// For flags

CVE-2015-3040

flash-plugin: information leaks leading to ASLR bypass (APSB15-06)

Severity Score

5.0
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux does not properly restrict discovery of memory addresses, which allows attackers to bypass the ASLR protection mechanism via unspecified vectors, a different vulnerability than CVE-2015-0357.

Adobe Flash Player anterior a 13.0.0.281 y 14.x hasta 17.x anterior a 17.0.0.169 en Windows y OS X y anterior a 11.2.202.457 en Linux no restringe correctamente el descubrimiento de direcciones de la memoria, lo que permite a atacantes evadir el mecanismo de protección ASLR en Windows a través de vectores no especificados, una vulnerabilidad diferente a CVE-2015-0357.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Partial
Integrity
None
Availability
None
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
Partial
Integrity
None
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2015-04-09 CVE Reserved
  • 2015-04-14 CVE Published
  • 2023-03-07 EPSS Updated
  • 2024-08-06 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Adobe
Search vendor "Adobe"
Flash Player
Search vendor "Adobe" for product "Flash Player"
<= 11.2.202.451
Search vendor "Adobe" for product "Flash Player" and version " <= 11.2.202.451"
-
Affected
in Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
--
Safe
Adobe
Search vendor "Adobe"
Flash Player
Search vendor "Adobe" for product "Flash Player"
<= 13.0.0.264
Search vendor "Adobe" for product "Flash Player" and version " <= 13.0.0.264"
-
Affected
in Apple
Search vendor "Apple"
Mac Os X
Search vendor "Apple" for product "Mac Os X"
--
Safe
Adobe
Search vendor "Adobe"
Flash Player
Search vendor "Adobe" for product "Flash Player"
<= 13.0.0.264
Search vendor "Adobe" for product "Flash Player" and version " <= 13.0.0.264"
-
Affected
in Microsoft
Search vendor "Microsoft"
Windows
Search vendor "Microsoft" for product "Windows"
--
Safe
Adobe
Search vendor "Adobe"
Flash Player
Search vendor "Adobe" for product "Flash Player"
14.0.0.125
Search vendor "Adobe" for product "Flash Player" and version "14.0.0.125"
-
Affected
in Apple
Search vendor "Apple"
Mac Os X
Search vendor "Apple" for product "Mac Os X"
--
Safe
Adobe
Search vendor "Adobe"
Flash Player
Search vendor "Adobe" for product "Flash Player"
14.0.0.125
Search vendor "Adobe" for product "Flash Player" and version "14.0.0.125"
-
Affected
in Microsoft
Search vendor "Microsoft"
Windows
Search vendor "Microsoft" for product "Windows"
--
Safe
Adobe
Search vendor "Adobe"
Flash Player
Search vendor "Adobe" for product "Flash Player"
14.0.0.145
Search vendor "Adobe" for product "Flash Player" and version "14.0.0.145"
-
Affected
in Apple
Search vendor "Apple"
Mac Os X
Search vendor "Apple" for product "Mac Os X"
--
Safe
Adobe
Search vendor "Adobe"
Flash Player
Search vendor "Adobe" for product "Flash Player"
14.0.0.145
Search vendor "Adobe" for product "Flash Player" and version "14.0.0.145"
-
Affected
in Microsoft
Search vendor "Microsoft"
Windows
Search vendor "Microsoft" for product "Windows"
--
Safe
Adobe
Search vendor "Adobe"
Flash Player
Search vendor "Adobe" for product "Flash Player"
14.0.0.176
Search vendor "Adobe" for product "Flash Player" and version "14.0.0.176"
-
Affected
in Apple
Search vendor "Apple"
Mac Os X
Search vendor "Apple" for product "Mac Os X"
--
Safe
Adobe
Search vendor "Adobe"
Flash Player
Search vendor "Adobe" for product "Flash Player"
14.0.0.176
Search vendor "Adobe" for product "Flash Player" and version "14.0.0.176"
-
Affected
in Microsoft
Search vendor "Microsoft"
Windows
Search vendor "Microsoft" for product "Windows"
--
Safe
Adobe
Search vendor "Adobe"
Flash Player
Search vendor "Adobe" for product "Flash Player"
14.0.0.179
Search vendor "Adobe" for product "Flash Player" and version "14.0.0.179"
-
Affected
in Apple
Search vendor "Apple"
Mac Os X
Search vendor "Apple" for product "Mac Os X"
--
Safe
Adobe
Search vendor "Adobe"
Flash Player
Search vendor "Adobe" for product "Flash Player"
14.0.0.179
Search vendor "Adobe" for product "Flash Player" and version "14.0.0.179"
-
Affected
in Microsoft
Search vendor "Microsoft"
Windows
Search vendor "Microsoft" for product "Windows"
--
Safe
Adobe
Search vendor "Adobe"
Flash Player
Search vendor "Adobe" for product "Flash Player"
15.0.0.152
Search vendor "Adobe" for product "Flash Player" and version "15.0.0.152"
-
Affected
in Apple
Search vendor "Apple"
Mac Os X
Search vendor "Apple" for product "Mac Os X"
--
Safe
Adobe
Search vendor "Adobe"
Flash Player
Search vendor "Adobe" for product "Flash Player"
15.0.0.152
Search vendor "Adobe" for product "Flash Player" and version "15.0.0.152"
-
Affected
in Microsoft
Search vendor "Microsoft"
Windows
Search vendor "Microsoft" for product "Windows"
--
Safe
Adobe
Search vendor "Adobe"
Flash Player
Search vendor "Adobe" for product "Flash Player"
15.0.0.167
Search vendor "Adobe" for product "Flash Player" and version "15.0.0.167"
-
Affected
in Apple
Search vendor "Apple"
Mac Os X
Search vendor "Apple" for product "Mac Os X"
--
Safe
Adobe
Search vendor "Adobe"
Flash Player
Search vendor "Adobe" for product "Flash Player"
15.0.0.167
Search vendor "Adobe" for product "Flash Player" and version "15.0.0.167"
-
Affected
in Microsoft
Search vendor "Microsoft"
Windows
Search vendor "Microsoft" for product "Windows"
--
Safe
Adobe
Search vendor "Adobe"
Flash Player
Search vendor "Adobe" for product "Flash Player"
15.0.0.189
Search vendor "Adobe" for product "Flash Player" and version "15.0.0.189"
-
Affected
in Apple
Search vendor "Apple"
Mac Os X
Search vendor "Apple" for product "Mac Os X"
--
Safe
Adobe
Search vendor "Adobe"
Flash Player
Search vendor "Adobe" for product "Flash Player"
15.0.0.189
Search vendor "Adobe" for product "Flash Player" and version "15.0.0.189"
-
Affected
in Microsoft
Search vendor "Microsoft"
Windows
Search vendor "Microsoft" for product "Windows"
--
Safe
Adobe
Search vendor "Adobe"
Flash Player
Search vendor "Adobe" for product "Flash Player"
15.0.0.223
Search vendor "Adobe" for product "Flash Player" and version "15.0.0.223"
-
Affected
in Apple
Search vendor "Apple"
Mac Os X
Search vendor "Apple" for product "Mac Os X"
--
Safe
Adobe
Search vendor "Adobe"
Flash Player
Search vendor "Adobe" for product "Flash Player"
15.0.0.223
Search vendor "Adobe" for product "Flash Player" and version "15.0.0.223"
-
Affected
in Microsoft
Search vendor "Microsoft"
Windows
Search vendor "Microsoft" for product "Windows"
--
Safe
Adobe
Search vendor "Adobe"
Flash Player
Search vendor "Adobe" for product "Flash Player"
15.0.0.239
Search vendor "Adobe" for product "Flash Player" and version "15.0.0.239"
-
Affected
in Apple
Search vendor "Apple"
Mac Os X
Search vendor "Apple" for product "Mac Os X"
--
Safe
Adobe
Search vendor "Adobe"
Flash Player
Search vendor "Adobe" for product "Flash Player"
15.0.0.239
Search vendor "Adobe" for product "Flash Player" and version "15.0.0.239"
-
Affected
in Microsoft
Search vendor "Microsoft"
Windows
Search vendor "Microsoft" for product "Windows"
--
Safe
Adobe
Search vendor "Adobe"
Flash Player
Search vendor "Adobe" for product "Flash Player"
15.0.0.246
Search vendor "Adobe" for product "Flash Player" and version "15.0.0.246"
-
Affected
in Apple
Search vendor "Apple"
Mac Os X
Search vendor "Apple" for product "Mac Os X"
--
Safe
Adobe
Search vendor "Adobe"
Flash Player
Search vendor "Adobe" for product "Flash Player"
15.0.0.246
Search vendor "Adobe" for product "Flash Player" and version "15.0.0.246"
-
Affected
in Microsoft
Search vendor "Microsoft"
Windows
Search vendor "Microsoft" for product "Windows"
--
Safe
Adobe
Search vendor "Adobe"
Flash Player
Search vendor "Adobe" for product "Flash Player"
16.0.0.235
Search vendor "Adobe" for product "Flash Player" and version "16.0.0.235"
-
Affected
in Apple
Search vendor "Apple"
Mac Os X
Search vendor "Apple" for product "Mac Os X"
--
Safe
Adobe
Search vendor "Adobe"
Flash Player
Search vendor "Adobe" for product "Flash Player"
16.0.0.235
Search vendor "Adobe" for product "Flash Player" and version "16.0.0.235"
-
Affected
in Microsoft
Search vendor "Microsoft"
Windows
Search vendor "Microsoft" for product "Windows"
--
Safe
Adobe
Search vendor "Adobe"
Flash Player
Search vendor "Adobe" for product "Flash Player"
16.0.0.257
Search vendor "Adobe" for product "Flash Player" and version "16.0.0.257"
-
Affected
in Apple
Search vendor "Apple"
Mac Os X
Search vendor "Apple" for product "Mac Os X"
--
Safe
Adobe
Search vendor "Adobe"
Flash Player
Search vendor "Adobe" for product "Flash Player"
16.0.0.257
Search vendor "Adobe" for product "Flash Player" and version "16.0.0.257"
-
Affected
in Microsoft
Search vendor "Microsoft"
Windows
Search vendor "Microsoft" for product "Windows"
--
Safe
Adobe
Search vendor "Adobe"
Flash Player
Search vendor "Adobe" for product "Flash Player"
16.0.0.287
Search vendor "Adobe" for product "Flash Player" and version "16.0.0.287"
-
Affected
in Apple
Search vendor "Apple"
Mac Os X
Search vendor "Apple" for product "Mac Os X"
--
Safe
Adobe
Search vendor "Adobe"
Flash Player
Search vendor "Adobe" for product "Flash Player"
16.0.0.287
Search vendor "Adobe" for product "Flash Player" and version "16.0.0.287"
-
Affected
in Microsoft
Search vendor "Microsoft"
Windows
Search vendor "Microsoft" for product "Windows"
--
Safe
Adobe
Search vendor "Adobe"
Flash Player
Search vendor "Adobe" for product "Flash Player"
16.0.0.296
Search vendor "Adobe" for product "Flash Player" and version "16.0.0.296"
-
Affected
in Apple
Search vendor "Apple"
Mac Os X
Search vendor "Apple" for product "Mac Os X"
--
Safe
Adobe
Search vendor "Adobe"
Flash Player
Search vendor "Adobe" for product "Flash Player"
16.0.0.296
Search vendor "Adobe" for product "Flash Player" and version "16.0.0.296"
-
Affected
in Microsoft
Search vendor "Microsoft"
Windows
Search vendor "Microsoft" for product "Windows"
--
Safe
Adobe
Search vendor "Adobe"
Flash Player
Search vendor "Adobe" for product "Flash Player"
17.0.0.134
Search vendor "Adobe" for product "Flash Player" and version "17.0.0.134"
-
Affected
in Apple
Search vendor "Apple"
Mac Os X
Search vendor "Apple" for product "Mac Os X"
--
Safe
Adobe
Search vendor "Adobe"
Flash Player
Search vendor "Adobe" for product "Flash Player"
17.0.0.134
Search vendor "Adobe" for product "Flash Player" and version "17.0.0.134"
-
Affected
in Microsoft
Search vendor "Microsoft"
Windows
Search vendor "Microsoft" for product "Windows"
--
Safe
Redhat
Search vendor "Redhat"
Enterprise Linux Desktop Supplementary
Search vendor "Redhat" for product "Enterprise Linux Desktop Supplementary"
5.0
Search vendor "Redhat" for product "Enterprise Linux Desktop Supplementary" and version "5.0"
-
Affected
Redhat
Search vendor "Redhat"
Enterprise Linux Desktop Supplementary
Search vendor "Redhat" for product "Enterprise Linux Desktop Supplementary"
6.0
Search vendor "Redhat" for product "Enterprise Linux Desktop Supplementary" and version "6.0"
-
Affected
Redhat
Search vendor "Redhat"
Enterprise Linux Server Supplementary
Search vendor "Redhat" for product "Enterprise Linux Server Supplementary"
5.0
Search vendor "Redhat" for product "Enterprise Linux Server Supplementary" and version "5.0"
-
Affected
Redhat
Search vendor "Redhat"
Enterprise Linux Server Supplementary
Search vendor "Redhat" for product "Enterprise Linux Server Supplementary"
6.0
Search vendor "Redhat" for product "Enterprise Linux Server Supplementary" and version "6.0"
-
Affected
Redhat
Search vendor "Redhat"
Enterprise Linux Server Supplementary Eus
Search vendor "Redhat" for product "Enterprise Linux Server Supplementary Eus"
6.6.z
Search vendor "Redhat" for product "Enterprise Linux Server Supplementary Eus" and version "6.6.z"
-
Affected
Redhat
Search vendor "Redhat"
Enterprise Linux Workstation Supplementary
Search vendor "Redhat" for product "Enterprise Linux Workstation Supplementary"
6.0
Search vendor "Redhat" for product "Enterprise Linux Workstation Supplementary" and version "6.0"
-
Affected
Opensuse
Search vendor "Opensuse"
Opensuse
Search vendor "Opensuse" for product "Opensuse"
13.1
Search vendor "Opensuse" for product "Opensuse" and version "13.1"
-
Affected
Opensuse
Search vendor "Opensuse"
Opensuse
Search vendor "Opensuse" for product "Opensuse"
13.2
Search vendor "Opensuse" for product "Opensuse" and version "13.2"
-
Affected
Suse
Search vendor "Suse"
Suse Linux Enterprise Desktop
Search vendor "Suse" for product "Suse Linux Enterprise Desktop"
11.0
Search vendor "Suse" for product "Suse Linux Enterprise Desktop" and version "11.0"
sp3
Affected
Suse
Search vendor "Suse"
Suse Linux Enterprise Desktop
Search vendor "Suse" for product "Suse Linux Enterprise Desktop"
12.0
Search vendor "Suse" for product "Suse Linux Enterprise Desktop" and version "12.0"
-
Affected
Suse
Search vendor "Suse"
Suse Linux Workstation Extension
Search vendor "Suse" for product "Suse Linux Workstation Extension"
12.0
Search vendor "Suse" for product "Suse Linux Workstation Extension" and version "12.0"
-
Affected