Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
10
CVSSv2

CVE-2015-5560

Published: 14/08/2015 Updated: 05/01/2018
CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10
VMScore: 1000
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Subscribe to Flash Player

Vulnerability Summary

Integer overflow in Adobe Flash Player prior to 18.0.0.232 on Windows and OS X and prior to 11.2.202.508 on Linux, Adobe AIR prior to 18.0.0.199, Adobe AIR SDK prior to 18.0.0.199, and Adobe AIR SDK & Compiler prior to 18.0.0.199 allows malicious users to execute arbitrary code via unspecified vectors.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

adobe flash_player

adobe air sdk \\& compiler

adobe air sdk

adobe air

Vendor Advisories

Red Hat: CVE-2015-5560
Integer overflow in Adobe Flash Player before 1800232 on Windows and OS X and before 112202508 on Linux, Adobe AIR before 1800199, Adobe AIR SDK before 1800199, and Adobe AIR SDK & Compiler before 1800199 allows attackers to execute arbitrary code via unspecified vectors ...

Exploits

Exploit DB: Adobe Flash - Overflow in ID3 Tag Parsing
Source: codegooglecom/p/google-security-research/issues/detail?id=443&can=1&q=label%3AProduct-Flash%20modified-after%3A2015%2F8%2F17&sort=id If an mp3 file contains compressed ID3 data that is larger than 0x2aaaaaaa bytes, an integer overflow will occur in allocating the buffer to contain its converted string data, leading to ...

Recent Articles

You can’t be invulnerable, but you can be well protected
Securelist • Vyacheslav Zakorzhevsky • 23 Dec 2015

Software vulnerabilities are one of those problems that potentially affect all users. A vulnerability is a fault in a program’s implementation that can be used by attackers to gain unauthorized access to data, inject malicious code or put a system out of operation. In most cases, vulnerabilities arise from a lack of attention to fine details at the design stage rather than programming errors. Sometimes a system can seem virtually invulnerable at the design stage, but then, at some point, a new...

Read more...
Attacking Diffie-Hellman protocol implementation in the Angler Exploit Kit
Securelist • Victor Alyushin Dmitry Vinogradov Vasily Davydov Anton Ivanov • 08 Sep 2015

Exploit kit creators have been inventing increasingly interesting methods of masking their exploits, shellcodes, and payloads so that it is harder for analysts to define the type of the exploit and know what actions they may perform. Several days ago analysts found the usage of the Diffie-Hellman cryptographic protocol in the Angler Exploit Kit, which is one of the most popular exploit kits at the moment. This protocol was developed more than 40 years ago, but that is the first known case of its...

Read more...
Angler plonks August's Flash feeding frenzy into its boat
The Register • Darren Pauli • 07 Sep 2015

If you're not patching Flash you're even stupider than those who still rely on it

Crooks behind the world's worst exploit kit, Angler, have added the latest Adobe Flash vulnerabilities to the suite's long list of attack vectors. Angler now sports support for some of the 35 Flash player holes detailed and patched last month that includes eight memory corruption flaws and five type confusion bugs. French malware man Kafeine said that Angler had added an integer overflow (CVE-2015-5560) that allows for arbitrary code execution via unspecified vectors. It affects unpatched Adobe ...

Read more...

References

CWE-189https://helpx.adobe.com/security/products/flash-player/apsb15-19.htmlhttp://www.securityfocus.com/bid/76289http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00018.htmlhttps://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388https://security.gentoo.org/glsa/201508-01https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722http://www.securitytracker.com/id/1033235http://rhn.redhat.com/errata/RHSA-2015-1603.htmlhttps://nvd.nist.govhttps://www.exploit-db.com/exploits/37882/https://access.redhat.com/security/cve/cve-2015-5560
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
hardcodedarbitrary codeCVE-2024-2404CVE-2024-21111CVE-2024-28627CVE-2024-4073information disclosureCVE-2024-32780CVE-2024-4040
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook