CVE-2015-0317
flash-plugin: multiple code execution flaws (APSB15-04)
Severity Score
Exploit Likelihood
Affected Versions
31Public Exploits
0Exploited in Wild
-Decision
Descriptions
Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows attackers to execute arbitrary code by leveraging an unspecified "type confusion," a different vulnerability than CVE-2015-0319.
Adobe Flash Player anterior a 13.0.0.269 y 14.x hasta 16.x anterior a 16.0.0.305 en Windows y OS X y anterior a 11.2.202.442 en Linux permite a atacantes ejecutar código arbitrario mediante el aprovechamiento de una 'confusión de tipos' manipulada, una vulnerabilidad diferente a CVE-2015-0319.
The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities are detailed in the Adobe Security Bulletin APSB15-04 listed in the References section. Multiple flaws were found in the way flash-plugin displayed certain SWF content. An attacker could use these flaws to create a specially crafted SWF file that would cause flash-plugin to crash or, potentially, execute arbitrary code when the victim loaded a page containing the malicious SWF content.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2014-12-01 CVE Reserved
- 2015-02-06 CVE Published
- 2024-08-06 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (16)
| URL | Date | SRC |
|---|