10
CVSSv2

CVE-2015-8429

Published: 10/12/2015 Updated: 10/09/2017
CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10
VMScore: 1000
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Summary

Use-after-free vulnerability in Adobe Flash Player prior to 18.0.0.268 and 19.x and 20.x prior to 20.0.0.228 on Windows and OS X and prior to 11.2.202.554 on Linux, Adobe AIR prior to 20.0.0.204, Adobe AIR SDK prior to 20.0.0.204, and Adobe AIR SDK & Compiler prior to 20.0.0.204 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-8048, CVE-2015-8049, CVE-2015-8050, CVE-2015-8055, CVE-2015-8056, CVE-2015-8057, CVE-2015-8058, CVE-2015-8059, CVE-2015-8061, CVE-2015-8062, CVE-2015-8063, CVE-2015-8064, CVE-2015-8065, CVE-2015-8066, CVE-2015-8067, CVE-2015-8068, CVE-2015-8069, CVE-2015-8070, CVE-2015-8071, CVE-2015-8401, CVE-2015-8402, CVE-2015-8403, CVE-2015-8404, CVE-2015-8405, CVE-2015-8406, CVE-2015-8410, CVE-2015-8411, CVE-2015-8412, CVE-2015-8413, CVE-2015-8414, CVE-2015-8420, CVE-2015-8421, CVE-2015-8422, CVE-2015-8423, CVE-2015-8424, CVE-2015-8425, CVE-2015-8426, CVE-2015-8427, CVE-2015-8428, CVE-2015-8430, CVE-2015-8431, CVE-2015-8432, CVE-2015-8433, CVE-2015-8434, CVE-2015-8435, CVE-2015-8436, CVE-2015-8437, CVE-2015-8441, CVE-2015-8442, CVE-2015-8447, CVE-2015-8448, CVE-2015-8449, CVE-2015-8450, CVE-2015-8452, and CVE-2015-8454.

Affected Products

Vendor Product Versions
AdobeAir19.0.0.241
AdobeAir Sdk19.0.0.241
AdobeAir Sdk & Compiler19.0.0.241
AdobeFlash Player11.2.202.548, 18.0.0.261, 19.0.0.185, 19.0.0.207, 19.0.0.226, 19.0.0.245

Vendor Advisories

Use-after-free vulnerability in Adobe Flash Player before 1800268 and 19x and 20x before 2000228 on Windows and OS X and before 112202554 on Linux, Adobe AIR before 2000204, Adobe AIR SDK before 2000204, and Adobe AIR SDK & Compiler before 2000204 allows attackers to execute arbitrary code via unspecified vectors, a differen ...

Exploits

Source: codegooglecom/p/google-security-research/issues/detail?id=577 There is a use-after-free in the TextFieldtype setter If the type the field is set to is an object with toString defined, the toString function can free the field's parent object, which is then used A minimal PoC is as follows: var mc = thiscreateEmptyMovieClip("m ...

Github Repositories

CVE-Study CVE id CVSS Type CVE-2017-12762 100 BOF CVE-2017-0561 100 - CVE-2017-11176 100 UAF CVE-2017-8890 100 CVE-2017-7895 100 CVE-2017-3106 93 CVE-2017-3064 93 CVE-2017-0430 93 CVE-2017-0429 93 CVE-2017-0428 93 CVE-2017-0427 93 CVE-2017-0528 93 CVE-2017-0510 93 CVE-2017-0508 93 CVE-2017-0507 93 CVE-2017-0455 93