10
CVSSv2

CVE-2015-5568

Published: 22/09/2015 Updated: 17/02/2017
CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10
VMScore: 1000
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Summary

Adobe Flash Player prior to 18.0.0.241 and 19.x prior to 19.0.0.185 on Windows and OS X and prior to 11.2.202.521 on Linux, Adobe AIR prior to 19.0.0.190, Adobe AIR SDK prior to 19.0.0.190, and Adobe AIR SDK & Compiler prior to 19.0.0.190 allow attackers to cause a denial of service (vector-length corruption) or possibly have unspecified other impact via unknown vectors.

Affected Products

Vendor Product Versions
AdobeAir18.0.0.143, 18.0.0.199
AdobeAir Sdk18.0.0.199
AdobeAir Sdk & Compiler18.0.0.180
AdobeFlash Player11.2.202.508, 13.0.0.289, 14.0.0.125, 14.0.0.145, 14.0.0.176, 14.0.0.179, 15.0.0.152, 15.0.0.167, 15.0.0.189, 15.0.0.223, 15.0.0.239, 15.0.0.246, 16.0.0.235, 16.0.0.257, 16.0.0.287, 16.0.0.296, 17.0.0.134, 17.0.0.169, 17.0.0.188, 17.0.0.190, 17.0.0.191, 18.0.0.160, 18.0.0.194, 18.0.0.203, 18.0.0.209, 18.0.0.232
GoogleAndroid*

Exploits

Source: codegooglecom/p/google-security-research/issues/detail?id=504 The latest version of the Vector<primitive> length check in Flash 18,0,0,232 is not robust against memory corruptions such as heap overflows While it’s no longer possible to obviously bypass the length check there’s still unguarded data in the object which ...

Github Repositories

CVE-Study CVE id CVSS Type CVE-2017-12762 100 BOF CVE-2017-0561 100 - CVE-2017-11176 100 UAF CVE-2017-8890 100 CVE-2017-7895 100 CVE-2017-3106 93 CVE-2017-3064 93 CVE-2017-0430 93 CVE-2017-0429 93 CVE-2017-0428 93 CVE-2017-0427 93 CVE-2017-0528 93 CVE-2017-0510 93 CVE-2017-0508 93 CVE-2017-0507 93 CVE-2017-0455 93