Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
10
CVSSv2

CVE-2015-0313

Published: 02/02/2015 Updated: 08/09/2017
CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10
VMScore: 1000
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Subscribe to Adobe

Vulnerability Summary

Use-after-free vulnerability in Adobe Flash Player prior to 13.0.0.269 and 14.x up to and including 16.x prior to 16.0.0.305 on Windows and OS X and prior to 11.2.202.442 on Linux allows remote malicious users to execute arbitrary code via unspecified vectors, as exploited in the wild in February 2015, a different vulnerability than CVE-2015-0315, CVE-2015-0320, and CVE-2015-0322.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

adobe flash_player

adobe flash_player 14.0.0.145

adobe flash_player 14.0.0.176

adobe flash_player 16.0.0.287

adobe flash_player 16.0.0.257

adobe flash_player 14.0.0.125

adobe flash_player 16.0.0.235

adobe flash_player 16.0.0.296

adobe flash_player 15.0.0.189

adobe flash_player 15.0.0.223

adobe flash_player 14.0.0.179

adobe flash_player 15.0.0.152

adobe flash_player 15.0.0.239

adobe flash_player 15.0.0.246

adobe flash_player 15.0.0.167

Vendor Advisories

Red Hat: CVE-2015-0313
Use-after-free vulnerability in Adobe Flash Player before 1300269 and 14x through 16x before 1600305 on Windows and OS X and before 112202442 on Linux allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in February 2015, a different vulnerability than CVE-2015-0315, CVE-2015-0320, and CVE-2 ...

Exploits

Exploit DB: Adobe Flash Player ByteArray With Workers Use After Free
This Metasploit module exploits an use after free vulnerability in Adobe Flash Player The vulnerability occurs when the ByteArray assigned to the current ApplicationDomain is freed from an ActionScript worker, who can fill the memory and notify the main thread to corrupt the new contents This Metasploit module has been tested successfully on Wind ...
Exploit DB: Adobe Flash Player - ByteArray With Workers Use-After-Free (Metasploit)
## # This module requires Metasploit: metasploitcom/download # Current source: githubcom/rapid7/metasploit-framework ## require 'msf/core' class Metasploit3 < Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Powershell include Msf::Exploit::Remote::BrowserExploitServer def initialize(info={}) super ...
Exploit DB: Adobe Flash Player - Arbitrary Code Execution
Source: githubcom/SecurityObscurity/cve-2015-0313 PoC: githubcom/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/36491zip Adobe Flash vulnerability source code (cve-2015-0313) from Angler Exploit Kit Reference: blogtrendmicrocom/trendlabs-security-intelligence/trend-micro-discovers-new-adobe-flash-zer ...

Github Repositories

https://github.com/q6282207/rat

rat

CVE-2015-0313 Adobe Flash vulnerability source code (cve-2015-0313) from Angler Exploit Kit Reference: blogtrendmicrocom/trendlabs-security-intelligence/trend-micro-discovers-new-adobe-flash-zero-day-exploit-used-in-malvertisements/ malwaredontneedcoffeecom/2015/02/cve-2015-0313-flash-up-to-1600296-andhtml helpxadobecom/security/products/flash-play

https://github.com/SecurityObscurity/cve-2015-0313

CVE-2015-0313 Adobe Flash vulnerability source code (cve-2015-0313) from Angler Exploit Kit Reference: blogtrendmicrocom/trendlabs-security-intelligence/trend-micro-discovers-new-adobe-flash-zero-day-exploit-used-in-malvertisements/ malwaredontneedcoffeecom/2015/02/cve-2015-0313-flash-up-to-1600296-andhtml helpxadobecom/security/products/flash-play

Recent Articles

Rap for fap stack in hack trap flap: This XXX site caught an STI (Script Transmitted Infection)
The Register • Shaun Nichols in San Francisco • 19 Feb 2015

If you surfed to this grumble-flick palace, check yourself

Blue movie website RedTube was stiffed over the weekend by a hacker who gave the site a rather nasty infection. The porno purveyor inadvertently spread the seed of malware after a hacker compromised its servers and tweaked its homepage – exposing visitors to malicious code that attempted to exploit a security vulnerability in Adobe Flash. According to researchers at MalwareBytes, an HTML iframe was used to silently thrust a web page hosting the Angler Exploit Kit at browsers. This software nas...

Read more...
Trouble comes in threes: Yet ANOTHER Flash 0-day vuln patch looming
The Register • John Leyden • 02 Feb 2015

Even Firefox users are at risk (plus IE folk, but that goes without saying)

Adobe plans to patch Flash yet again after yet another zero-day vulnerability in the web video software leaves PCs prone to hijacking. The PSA15-02 security advisory details a security hole that hackers are already exploiting to compromise vulnerable systems. An upcoming update to squash the critical bug makes it three patches in just two weeks for Flash. Adobe Flash Player 16.0.0.296 and earlier versions for Windows and Macintosh, 13.0.0.264 and earlier 13.x versions, as well as Adobe Flash Pla...

Read more...

References

NVD-CWE-noinfohttps://helpx.adobe.com/security/products/flash-player/apsa15-02.htmlhttp://www.securitytracker.com/id/1031686http://www.securityfocus.com/bid/72429http://secunia.com/advisories/62528https://helpx.adobe.com/security/products/flash-player/apsb15-04.htmlhttp://secunia.com/advisories/62895http://secunia.com/advisories/62777https://technet.microsoft.com/library/security/2755801http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00008.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-02/msg00009.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-02/msg00007.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-02/msg00006.htmlhttp://packetstormsecurity.com/files/131189/Adobe-Flash-Player-ByteArray-With-Workers-Use-After-Free.htmlhttps://www.exploit-db.com/exploits/36579/http://www.osvdb.org/117853https://exchange.xforce.ibmcloud.com/vulnerabilities/100641https://nvd.nist.govhttps://github.com/q6282207/rathttps://packetstormsecurity.com/files/131189/Adobe-Flash-Player-ByteArray-With-Workers-Use-After-Free.htmlhttps://www.exploit-db.com/exploits/36579/https://access.redhat.com/security/cve/cve-2015-0313
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
race conditionCVE-2024-4249CVE-2024-4244CVE-2023-20198TCPCVE-2022-48648CVE-2022-48636CVE-2024-21345SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook