Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
10
CVSSv2

CVE-2015-3113

Published: 23/06/2015 Updated: 08/11/2017
CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10
VMScore: 1000
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Subscribe to Flash Player

Vulnerability Summary

Heap-based buffer overflow in Adobe Flash Player prior to 13.0.0.296 and 14.x up to and including 18.x prior to 18.0.0.194 on Windows and OS X and prior to 11.2.202.468 on Linux allows remote malicious users to execute arbitrary code via unspecified vectors, as exploited in the wild in June 2015.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

adobe flash_player 14.0.0.176

adobe flash_player 14.0.0.179

adobe flash_player 16.0.0.257

adobe flash_player 16.0.0.287

adobe flash_player

adobe flash_player 15.0.0.189

adobe flash_player 15.0.0.223

adobe flash_player 15.0.0.239

adobe flash_player 17.0.0.169

adobe flash_player 17.0.0.188

adobe flash_player 14.0.0.125

adobe flash_player 14.0.0.145

adobe flash_player 15.0.0.246

adobe flash_player 16.0.0.235

adobe flash_player 18.0.0.161

adobe flash_player 15.0.0.152

adobe flash_player 15.0.0.167

adobe flash_player 16.0.0.296

adobe flash_player 17.0.0.134

Vendor Advisories

Red Hat: CVE-2015-3113
Heap-based buffer overflow in Adobe Flash Player before 1300296 and 14x through 18x before 1800194 on Windows and OS X and before 112202468 on Linux allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in June 2015 ...

Exploits

Exploit DB: Adobe Flash Player - Nellymoser Audio Decoding Buffer Overflow (Metasploit)
## # This module requires Metasploit: metasploitcom/download # Current source: githubcom/rapid7/metasploit-framework ## require 'msf/core' class MetasploitModule < Msf::Exploit::Remote Rank = GreatRanking include Msf::Exploit::Remote::BrowserExploitServer def initialize(info={}) super(update_info(info, 'Name' ...
Exploit DB: Adobe Flash Player Nellymoser Audio Decoding Buffer Overflow
This Metasploit module exploits a buffer overflow on Adobe Flash Player when handling nellymoser encoded audio inside a FLV video, as exploited in the wild on June 2015 This Metasploit module has been tested successfully on: Windows 7 SP1 (32-bit), IE11 and Adobe Flash 1800160, Windows 7 SP1 (32-bit), Firefox 3805 and Adobe Flash 1800160, ...
Exploit DB: Adobe Flash Player Nellymoser Audio Decoding Buffer Overflow
This module exploits a buffer overflow on Adobe Flash Player when handling nellymoser encoded audio inside a FLV video, as exploited in the wild on June 2015 This module has been tested successfully on: Windows 7 SP1 (32-bit), IE11 and Adobe Flash 1800160, Windows 7 SP1 (32-bit), Firefox 3805 and Adobe Flash 1 ...
Exploit DB: Adobe Flash Player Nellymoser Audio Decoding Buffer Overflow
This module exploits a buffer overflow on Adobe Flash Player when handling nellymoser encoded audio inside a FLV video, as exploited in the wild on June 2015 This module has been tested successfully on: Windows 7 SP1 (32-bit), IE11 and Adobe Flash 1800160, Windows 7 SP1 (32-bit), Firefox 3805 and Adobe Flash 1 ...

Metasploit Modules

Adobe Flash Player Nellymoser Audio Decoding Buffer Overflow

This module exploits a buffer overflow on Adobe Flash Player when handling nellymoser encoded audio inside a FLV video, as exploited in the wild on June 2015. This module has been tested successfully on: Windows 7 SP1 (32-bit), IE11 and Adobe Flash 18.0.0.160, Windows 7 SP1 (32-bit), Firefox 38.0.5 and Adobe Flash 18.0.0.160, Windows 8.1, Firefox 38.0.5 and Adobe Flash 18.0.0.160, Linux Mint "Rebecca" (32 bits), Firefox 33.0 and Adobe Flash 11.2.202.466, and Ubuntu 14.04.2 LTS, Firefox 35.01, and Adobe Flash 11.2.202.466. Note that this exploit is effective against both CVE-2015-3113 and the earlier CVE-2015-3043, since CVE-2015-3113 is effectively a regression to the same root cause as CVE-2015-3043.

msf > use exploit/multi/browser/adobe_flash_nellymoser_bof
msf exploit(adobe_flash_nellymoser_bof) > show targets
    ...targets...
msf exploit(adobe_flash_nellymoser_bof) > set TARGET < target-id >
msf exploit(adobe_flash_nellymoser_bof) > show options
    ...show and set options...
msf exploit(adobe_flash_nellymoser_bof) > exploit
Adobe Flash Player Nellymoser Audio Decoding Buffer Overflow

This module exploits a buffer overflow on Adobe Flash Player when handling nellymoser encoded audio inside a FLV video, as exploited in the wild on June 2015. This module has been tested successfully on: Windows 7 SP1 (32-bit), IE11 and Adobe Flash 18.0.0.160, Windows 7 SP1 (32-bit), Firefox 38.0.5 and Adobe Flash 18.0.0.160, Windows 8.1, Firefox 38.0.5 and Adobe Flash 18.0.0.160, Linux Mint "Rebecca" (32 bits), Firefox 33.0 and Adobe Flash 11.2.202.466, and Ubuntu 14.04.2 LTS, Firefox 35.01, and Adobe Flash 11.2.202.466. Note that this exploit is effective against both CVE-2015-3113 and the earlier CVE-2015-3043, since CVE-2015-3113 is effectively a regression to the same root cause as CVE-2015-3043.

msf > use exploit/multi/browser/adobe_flash_nellymoser_bof
msf exploit(adobe_flash_nellymoser_bof) > show targets
    ...targets...
msf exploit(adobe_flash_nellymoser_bof) > set TARGET < target-id >
msf exploit(adobe_flash_nellymoser_bof) > show options
    ...show and set options...
msf exploit(adobe_flash_nellymoser_bof) > exploit

Recent Articles

Ransomware slinging exploit kit targets Flash remote code execution
The Register • Darren Pauli • 29 Jun 2015

CVE-2015-3113: Patch or pay.

Attackers have added a recent dangerous Adobe vulnerability to the Magnitude exploit kit, according to respected independent malware researcher "Kafeine". The remote code execution vulnerability (CVE-2015-3113) revealed last week allows attackers to hijack un-patched machines targeting Internet Explorer on Windows 7 and XP. Web villains designated APT 3 by FireEye sleuths are already exploiting the flaw through phishing attacks. Now the researcher known as Kafeine says the vulnerability has been...

Read more...
Hackers exploit fresh PC hijack bug in Adobe Flash Player, the internet's screen door
The Register • Shaun Nichols in San Francisco • 23 Jun 2015

Patch now, or just dump the thing

Adobe is advising users and administrators to patch its Flash Player after yet another remote-code execution vulnerability was discovered in the plugin. The patch fixes bug CVE-2015-3113, which allows attackers to take control of a system if it opens a malicious Flash file. Miscreants are exploiting the flaw in the wild to hijack PCs, targeting Internet Explorer on Windows 7 and Firefox on Windows XP. Adobe credited researchers at FireEye in spotting and reporting the flaw. Miscreants are appare...

Read more...

References

CWE-119https://helpx.adobe.com/security/products/flash-player/apsb15-14.htmlhttp://marc.info/?l=bugtraq&m=144050155601375&w=2http://www.securityfocus.com/bid/75371https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04952467https://security.gentoo.org/glsa/201507-13http://www.securitytracker.com/id/1032696http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00002.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-06/msg00025.htmlhttps://www.suse.com/security/cve/CVE-2015-3113.htmlhttps://bugzilla.suse.com/show_bug.cgi?id=935701https://bugzilla.redhat.com/show_bug.cgi?id=1235036http://rhn.redhat.com/errata/RHSA-2015-1184.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-06/msg00020.htmlhttps://nvd.nist.govhttps://www.exploit-db.com/exploits/37536/https://access.redhat.com/security/cve/cve-2015-3113https://www.rapid7.com/db/modules/exploit/multi/browser/adobe_flash_nellymoser_bof
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-2907hardcodedinjectCVE-2024-20359CVE-2024-2467CVE-2024-4077CVE-2024-22391cameraCVE-2024-20353
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook