Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
10
CVSSv2

CVE-2015-3090

Published: 13/05/2015 Updated: 03/01/2017
CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10
VMScore: 1000
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Subscribe to Flash Player

Vulnerability Summary

Adobe Flash Player prior to 13.0.0.289 and 14.x up to and including 17.x prior to 17.0.0.188 on Windows and OS X and prior to 11.2.202.460 on Linux, Adobe AIR prior to 17.0.0.172, Adobe AIR SDK prior to 17.0.0.172, and Adobe AIR SDK & Compiler prior to 17.0.0.172 allow malicious users to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-3078, CVE-2015-3089, and CVE-2015-3093.

Vulnerable Product Search on Vulmon Subscribe to Product

adobe flash_player 15.0.0.167

adobe flash_player 15.0.0.189

adobe flash_player 16.0.0.296

adobe flash_player 17.0.0.134

adobe flash_player 14.0.0.125

adobe flash_player 14.0.0.145

adobe flash_player 15.0.0.246

adobe flash_player 16.0.0.235

adobe flash_player 14.0.0.176

adobe flash_player 14.0.0.179

adobe flash_player 15.0.0.152

adobe flash_player 16.0.0.257

adobe flash_player 16.0.0.287

adobe flash_player

adobe flash_player 15.0.0.223

adobe flash_player 15.0.0.239

adobe flash_player 17.0.0.169

adobe air

adobe air sdk

adobe air sdk \\& compiler

Exploits

Exploit DB: Adobe Flash Player - ShaderJob Buffer Overflow (Metasploit)
## # This module requires Metasploit: metasploitcom/download # Current source: githubcom/rapid7/metasploit-framework ## require 'msf/core' class Metasploit3 < Msf::Exploit::Remote Rank = GreatRanking include Msf::Exploit::Remote::BrowserExploitServer def initialize(info={}) super(update_info(info, 'Name' ...
Exploit DB: Adobe Flash Player ShaderJob Buffer Overflow
This Metasploit module exploits a buffer overflow vulnerability related to the ShaderJob workings on Adobe Flash Player The vulnerability happens when trying to apply a Shader setting up the same Bitmap object as src and destination of the ShaderJob Modifying the "width" attribute of the ShaderJob after starting the job it's possible to create a ...

Github Repositories

https://github.com/HaifeiLi/HardenFlash

Patching Flash binary to stop Flash exploits and zero-days

#HardenFlash - Patching Flash binary to stop Flash exploits and zero-days Introduction You probably know how bad it is for Flash security Five years ago we often heard of Flash-based zero-day attacks, 5 years later we are still facing the same situation (or even worse since we are in the "APT" era now) In Feb 2013, the author revealed the aka "Vector Spray&q

https://github.com/Xattam1/Adobe-Flash-Exploits_17-18

Converted Metasploit exploits for Adobe Flash vulnerabilities CVE-2015-3090, CVE-2015-3105, CVE-2015-5119, and CVE-2015-5122 to a Python3 script.

Adobe Flash Exploits CVE-2015-3090, CVE-2015-3105, CVE-2015-5119, and CVE-2015-5122 Python3 Script Converted Metasploit exploits for Adobe Flash vulnerabilities CVE-2015-3090, CVE-2015-3105, CVE-2015-5119, and CVE-2015-5122 to a Python3 script Information This script will host a web server that can exploit one of the following Adobe Flash vulnerabilities at a time: CVE-2015-3

https://github.com/Xattam1/Adobe-Flash-Exploits_CVE-2015-3090_CVE-2015-3105_CVE-2015-5119_CVE-2015-5122

Converted Metasploit exploits for Adobe Flash vulnerabilities CVE-2015-3090, CVE-2015-3105, CVE-2015-5119, and CVE-2015-5122 to a Python3 script.

Adobe Flash Exploits CVE-2015-3090, CVE-2015-3105, CVE-2015-5119, and CVE-2015-5122 Python3 Script Converted Metasploit exploits for Adobe Flash vulnerabilities CVE-2015-3090, CVE-2015-3105, CVE-2015-5119, and CVE-2015-5122 to a Python3 script Information This script will host a web server that can exploit one of the following Adobe Flash vulnerabilities at a time: CVE-2015-3

Recent Articles

Poison résumé attack gives ransomware a gig on the desktop
The Register • Darren Pauli • 12 Jun 2015

Multiple rival researchers warn of Cryptowall delivery ruse targeting employers

Security researchers are focussing their crosshairs on what appears to be high-volume spam and exploit campaigns to deliver the latest iteration of the Cryptowall ransomware. Boffins from the SANS Institute, Cisco, and MalwareBytes have identified a dangerous if goofy spam campaign slinging the nasty ransomware masquerading as file attachment bearing a résumé. SANS handler Brad Duncan says the two campaigns to foist Cryptowall 3.0, also known as Croti, appear to be the handiwork of one attacke...

Read more...

References

CWE-119https://helpx.adobe.com/security/products/flash-player/apsb15-09.htmlhttps://security.gentoo.org/glsa/201505-02http://www.securitytracker.com/id/1032285http://www.securityfocus.com/bid/74605http://rhn.redhat.com/errata/RHSA-2015-1005.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-05/msg00016.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-05/msg00010.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-05/msg00007.htmlhttps://nvd.nist.govhttps://github.com/HaifeiLi/HardenFlashhttps://www.exploit-db.com/exploits/37368/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4040privilege escalationCVE-2024-4112CVE-2024-32872man-in-the-middleCVE-2024-32788bypassCVE-2024-3400CVE-2024-28976
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook