10
HIGH

CVE-2015-5568

Published: 22/09/2015 Updated: 17/02/2017
CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10

Vulnerability Summary

Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 allow attackers to cause a denial of service (vector-length corruption) or possibly have unspecified other impact via unknown vectors.

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Access Complexity: LOW
Authentication: NONE
Access Vector: NETWORK
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Affected Products

Vendor Product Versions
AdobeAir18.0.0.143, 18.0.0.199
AdobeAir Sdk18.0.0.199
AdobeAir Sdk & Compiler18.0.0.180
AdobeFlash Player11.2.202.508, 13.0.0.289, 14.0.0.125, 14.0.0.145, 14.0.0.176, 14.0.0.179, 15.0.0.152, 15.0.0.167, 15.0.0.189, 15.0.0.223, 15.0.0.239, 15.0.0.246, 16.0.0.235, 16.0.0.257, 16.0.0.287, 16.0.0.296, 17.0.0.134, 17.0.0.169, 17.0.0.188, 17.0.0.190, 17.0.0.191, 18.0.0.160, 18.0.0.194, 18.0.0.203, 18.0.0.209, 18.0.0.232
GoogleAndroid*

Mitigation

Administrators are advised to apply the appropriate updates.

Users are advised not to open email messages from suspicious or unrecognized sources. If users cannot verify that links or attachments included in email messages are safe, they are advised not to open them.

Administrators are advised to monitor critical systems.

Exploitation

To exploit the vulnerability, the attacker may provide the user with a link to a malicious web page or a file containing crafted Flash content intended to submit malicious input to the affected software and use misleading language or instructions to persuade the user to follow the link or open the file.

Although a successful exploit of this vulnerability could cause a DoS condition, it is possible that this vulnerability may have other impacts via unknown vectors.

IntelliShield has previously covered this vulnerability in a Security Activity Bulletin at the following link: Security Activity Bulletin 41129

EDB Exploits

Github Repositories

CVE-Study CVE id CVSS Type CVE-2017-12762 10.0 BOF CVE-2017-0561 10.0 - CVE-2017-11176 10.0 UAF CVE-2017-8890 10.0 CVE-2017-7895 10.0 CVE-2017-3106 9.3 CVE-2017-3064 9.3 CVE-2017-0430 9.3 CVE-2017-0429 9.3 CVE-2017-0428 9.3 CVE-2017-0427 9.3 CVE-2017-0528 9.3 CVE-2017-0510 9.3 CVE-2017-0508 9.3 CVE-2017-0507 9.3 CVE-2017-0455 9.3

References