CVE-2015-0311
100Vexday Risk Score
Patch now. It under exploitation confirmed by CISA and has a working public exploit.
ssvc Actcvss 7.8epss 86%
from disclosure to weapon48 days
Published on NVDJan 23
1st PoC+48d
metasploitApr 28
CISA KEV+2637d
exploitation probability
86%top 1% of all CVEs
observed exploitation
yesCISA + VulnCheck
3 public exploit(s)
Action required by CISAfederal deadline: 2022-05-04
The impacted product is end-of-life and should be disconnected if still in use.
In short
Adobe Flash Player had a security flaw that let attackers run malicious code on your computer just by visiting a compromised website. This was a serious problem because Flash was widely used in browsers.
Technical detail
An unspecified remote code execution vulnerability in Adobe Flash Player (versions 13.0.0.262 and earlier on Windows/OS X, 11.2.202.438 on Linux, and 14.x-16.0.0.287 across platforms) allowed unauthenticated remote attackers to execute arbitrary code through unknown attack vectors, with active exploitation documented in January 2015.
Summary generated and translated by AI from the official description.
Unspecified vulnerability in Adobe Flash Player through 13.0.0.262 and 14.x, 15.x, and 16.x through 16.0.0.287 on Windows and OS X and through 11.2.202.438 on Linux allows remote attackers to execute arbitrary code via unknown vectors, as exploited in the wild in January 2015.
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected products
n/a · n/apublic PoCs found — 3
githubgithub.com/jr64/CVE-2015-0311★ 0exploitdbwww.exploit-db.com/exploits/36360unverifiedvulncheckvulncheck.com/xdb/48142db4596aunverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
References
http://helpx.adobe.com/security/products/flash-player/apsa15-01.htmlhttp://helpx.adobe.com/security/products/flash-player/apsb15-03.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-01/msg00027.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-01/msg00031.htmlhttp://malware.dontneedcoffee.com/2015/01/unpatched-vulnerability-0day-in-flash.htmlhttp://secunia.com/advisories/62432http://secunia.com/advisories/62543http://secunia.com/advisories/62650http://secunia.com/advisories/62660http://secunia.com/advisories/62740http://security.gentoo.org/glsa/glsa-201502-02.xmlhttps://github.com/cisagov/vulnrichment/issues/196