_player_16_0_0_296.nasl - Type : ACT_GATHER_INFO
2015-01-26 Name : The remote Windows host has a browser plugin that is affected by multiple cod...
File : flash_player_apsa15-01.nasl - Type : ACT_GATHER_INFO
2015-01-23 Name : The remote Windows host has a browser plugin that is affected by an informati...
File : smb_kb3033408.nasl - Type : ACT_GATHER_INFO
2015-01-13 Name : The remote Windows host has a browser plugin that is affected by multiple vul...
File : smb_kb3024663.nasl - Type : ACT_GATHER_INFO
2014-12-09 Name : The remote Windows host has a browser plugin that is affected by multiple vul...
File : smb_kb3008925.nasl - Type : ACT_GATHER_INFO
2014-11-25 Name : The remote Windows host has a browser plugin that is affected by a remote cod...
File : smb_kb3018943.nasl - Type : ACT_GATHER_INFO
2014-11-12 Name : The remote Windows host has a browser plugin that is affected by multiple vul...
File : smb_kb3004150.nasl - Type : ACT_GATHER_INFO
2014-04-08 Name : The remote host has an ActiveX control installed that is affected by multiple...
File : smb_kb2942844.nasl - Type : ACT_GATHER_INFO
2014-03-11 Name : The remote host has an ActiveX control installed that is affected by multiple...
File : smb_kb2938527.nasl - Type : ACT_GATHER_INFO
2014-02-20 Name : The remote host has an ActiveX control installed that is affected by multiple...
File : smb_kb2934802.nasl - Type : ACT_GATHER_INFO
2014-02-04 Name : The remote host has an ActiveX control installed that is affected by a remote...
File : smb_kb2929825.nasl - Type : ACT_GATHER_INFO
2014-01-14 Name : The remote host has an ActiveX control installed that is affected by multiple...
File : smb_kb2916626.nasl - Type : ACT_GATHER_INFO
2013-12-11 Name : The remote host has an ActiveX control installed that is affected by memory c...
File : smb_kb2907997.nasl - Type : ACT_GATHER_INFO
2013-11-13 Name : The remote host has an ActiveX control installed that is affected by memory c...
File : smb_kb2898108.nasl - Type : ACT_GATHER_INFO
2013-09-11 Name : The remote host has an ActiveX control installed that is affected by memory c...
File : smb_kb2880289.nasl - Type : ACT_GATHER_INFO
2013-07-10 Name : The remote host has an ActiveX control installed that is affected by memory c...
File : smb_kb2857645.nasl - Type : ACT_GATHER_INFO
2013-06-11 Name : The remote host has an ActiveX control installed that is affected by memory c...
File : smb_kb2847928.nasl - Type : ACT_GATHER_INFO
2013-05-15 Name : The remote host has an ActiveX control installed that is potentially affected...
File : smb_kb2837385.nasl - Type : ACT_GATHER_INFO
2013-04-10 Name : The remote host has an ActiveX control installed that is potentially affected...
File : smb_kb2833510.nasl - Type : ACT_GATHER_INFO
2013-03-13 Name : The remote host has an ActiveX control installed that is potentially affected...
File : smb_kb2824670.nasl - Type : ACT_GATHER_INFO
2013-02-27 Name : The remote host has an ActiveX control installed that is potentially affected...
File : smb_kb2819372.nasl - Type : ACT_GATHER_INFO
2013-01-09 Name : The remote host has a vulnerable ActiveX control installed.
File : smb_kb2796096.nasl - Type : ACT_GATHER_INFO
2012-12-11 Name : The remote host has an ActiveX control installed with multiple vulnerabilities.
File : smb_kb2785605.nasl - Type : ACT_GATHER_INFO
2012-10-10 Name : The remote host has an ActiveX control installed with multiple vulnerabilities.
File : smb_kb2758994.nasl - Type : ACT_GATHER_INFO
2012-09-21 Name : The remote host has an ActiveX control installed with multiple vulnerabilities.
File : smb_kb2755399.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

Source Url
BID http://www.securityfocus.com/bid/72283
CONFIRM http://helpx.adobe.com/security/products/flash-player/apsa15-01.html
http://helpx.adobe.com/security/products/flash-player/apsb15-03.html
https://technet.microsoft.com/library/security/2755801
GENTOO http://security.gentoo.org/glsa/glsa-201502-02.xml
MISC http://malware.dontneedcoffee.com/2015/01/unpatched-vulnerability-0day-in-fla...
SECTRACK http://www.securitytracker.com/id/1031597
SECUNIA http://secunia.com/advisories/62432
http://secunia.com/advisories/62543
http://secunia.com/advisories/62650
http://secunia.com/advisories/62660
http://secunia.com/advisories/62740
SUSE http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00027.html
http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00031.html

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
Date Informations
2020-05-23 13:17:06
  • Multiple Updates
2020-05-23 01:54:15
  • Multiple Updates
2020-05-23 00:43:27
  • Multiple Updates
2019-08-27 12:06:54
  • Multiple Updates
2019-07-30 12:06:53
  • Multiple Updates
2019-07-17 12:06:42
  • Multiple Updates
2019-06-15 12:06:31
  • Multiple Updates
2018-10-30 12:07:28
  • Multiple Updates
2018-03-02 01:01:31
  • Multiple Updates
2017-09-08 12:04:51
  • Multiple Updates
2016-11-04 12:02:48
  • Multiple Updates
2016-10-18 12:04:13
  • Multiple Updates
2016-10-15 12:03:45
  • Multiple Updates
2016-09-21 12:01:42
  • Multiple Updates
2016-07-14 12:01:09
  • Multiple Updates
2016-06-29 00:44:35
  • Multiple Updates
2016-04-27 01:41:07
  • Multiple Updates
2015-08-04 21:26:00
  • Multiple Updates
2015-05-23 00:25:29
  • Multiple Updates
2015-04-30 21:26:06
  • Multiple Updates
2015-03-12 21:23:49
  • Multiple Updates
2015-03-11 21:22:29
  • Multiple Updates
2015-03-04 21:23:17
  • Multiple Updates
2015-02-14 09:22:58
  • Multiple Updates
2015-02-13 17:23:29
  • Multiple Updates
2015-02-12 00:23:01
  • Multiple Updates
2015-02-11 09:23:49
  • Multiple Updates
2015-02-10 13:24:19
  • Multiple Updates
2015-02-06 09:23:20
  • Multiple Updates
2015-01-31 13:23:11
  • Multiple Updates
2015-01-30 13:24:25
  • Multiple Updates
2015-01-29 13:24:21
  • Multiple Updates
2015-01-28 17:23:38
  • Multiple Updates
2015-01-28 13:24:09
  • Multiple Updates
2015-01-27 13:23:38
  • Multiple Updates
2015-01-26 21:25:10
  • Multiple Updates
2015-01-24 05:25:58
  • First insertion