CVE-2015-3108
Severity CVSS v4.0:
Pending analysis
Type:
CWE-200
Information Leak / Disclosure
Publication date:
10/06/2015
Last modified:
12/04/2025
Description
Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160 on Windows and OS X and before 11.2.202.466 on Linux, Adobe AIR before 18.0.0.144 on Windows and before 18.0.0.143 on OS X and Android, Adobe AIR SDK before 18.0.0.144 on Windows and before 18.0.0.143 on OS X, and Adobe AIR SDK & Compiler before 18.0.0.144 on Windows and before 18.0.0.143 on OS X do not properly restrict discovery of memory addresses, which allows attackers to bypass the ASLR protection mechanism via unspecified vectors.
Impact
Base Score 2.0
5.00
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:* | 11.2.202.460 (including) | |
| cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:* | ||
| cpe:2.3:a:adobe:air:*:*:*:*:*:*:*:* | 17.0.0.144 (including) | |
| cpe:2.3:o:google:android:*:*:*:*:*:*:*:* | ||
| cpe:2.3:a:adobe:air:*:*:*:*:*:*:*:* | 17.0.0.172 (including) | |
| cpe:2.3:a:adobe:air_sdk:*:*:*:*:*:*:*:* | 17.0.0.172 (including) | |
| cpe:2.3:a:adobe:air_sdk_\&_compiler:*:*:*:*:*:*:*:* | 17.0.0.172 (including) | |
| cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:* | ||
| cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:* | 13.0.0.289 (including) | |
| cpe:2.3:a:adobe:flash_player:14.0.0.125:*:*:*:*:*:*:* | ||
| cpe:2.3:a:adobe:flash_player:14.0.0.145:*:*:*:*:*:*:* | ||
| cpe:2.3:a:adobe:flash_player:14.0.0.176:*:*:*:*:*:*:* | ||
| cpe:2.3:a:adobe:flash_player:14.0.0.179:*:*:*:*:*:*:* | ||
| cpe:2.3:a:adobe:flash_player:15.0.0.152:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00005.html
- http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00009.html
- http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00011.html
- http://rhn.redhat.com/errata/RHSA-2015-1086.html
- http://www.securityfocus.com/bid/75084
- http://www.securitytracker.com/id/1032519
- https://helpx.adobe.com/security/products/flash-player/apsb15-11.html
- https://security.gentoo.org/glsa/201506-01
- http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00005.html
- http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00009.html
- http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00011.html
- http://rhn.redhat.com/errata/RHSA-2015-1086.html
- http://www.securityfocus.com/bid/75084
- http://www.securitytracker.com/id/1032519
- https://helpx.adobe.com/security/products/flash-player/apsb15-11.html
- https://security.gentoo.org/glsa/201506-01