Published: 10/06/2015 Updated: 31/12/2016

CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10

VMScore: 891

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Integer overflow in Adobe Flash Player prior to 13.0.0.292 and 14.x up to and including 18.x prior to 18.0.0.160 on Windows and OS X and prior to 11.2.202.466 on Linux, Adobe AIR prior to 18.0.0.144 on Windows and prior to 18.0.0.143 on OS X and Android, Adobe AIR SDK prior to 18.0.0.144 on Windows and prior to 18.0.0.143 on OS X, and Adobe AIR SDK & Compiler prior to 18.0.0.144 on Windows and prior to 18.0.0.143 on OS X allows malicious users to execute arbitrary code via unspecified vectors.

Vulnerable Product	Search on Vulmon	Subscribe to Product
adobe air
google android
adobe air_sdk_\\&_compiler
adobe air_sdk
adobe flash_player
adobe flash_player 14.0.0.179
adobe flash_player 15.0.0.152
adobe flash_player 16.0.0.257
adobe flash_player 14.0.0.125
adobe flash_player 15.0.0.223
adobe flash_player 15.0.0.239
adobe flash_player 17.0.0.169
adobe flash_player 17.0.0.188
adobe flash_player 16.0.0.287
adobe flash_player 15.0.0.167
adobe flash_player 15.0.0.189
adobe flash_player 16.0.0.296
adobe flash_player 17.0.0.134
adobe flash_player 14.0.0.145
adobe flash_player 14.0.0.176
adobe flash_player 15.0.0.246
adobe flash_player 16.0.0.235

Integer overflow in Adobe Flash Player before 1300292 and 14x through 18x before 1800160 on Windows and OS X and before 112202466 on Linux, Adobe AIR before 1800144 on Windows and before 1800143 on OS X and Android, Adobe AIR SDK before 1800144 on Windows and before 1800143 on OS X, and Adobe AIR SDK & Compiler before 18 ...

Patching Flash binary to stop Flash exploits and zero-days

#HardenFlash - Patching Flash binary to stop Flash exploits and zero-days Introduction You probably know how bad it is for Flash security Five years ago we often heard of Flash-based zero-day attacks, 5 years later we are still facing the same situation (or even worse since we are in the "APT" era now) In Feb 2013, the author revealed the aka "Vector Spray&q

All efforts for the AWE course and preparation for the Offensive Security Exploitation Expert (OSEE) exam.

Advanced Windows Exploitation All efforts for the AWE course and preparation for the Offensive Security Exploitation Expert (OSEE) exam Study Strategy Several rounds of course content First round: Shellcoding on x64 Flash Player [Firefox x86] - Heap Internals (bypassing DEP, ASLR and Sandboxes) - CVE-2015-3104 Second round: VMWare Internals (guest-to-hosts escape) Symante

World's worst exploit kit now targeting point-of-sale systems

The Register • Darren Pauli • 31 Jul 2015

Eyes PoS vendors, web terminals.

Trend Micro researcher Anthony Joe Melgarejo says the sophisticated Angler exploit kit popular in cybercrime circles is now targeting point-of-sale (PoS) systems. It appears to be the first time an exploit kit has included PoS in its list of hackable platforms, putting them alongside the likes of Adobe Flash, Reader, Java, and Internet Explorer as targets crims think are low-hanging fruit. Melgarejo says Angler often establishes a network beachhead with a malvertising campaign targeting web PoS ...

CVE-2015-3104

Vulnerability Summary

Vendor Advisories

Github Repositories

Recent Articles

References

Vulmon Search

About

Products

Connect