10
CVSSv2

CVE-2015-5560

Published: 14/08/2015 Updated: 05/01/2018
CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10
VMScore: 1000
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Summary

Integer overflow in Adobe Flash Player prior to 18.0.0.232 on Windows and OS X and prior to 11.2.202.508 on Linux, Adobe AIR prior to 18.0.0.199, Adobe AIR SDK prior to 18.0.0.199, and Adobe AIR SDK & Compiler prior to 18.0.0.199 allows malicious users to execute arbitrary code via unspecified vectors.

Vulnerability Trend

Vendor Advisories

Integer overflow in Adobe Flash Player before 1800232 on Windows and OS X and before 112202508 on Linux, Adobe AIR before 1800199, Adobe AIR SDK before 1800199, and Adobe AIR SDK & Compiler before 1800199 allows attackers to execute arbitrary code via unspecified vectors ...

Exploits

Source: codegooglecom/p/google-security-research/issues/detail?id=443&can=1&q=label%3AProduct-Flash%20modified-after%3A2015%2F8%2F17&sort=id If an mp3 file contains compressed ID3 data that is larger than 0x2aaaaaaa bytes, an integer overflow will occur in allocating the buffer to contain its converted string data, leading to ...

Github Repositories

CVE-Study CVE id CVSS Type CVE-2017-12762 100 BOF CVE-2017-0561 100 - CVE-2017-11176 100 UAF CVE-2017-8890 100 CVE-2017-7895 100 CVE-2017-3106 93 CVE-2017-3064 93 CVE-2017-0430 93 CVE-2017-0429 93 CVE-2017-0428 93 CVE-2017-0427 93 CVE-2017-0528 93 CVE-2017-0510 93 CVE-2017-0508 93 CVE-2017-0507 93 CVE-2017-0455 93

Recent Articles

You can’t be invulnerable, but you can be well protected
Securelist • Vyacheslav Zakorzhevsky • 23 Dec 2015

Software vulnerabilities are one of those problems that potentially affect all users. A vulnerability is a fault in a program’s implementation that can be used by attackers to gain unauthorized access to data, inject malicious code or put a system out of operation. In most cases, vulnerabilities arise from a lack of attention to fine details at the design stage rather than programming errors. Sometimes a system can seem virtually invulnerable at the design stage, but then, at some point, a new...

Attacking Diffie-Hellman protocol implementation in the Angler Exploit Kit
Securelist • Victor Alyushin Dmitry Vinogradov Vasily Davydov Anton Ivanov • 08 Sep 2015

Exploit kit creators have been inventing increasingly interesting methods of masking their exploits, shellcodes, and payloads so that it is harder for analysts to define the type of the exploit and know what actions they may perform.
Several days ago analysts found the usage of the Diffie-Hellman cryptographic protocol in the Angler Exploit Kit, which is one of the most popular exploit kits at the moment. This protocol was developed more than 40 years ago, but that is the first known case ...

Angler plonks August's Flash feeding frenzy into its boat
The Register • Darren Pauli • 07 Sep 2015

If you're not patching Flash you're even stupider than those who still rely on it

Crooks behind the world's worst exploit kit, Angler, have added the latest Adobe Flash vulnerabilities to the suite's long list of attack vectors.
Angler now sports support for some of the 35 Flash player holes detailed and patched last month that includes eight memory corruption flaws and five type confusion bugs.
French malware man Kafeine said that Angler had added an integer overflow (CVE-2015-5560) that allows for arbitrary code execution via unspecified vectors.
It affect...