// For flags

CVE-2015-0349

Adobe Flash Player AS3 ConvolutionFilter Use-After-Free Remote Code Execution Vulnerability

Severity Score

10.0
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Use-after-free vulnerability in Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-0351, CVE-2015-0358, and CVE-2015-3039.

Vulnerabilidad de uso después de liberación en Adobe Flash Player anterior a 13.0.0.281 y 14.x hasta 17.x anterior a 17.0.0.169 en Windows y OS X y anterior a 11.2.202.457 en Linux permite a atacantes ejecutar código arbitrario a través de vectores no especificados, una vulnerabilidad diferente a CVE-2015-0351, CVE-2015-0358, y CVE-2015-3039.

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the processing of AS3 ConvolutionFilter objects. By manipulating the matrix property of a ConvolutionFilter object, an attacker can force a dangling pointer to be reused after it has been freed. An attacker can leverage this vulnerability to execute code under the context of the current process.

*Credits: Nicolas Joly
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Complete
Integrity
Complete
Availability
Complete
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2014-12-01 CVE Reserved
  • 2015-04-14 CVE Published
  • 2024-08-06 CVE Updated
  • 2024-10-08 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Adobe
Search vendor "Adobe"
Flash Player
Search vendor "Adobe" for product "Flash Player"
<= 13.0.0.264
Search vendor "Adobe" for product "Flash Player" and version " <= 13.0.0.264"
-
Affected
in Apple
Search vendor "Apple"
Mac Os X
Search vendor "Apple" for product "Mac Os X"
--
Safe
Adobe
Search vendor "Adobe"
Flash Player
Search vendor "Adobe" for product "Flash Player"
<= 13.0.0.264
Search vendor "Adobe" for product "Flash Player" and version " <= 13.0.0.264"
-
Affected
in Microsoft
Search vendor "Microsoft"
Windows
Search vendor "Microsoft" for product "Windows"
--
Safe
Adobe
Search vendor "Adobe"
Flash Player
Search vendor "Adobe" for product "Flash Player"
14.0.0.125
Search vendor "Adobe" for product "Flash Player" and version "14.0.0.125"
-
Affected
in Apple
Search vendor "Apple"
Mac Os X
Search vendor "Apple" for product "Mac Os X"
--
Safe
Adobe
Search vendor "Adobe"
Flash Player
Search vendor "Adobe" for product "Flash Player"
14.0.0.125
Search vendor "Adobe" for product "Flash Player" and version "14.0.0.125"
-
Affected
in Microsoft
Search vendor "Microsoft"
Windows
Search vendor "Microsoft" for product "Windows"
--
Safe
Adobe
Search vendor "Adobe"
Flash Player
Search vendor "Adobe" for product "Flash Player"
14.0.0.145
Search vendor "Adobe" for product "Flash Player" and version "14.0.0.145"
-
Affected
in Apple
Search vendor "Apple"
Mac Os X
Search vendor "Apple" for product "Mac Os X"
--
Safe
Adobe
Search vendor "Adobe"
Flash Player
Search vendor "Adobe" for product "Flash Player"
14.0.0.145
Search vendor "Adobe" for product "Flash Player" and version "14.0.0.145"
-
Affected
in Microsoft
Search vendor "Microsoft"
Windows
Search vendor "Microsoft" for product "Windows"
--
Safe
Adobe
Search vendor "Adobe"
Flash Player
Search vendor "Adobe" for product "Flash Player"
14.0.0.176
Search vendor "Adobe" for product "Flash Player" and version "14.0.0.176"
-
Affected
in Apple
Search vendor "Apple"
Mac Os X
Search vendor "Apple" for product "Mac Os X"
--
Safe
Adobe
Search vendor "Adobe"
Flash Player
Search vendor "Adobe" for product "Flash Player"
14.0.0.176
Search vendor "Adobe" for product "Flash Player" and version "14.0.0.176"
-
Affected
in Microsoft
Search vendor "Microsoft"
Windows
Search vendor "Microsoft" for product "Windows"
--
Safe
Adobe
Search vendor "Adobe"
Flash Player
Search vendor "Adobe" for product "Flash Player"
14.0.0.179
Search vendor "Adobe" for product "Flash Player" and version "14.0.0.179"
-
Affected
in Apple
Search vendor "Apple"
Mac Os X
Search vendor "Apple" for product "Mac Os X"
--
Safe
Adobe
Search vendor "Adobe"
Flash Player
Search vendor "Adobe" for product "Flash Player"
14.0.0.179
Search vendor "Adobe" for product "Flash Player" and version "14.0.0.179"
-
Affected
in Microsoft
Search vendor "Microsoft"
Windows
Search vendor "Microsoft" for product "Windows"
--
Safe
Adobe
Search vendor "Adobe"
Flash Player
Search vendor "Adobe" for product "Flash Player"
15.0.0.152
Search vendor "Adobe" for product "Flash Player" and version "15.0.0.152"
-
Affected
in Apple
Search vendor "Apple"
Mac Os X
Search vendor "Apple" for product "Mac Os X"
--
Safe
Adobe
Search vendor "Adobe"
Flash Player
Search vendor "Adobe" for product "Flash Player"
15.0.0.152
Search vendor "Adobe" for product "Flash Player" and version "15.0.0.152"
-
Affected
in Microsoft
Search vendor "Microsoft"
Windows
Search vendor "Microsoft" for product "Windows"
--
Safe
Adobe
Search vendor "Adobe"
Flash Player
Search vendor "Adobe" for product "Flash Player"
15.0.0.167
Search vendor "Adobe" for product "Flash Player" and version "15.0.0.167"
-
Affected
in Apple
Search vendor "Apple"
Mac Os X
Search vendor "Apple" for product "Mac Os X"
--
Safe
Adobe
Search vendor "Adobe"
Flash Player
Search vendor "Adobe" for product "Flash Player"
15.0.0.167
Search vendor "Adobe" for product "Flash Player" and version "15.0.0.167"
-
Affected
in Microsoft
Search vendor "Microsoft"
Windows
Search vendor "Microsoft" for product "Windows"
--
Safe
Adobe
Search vendor "Adobe"
Flash Player
Search vendor "Adobe" for product "Flash Player"
15.0.0.189
Search vendor "Adobe" for product "Flash Player" and version "15.0.0.189"
-
Affected
in Apple
Search vendor "Apple"
Mac Os X
Search vendor "Apple" for product "Mac Os X"
--
Safe
Adobe
Search vendor "Adobe"
Flash Player
Search vendor "Adobe" for product "Flash Player"
15.0.0.189
Search vendor "Adobe" for product "Flash Player" and version "15.0.0.189"
-
Affected
in Microsoft
Search vendor "Microsoft"
Windows
Search vendor "Microsoft" for product "Windows"
--
Safe
Adobe
Search vendor "Adobe"
Flash Player
Search vendor "Adobe" for product "Flash Player"
15.0.0.223
Search vendor "Adobe" for product "Flash Player" and version "15.0.0.223"
-
Affected
in Apple
Search vendor "Apple"
Mac Os X
Search vendor "Apple" for product "Mac Os X"
--
Safe
Adobe
Search vendor "Adobe"
Flash Player
Search vendor "Adobe" for product "Flash Player"
15.0.0.223
Search vendor "Adobe" for product "Flash Player" and version "15.0.0.223"
-
Affected
in Microsoft
Search vendor "Microsoft"
Windows
Search vendor "Microsoft" for product "Windows"
--
Safe
Adobe
Search vendor "Adobe"
Flash Player
Search vendor "Adobe" for product "Flash Player"
15.0.0.239
Search vendor "Adobe" for product "Flash Player" and version "15.0.0.239"
-
Affected
in Apple
Search vendor "Apple"
Mac Os X
Search vendor "Apple" for product "Mac Os X"
--
Safe
Adobe
Search vendor "Adobe"
Flash Player
Search vendor "Adobe" for product "Flash Player"
15.0.0.239
Search vendor "Adobe" for product "Flash Player" and version "15.0.0.239"
-
Affected
in Microsoft
Search vendor "Microsoft"
Windows
Search vendor "Microsoft" for product "Windows"
--
Safe
Adobe
Search vendor "Adobe"
Flash Player
Search vendor "Adobe" for product "Flash Player"
15.0.0.246
Search vendor "Adobe" for product "Flash Player" and version "15.0.0.246"
-
Affected
in Apple
Search vendor "Apple"
Mac Os X
Search vendor "Apple" for product "Mac Os X"
--
Safe
Adobe
Search vendor "Adobe"
Flash Player
Search vendor "Adobe" for product "Flash Player"
15.0.0.246
Search vendor "Adobe" for product "Flash Player" and version "15.0.0.246"
-
Affected
in Microsoft
Search vendor "Microsoft"
Windows
Search vendor "Microsoft" for product "Windows"
--
Safe
Adobe
Search vendor "Adobe"
Flash Player
Search vendor "Adobe" for product "Flash Player"
16.0.0.235
Search vendor "Adobe" for product "Flash Player" and version "16.0.0.235"
-
Affected
in Apple
Search vendor "Apple"
Mac Os X
Search vendor "Apple" for product "Mac Os X"
--
Safe
Adobe
Search vendor "Adobe"
Flash Player
Search vendor "Adobe" for product "Flash Player"
16.0.0.235
Search vendor "Adobe" for product "Flash Player" and version "16.0.0.235"
-
Affected
in Microsoft
Search vendor "Microsoft"
Windows
Search vendor "Microsoft" for product "Windows"
--
Safe
Adobe
Search vendor "Adobe"
Flash Player
Search vendor "Adobe" for product "Flash Player"
16.0.0.257
Search vendor "Adobe" for product "Flash Player" and version "16.0.0.257"
-
Affected
in Apple
Search vendor "Apple"
Mac Os X
Search vendor "Apple" for product "Mac Os X"
--
Safe
Adobe
Search vendor "Adobe"
Flash Player
Search vendor "Adobe" for product "Flash Player"
16.0.0.257
Search vendor "Adobe" for product "Flash Player" and version "16.0.0.257"
-
Affected
in Microsoft
Search vendor "Microsoft"
Windows
Search vendor "Microsoft" for product "Windows"
--
Safe
Adobe
Search vendor "Adobe"
Flash Player
Search vendor "Adobe" for product "Flash Player"
16.0.0.287
Search vendor "Adobe" for product "Flash Player" and version "16.0.0.287"
-
Affected
in Apple
Search vendor "Apple"
Mac Os X
Search vendor "Apple" for product "Mac Os X"
--
Safe
Adobe
Search vendor "Adobe"
Flash Player
Search vendor "Adobe" for product "Flash Player"
16.0.0.287
Search vendor "Adobe" for product "Flash Player" and version "16.0.0.287"
-
Affected
in Microsoft
Search vendor "Microsoft"
Windows
Search vendor "Microsoft" for product "Windows"
--
Safe
Adobe
Search vendor "Adobe"
Flash Player
Search vendor "Adobe" for product "Flash Player"
16.0.0.296
Search vendor "Adobe" for product "Flash Player" and version "16.0.0.296"
-
Affected
in Apple
Search vendor "Apple"
Mac Os X
Search vendor "Apple" for product "Mac Os X"
--
Safe
Adobe
Search vendor "Adobe"
Flash Player
Search vendor "Adobe" for product "Flash Player"
16.0.0.296
Search vendor "Adobe" for product "Flash Player" and version "16.0.0.296"
-
Affected
in Microsoft
Search vendor "Microsoft"
Windows
Search vendor "Microsoft" for product "Windows"
--
Safe
Adobe
Search vendor "Adobe"
Flash Player
Search vendor "Adobe" for product "Flash Player"
17.0.0.134
Search vendor "Adobe" for product "Flash Player" and version "17.0.0.134"
-
Affected
in Apple
Search vendor "Apple"
Mac Os X
Search vendor "Apple" for product "Mac Os X"
--
Safe
Adobe
Search vendor "Adobe"
Flash Player
Search vendor "Adobe" for product "Flash Player"
17.0.0.134
Search vendor "Adobe" for product "Flash Player" and version "17.0.0.134"
-
Affected
in Microsoft
Search vendor "Microsoft"
Windows
Search vendor "Microsoft" for product "Windows"
--
Safe
Adobe
Search vendor "Adobe"
Flash Player
Search vendor "Adobe" for product "Flash Player"
<= 11.2.202.451
Search vendor "Adobe" for product "Flash Player" and version " <= 11.2.202.451"
-
Affected
in Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
--
Safe
Redhat
Search vendor "Redhat"
Enterprise Linux Desktop Supplementary
Search vendor "Redhat" for product "Enterprise Linux Desktop Supplementary"
5.0
Search vendor "Redhat" for product "Enterprise Linux Desktop Supplementary" and version "5.0"
-
Affected
Redhat
Search vendor "Redhat"
Enterprise Linux Desktop Supplementary
Search vendor "Redhat" for product "Enterprise Linux Desktop Supplementary"
6.0
Search vendor "Redhat" for product "Enterprise Linux Desktop Supplementary" and version "6.0"
-
Affected
Redhat
Search vendor "Redhat"
Enterprise Linux Server Supplementary
Search vendor "Redhat" for product "Enterprise Linux Server Supplementary"
5.0
Search vendor "Redhat" for product "Enterprise Linux Server Supplementary" and version "5.0"
-
Affected
Redhat
Search vendor "Redhat"
Enterprise Linux Server Supplementary
Search vendor "Redhat" for product "Enterprise Linux Server Supplementary"
6.0
Search vendor "Redhat" for product "Enterprise Linux Server Supplementary" and version "6.0"
-
Affected
Redhat
Search vendor "Redhat"
Enterprise Linux Server Supplementary Eus
Search vendor "Redhat" for product "Enterprise Linux Server Supplementary Eus"
6.6.z
Search vendor "Redhat" for product "Enterprise Linux Server Supplementary Eus" and version "6.6.z"
-
Affected
Redhat
Search vendor "Redhat"
Enterprise Linux Workstation Supplementary
Search vendor "Redhat" for product "Enterprise Linux Workstation Supplementary"
6.0
Search vendor "Redhat" for product "Enterprise Linux Workstation Supplementary" and version "6.0"
-
Affected
Opensuse
Search vendor "Opensuse"
Opensuse
Search vendor "Opensuse" for product "Opensuse"
13.1
Search vendor "Opensuse" for product "Opensuse" and version "13.1"
-
Affected
Opensuse
Search vendor "Opensuse"
Opensuse
Search vendor "Opensuse" for product "Opensuse"
13.2
Search vendor "Opensuse" for product "Opensuse" and version "13.2"
-
Affected
Suse
Search vendor "Suse"
Suse Linux Enterprise Desktop
Search vendor "Suse" for product "Suse Linux Enterprise Desktop"
11.0
Search vendor "Suse" for product "Suse Linux Enterprise Desktop" and version "11.0"
sp3
Affected
Suse
Search vendor "Suse"
Suse Linux Enterprise Desktop
Search vendor "Suse" for product "Suse Linux Enterprise Desktop"
12.0
Search vendor "Suse" for product "Suse Linux Enterprise Desktop" and version "12.0"
-
Affected
Suse
Search vendor "Suse"
Suse Linux Workstation Extension
Search vendor "Suse" for product "Suse Linux Workstation Extension"
12.0
Search vendor "Suse" for product "Suse Linux Workstation Extension" and version "12.0"
-
Affected