Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
9.3
CVSSv2

CVE-2015-8651

Published: 28/12/2015 Updated: 17/02/2017
CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6
CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8
VMScore: 829
Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Subscribe to Air Sdk

Vulnerability Summary

Integer overflow in Adobe Flash Player prior to 18.0.0.324 and 19.x and 20.x prior to 20.0.0.267 on Windows and OS X and prior to 11.2.202.559 on Linux, Adobe AIR prior to 20.0.0.233, Adobe AIR SDK prior to 20.0.0.233, and Adobe AIR SDK & Compiler prior to 20.0.0.233 allows malicious users to execute arbitrary code via unspecified vectors.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

adobe air_sdk

adobe air_sdk_\\&_compiler

adobe flash_player

adobe air

adobe flash_player 19.0.0.226

adobe flash_player 19.0.0.207

adobe flash_player 20.0.0.235

adobe flash_player 20.0.0.228

adobe flash_player 19.0.0.245

adobe flash_player 19.0.0.185

Vendor Advisories

Red Hat: Critical: flash-plugin security update
Synopsis Critical: flash-plugin security update Type/Severity Security Advisory: Critical Topic An updated Adobe Flash Player package that fixes multiple security issuesis now available for Red Hat Enterprise Linux 5 and 6 SupplementaryRed Hat Product Security has rated this update as having Critical secur ...
Red Hat: CVE-2015-8651
Integer overflow in Adobe Flash Player before 1800324 and 19x and 20x before 2000267 on Windows and OS X and before 112202559 on Linux, Adobe AIR before 2000233, Adobe AIR SDK before 2000233, and Adobe AIR SDK & Compiler before 2000233 allows attackers to execute arbitrary code via unspecified vectors ...

Recent Articles

Masterful malvertisers pwn Channel 9, Sky, MSN in stealth attacks
The Register • Darren Pauli • 08 Dec 2016

Same group compromised a million users A DAY.

A two-year long, highly sophisticated malvertising campaign infected visitors to some of the most popular news sites in the UK, Australia, and Canada including Channel 9, Sky News, and MSN. Readers of those news sites, just a portion of all affected (since it also affected eBay's UK portal), were infected with modular trojans capable of harvesting account and email credentials, stealing keystrokes, capturing web cam footage, and opening backdoors. The news sites are not at direct fault as they d...

Read more...
Game of P0wns: Malvertising menace strikes Pirate Bay season six downloads
The Register • Darren Pauli • 27 Apr 2016

There is no honour among content thieves

Scores of Game of Thrones pirates may have had computers encrypted by ransomware after malvertisers served the dangerous malware through the Pirate Bay during the mega-series' season six première last weekend. MalwareBytes researcher Jerome Segura says the hard-working Magnitude exploit kit authors were able to target pirates after they bought advertising space on the infamous Bittorrent website targeting users with pop-under ads. Magnitude is a hugely successful crimeware offering that allows ...

Read more...
Angler exploit kit now hooking execs with Xmas Flash hole
The Register • Darren Pauli • 28 Jan 2016

Rivals stuck with old Adobe exploits

The Angler exploit kit is again sailing the cyber seas and pillaging with impunity, adding one of the more recent machine-hijacking Flash holes to its arsenal. The integration of Adobe Flash vulnerability (CVE-2015-8651) patched last month solidifies Angler's position as the most popular and effective exploit kit on underground criminal markets. Chinese security researcher known as ThreatBook reports the exploit kit is being used in phishing attacks under the so-called DarkHotel campaign. Those ...

Read more...
Patch now! Flash-exploitin' PC-hijackin' attack spotted in the wild by Huawei bods
The Register • Chris Williams, Editor in Chief • 28 Dec 2015

Adobe squeezes out one last batch of security fixes for 2015

Adobe has issued new versions of Flash to patch a load of security flaws – one of which is being exploited in the wild. Curiously, that particular vulnerability (CVE-2015-8651) was reported to the Photoshop giant by Kai Wang and Hunter Gao of Huawei's IT security department. Could the Chinese tech goliath have caught miscreants trying to exploit the bug to infect its systems? Adobe said the flaw is being used "in limited, targeted attacks." People should upgrade their installation of Flash –...

Read more...

References

CWE-189https://helpx.adobe.com/security/products/flash-player/apsb16-01.htmlhttp://www.securityfocus.com/bid/79705http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00047.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-12/msg00048.htmlhttps://security.gentoo.org/glsa/201601-03http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00046.htmlhttp://rhn.redhat.com/errata/RHSA-2015-2697.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-12/msg00045.htmlhttp://www.securitytracker.com/id/1034544https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722https://access.redhat.com/errata/RHSA-2015:2697https://nvd.nist.gov
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-38298CVE-2024-20356CVE-2023-21987CVE-2024-33217bypassCVE-2024-31804CVE-2024-32660unauthorizedSSRF
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook