// For flags

CVE-2015-0314

Adobe Flash Player BitmapFilter Invalid Object Corruption Remote Code Execution Vulnerability

Severity Score

10.0
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-0316, CVE-2015-0318, CVE-2015-0321, CVE-2015-0329, and CVE-2015-0330.

Adobe Flash Player anterior a 13.0.0.269 y 14.x hasta 16.x anterior a 16.0.0.305 en Windows y OS X y anterior a 11.2.202.442 en Linux permite a atacantes ejecutar código arbitrario o causar una denegación de servicio (corrupción de memoria) a través de vectores no especificados, una vulnerabilidad diferente a CVE-2015-0316, CVE-2015-0318, CVE-2015-0321, CVE-2015-0329, y CVE-2015-0330.

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the BitmapFilter class. The class is not marked as final, so it can be extended. When extending the class and adding it to a filters array, Adobe Flash tries to execute a non-existent method at a specific offset. An attacker can leverage this vulnerability to execute arbitrary code in the context of the current process.

*Credits: bilou
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Complete
Integrity
Complete
Availability
Complete
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2014-12-01 CVE Reserved
  • 2015-02-06 CVE Published
  • 2024-08-06 CVE Updated
  • 2024-11-02 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Adobe
Search vendor "Adobe"
Flash Player
Search vendor "Adobe" for product "Flash Player"
<= 11.2.202.440
Search vendor "Adobe" for product "Flash Player" and version " <= 11.2.202.440"
-
Affected
in Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
--
Safe
Adobe
Search vendor "Adobe"
Flash Player
Search vendor "Adobe" for product "Flash Player"
<= 13.0.0.264
Search vendor "Adobe" for product "Flash Player" and version " <= 13.0.0.264"
-
Affected
in Apple
Search vendor "Apple"
Mac Os X
Search vendor "Apple" for product "Mac Os X"
--
Safe
Adobe
Search vendor "Adobe"
Flash Player
Search vendor "Adobe" for product "Flash Player"
<= 13.0.0.264
Search vendor "Adobe" for product "Flash Player" and version " <= 13.0.0.264"
-
Affected
in Microsoft
Search vendor "Microsoft"
Windows
Search vendor "Microsoft" for product "Windows"
--
Safe
Adobe
Search vendor "Adobe"
Flash Player
Search vendor "Adobe" for product "Flash Player"
14.0.0.125
Search vendor "Adobe" for product "Flash Player" and version "14.0.0.125"
-
Affected
in Apple
Search vendor "Apple"
Mac Os X
Search vendor "Apple" for product "Mac Os X"
--
Safe
Adobe
Search vendor "Adobe"
Flash Player
Search vendor "Adobe" for product "Flash Player"
14.0.0.125
Search vendor "Adobe" for product "Flash Player" and version "14.0.0.125"
-
Affected
in Microsoft
Search vendor "Microsoft"
Windows
Search vendor "Microsoft" for product "Windows"
--
Safe
Adobe
Search vendor "Adobe"
Flash Player
Search vendor "Adobe" for product "Flash Player"
14.0.0.145
Search vendor "Adobe" for product "Flash Player" and version "14.0.0.145"
-
Affected
in Apple
Search vendor "Apple"
Mac Os X
Search vendor "Apple" for product "Mac Os X"
--
Safe
Adobe
Search vendor "Adobe"
Flash Player
Search vendor "Adobe" for product "Flash Player"
14.0.0.145
Search vendor "Adobe" for product "Flash Player" and version "14.0.0.145"
-
Affected
in Microsoft
Search vendor "Microsoft"
Windows
Search vendor "Microsoft" for product "Windows"
--
Safe
Adobe
Search vendor "Adobe"
Flash Player
Search vendor "Adobe" for product "Flash Player"
14.0.0.176
Search vendor "Adobe" for product "Flash Player" and version "14.0.0.176"
-
Affected
in Apple
Search vendor "Apple"
Mac Os X
Search vendor "Apple" for product "Mac Os X"
--
Safe
Adobe
Search vendor "Adobe"
Flash Player
Search vendor "Adobe" for product "Flash Player"
14.0.0.176
Search vendor "Adobe" for product "Flash Player" and version "14.0.0.176"
-
Affected
in Microsoft
Search vendor "Microsoft"
Windows
Search vendor "Microsoft" for product "Windows"
--
Safe
Adobe
Search vendor "Adobe"
Flash Player
Search vendor "Adobe" for product "Flash Player"
14.0.0.179
Search vendor "Adobe" for product "Flash Player" and version "14.0.0.179"
-
Affected
in Apple
Search vendor "Apple"
Mac Os X
Search vendor "Apple" for product "Mac Os X"
--
Safe
Adobe
Search vendor "Adobe"
Flash Player
Search vendor "Adobe" for product "Flash Player"
14.0.0.179
Search vendor "Adobe" for product "Flash Player" and version "14.0.0.179"
-
Affected
in Microsoft
Search vendor "Microsoft"
Windows
Search vendor "Microsoft" for product "Windows"
--
Safe
Adobe
Search vendor "Adobe"
Flash Player
Search vendor "Adobe" for product "Flash Player"
15.0.0.152
Search vendor "Adobe" for product "Flash Player" and version "15.0.0.152"
-
Affected
in Apple
Search vendor "Apple"
Mac Os X
Search vendor "Apple" for product "Mac Os X"
--
Safe
Adobe
Search vendor "Adobe"
Flash Player
Search vendor "Adobe" for product "Flash Player"
15.0.0.152
Search vendor "Adobe" for product "Flash Player" and version "15.0.0.152"
-
Affected
in Microsoft
Search vendor "Microsoft"
Windows
Search vendor "Microsoft" for product "Windows"
--
Safe
Adobe
Search vendor "Adobe"
Flash Player
Search vendor "Adobe" for product "Flash Player"
15.0.0.167
Search vendor "Adobe" for product "Flash Player" and version "15.0.0.167"
-
Affected
in Apple
Search vendor "Apple"
Mac Os X
Search vendor "Apple" for product "Mac Os X"
--
Safe
Adobe
Search vendor "Adobe"
Flash Player
Search vendor "Adobe" for product "Flash Player"
15.0.0.167
Search vendor "Adobe" for product "Flash Player" and version "15.0.0.167"
-
Affected
in Microsoft
Search vendor "Microsoft"
Windows
Search vendor "Microsoft" for product "Windows"
--
Safe
Adobe
Search vendor "Adobe"
Flash Player
Search vendor "Adobe" for product "Flash Player"
15.0.0.189
Search vendor "Adobe" for product "Flash Player" and version "15.0.0.189"
-
Affected
in Apple
Search vendor "Apple"
Mac Os X
Search vendor "Apple" for product "Mac Os X"
--
Safe
Adobe
Search vendor "Adobe"
Flash Player
Search vendor "Adobe" for product "Flash Player"
15.0.0.189
Search vendor "Adobe" for product "Flash Player" and version "15.0.0.189"
-
Affected
in Microsoft
Search vendor "Microsoft"
Windows
Search vendor "Microsoft" for product "Windows"
--
Safe
Adobe
Search vendor "Adobe"
Flash Player
Search vendor "Adobe" for product "Flash Player"
15.0.0.223
Search vendor "Adobe" for product "Flash Player" and version "15.0.0.223"
-
Affected
in Apple
Search vendor "Apple"
Mac Os X
Search vendor "Apple" for product "Mac Os X"
--
Safe
Adobe
Search vendor "Adobe"
Flash Player
Search vendor "Adobe" for product "Flash Player"
15.0.0.223
Search vendor "Adobe" for product "Flash Player" and version "15.0.0.223"
-
Affected
in Microsoft
Search vendor "Microsoft"
Windows
Search vendor "Microsoft" for product "Windows"
--
Safe
Adobe
Search vendor "Adobe"
Flash Player
Search vendor "Adobe" for product "Flash Player"
15.0.0.239
Search vendor "Adobe" for product "Flash Player" and version "15.0.0.239"
-
Affected
in Apple
Search vendor "Apple"
Mac Os X
Search vendor "Apple" for product "Mac Os X"
--
Safe
Adobe
Search vendor "Adobe"
Flash Player
Search vendor "Adobe" for product "Flash Player"
15.0.0.239
Search vendor "Adobe" for product "Flash Player" and version "15.0.0.239"
-
Affected
in Microsoft
Search vendor "Microsoft"
Windows
Search vendor "Microsoft" for product "Windows"
--
Safe
Adobe
Search vendor "Adobe"
Flash Player
Search vendor "Adobe" for product "Flash Player"
15.0.0.246
Search vendor "Adobe" for product "Flash Player" and version "15.0.0.246"
-
Affected
in Apple
Search vendor "Apple"
Mac Os X
Search vendor "Apple" for product "Mac Os X"
--
Safe
Adobe
Search vendor "Adobe"
Flash Player
Search vendor "Adobe" for product "Flash Player"
15.0.0.246
Search vendor "Adobe" for product "Flash Player" and version "15.0.0.246"
-
Affected
in Microsoft
Search vendor "Microsoft"
Windows
Search vendor "Microsoft" for product "Windows"
--
Safe
Adobe
Search vendor "Adobe"
Flash Player
Search vendor "Adobe" for product "Flash Player"
16.0.0.235
Search vendor "Adobe" for product "Flash Player" and version "16.0.0.235"
-
Affected
in Apple
Search vendor "Apple"
Mac Os X
Search vendor "Apple" for product "Mac Os X"
--
Safe
Adobe
Search vendor "Adobe"
Flash Player
Search vendor "Adobe" for product "Flash Player"
16.0.0.235
Search vendor "Adobe" for product "Flash Player" and version "16.0.0.235"
-
Affected
in Microsoft
Search vendor "Microsoft"
Windows
Search vendor "Microsoft" for product "Windows"
--
Safe
Adobe
Search vendor "Adobe"
Flash Player
Search vendor "Adobe" for product "Flash Player"
16.0.0.257
Search vendor "Adobe" for product "Flash Player" and version "16.0.0.257"
-
Affected
in Apple
Search vendor "Apple"
Mac Os X
Search vendor "Apple" for product "Mac Os X"
--
Safe
Adobe
Search vendor "Adobe"
Flash Player
Search vendor "Adobe" for product "Flash Player"
16.0.0.257
Search vendor "Adobe" for product "Flash Player" and version "16.0.0.257"
-
Affected
in Microsoft
Search vendor "Microsoft"
Windows
Search vendor "Microsoft" for product "Windows"
--
Safe
Adobe
Search vendor "Adobe"
Flash Player
Search vendor "Adobe" for product "Flash Player"
16.0.0.287
Search vendor "Adobe" for product "Flash Player" and version "16.0.0.287"
-
Affected
in Apple
Search vendor "Apple"
Mac Os X
Search vendor "Apple" for product "Mac Os X"
--
Safe
Adobe
Search vendor "Adobe"
Flash Player
Search vendor "Adobe" for product "Flash Player"
16.0.0.287
Search vendor "Adobe" for product "Flash Player" and version "16.0.0.287"
-
Affected
in Microsoft
Search vendor "Microsoft"
Windows
Search vendor "Microsoft" for product "Windows"
--
Safe
Adobe
Search vendor "Adobe"
Flash Player
Search vendor "Adobe" for product "Flash Player"
16.0.0.296
Search vendor "Adobe" for product "Flash Player" and version "16.0.0.296"
-
Affected
in Apple
Search vendor "Apple"
Mac Os X
Search vendor "Apple" for product "Mac Os X"
--
Safe
Adobe
Search vendor "Adobe"
Flash Player
Search vendor "Adobe" for product "Flash Player"
16.0.0.296
Search vendor "Adobe" for product "Flash Player" and version "16.0.0.296"
-
Affected
in Microsoft
Search vendor "Microsoft"
Windows
Search vendor "Microsoft" for product "Windows"
--
Safe