CVE-2015-3085

Adobe Flash Player BrokerCreateFile Broker Method Path Traversal Sandbox Escape Vulnerability

Severity Score

6.4

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188 on Windows and OS X and before 11.2.202.460 on Linux, Adobe AIR before 17.0.0.172, Adobe AIR SDK before 17.0.0.172, and Adobe AIR SDK & Compiler before 17.0.0.172 allow remote attackers to bypass intended restrictions on filesystem write operations via unspecified vectors, a different vulnerability than CVE-2015-3082 and CVE-2015-3083.

Adobe Flash Player anterior a 13.0.0.289 y 14.x hasta 17.x anterior a 17.0.0.188 en Windows y OS X y anterior a 11.2.202.460 en Linux, Adobe AIR anterior a 17.0.0.172, Adobe AIR SDK anterior a 17.0.0.172, y Adobe AIR SDK & Compiler anterior a 17.0.0.172 permiten a atacantes remotos evadir las restricciones sobre las operaciones de escritura en sistemas de ficheros a través de vectores no especificados, una vulnerabilidad diferente a CVE-2015-3082 y CVE-2015-3083.

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the BrokerCreateFile method. An attacker can force BrokerCreateFile to traverse the path of the output file, allowing the file to be written anywhere on disk. An attacker can leverage this vulnerability to execute code at medium integrity.

*Credits: Nicolas Joly

CVSS Scores

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

None

Integrity

Partial

Availability

Partial

Attack Vector

Network

Attack Complexity

Medium

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

Partial

Attack Vector

Local

Attack Complexity

Medium

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2015-04-09 CVE Reserved
2015-05-12 CVE Published
2023-03-07 EPSS Updated
2024-08-06 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-264: Permissions, Privileges, and Access Controls

CAPEC

References (11)

URL	Tag	Source
http://www.securityfocus.com/bid/74610	Vdb Entry
http://www.securitytracker.com/id/1032285	Vdb Entry
http://www.zerodayinitiative.com/advisories/ZDI-15-216	X_refsource_misc

URL	Date	SRC

URL	Date	SRC
https://helpx.adobe.com/security/products/flash-player/apsb15-09.html	2017-01-03

URL	Date	SRC
http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00007.html	2017-01-03
http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00010.html	2017-01-03
http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00016.html	2017-01-03
http://rhn.redhat.com/errata/RHSA-2015-1005.html	2017-01-03
https://security.gentoo.org/glsa/201505-02	2017-01-03
https://access.redhat.com/security/cve/CVE-2015-3085	2015-05-13
https://bugzilla.redhat.com/show_bug.cgi?id=1221037	2015-05-13

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Adobe Search vendor "Adobe"	Flash Player Search vendor "Adobe" for product "Flash Player"	<= 13.0.0.264 Search vendor "Adobe" for product "Flash Player" and version " <= 13.0.0.264"	-	Affected	in	Apple Search vendor "Apple"	Mac Os X Search vendor "Apple" for product "Mac Os X"	-	-	Safe
Adobe Search vendor "Adobe"	Flash Player Search vendor "Adobe" for product "Flash Player"	<= 13.0.0.264 Search vendor "Adobe" for product "Flash Player" and version " <= 13.0.0.264"	-	Affected	in	Microsoft Search vendor "Microsoft"	Windows Search vendor "Microsoft" for product "Windows"	-	-	Safe
Adobe Search vendor "Adobe"	Flash Player Search vendor "Adobe" for product "Flash Player"	14.0.0.125 Search vendor "Adobe" for product "Flash Player" and version "14.0.0.125"	-	Affected	in	Apple Search vendor "Apple"	Mac Os X Search vendor "Apple" for product "Mac Os X"	-	-	Safe
Adobe Search vendor "Adobe"	Flash Player Search vendor "Adobe" for product "Flash Player"	14.0.0.125 Search vendor "Adobe" for product "Flash Player" and version "14.0.0.125"	-	Affected	in	Microsoft Search vendor "Microsoft"	Windows Search vendor "Microsoft" for product "Windows"	-	-	Safe
Adobe Search vendor "Adobe"	Flash Player Search vendor "Adobe" for product "Flash Player"	14.0.0.145 Search vendor "Adobe" for product "Flash Player" and version "14.0.0.145"	-	Affected	in	Apple Search vendor "Apple"	Mac Os X Search vendor "Apple" for product "Mac Os X"	-	-	Safe
Adobe Search vendor "Adobe"	Flash Player Search vendor "Adobe" for product "Flash Player"	14.0.0.145 Search vendor "Adobe" for product "Flash Player" and version "14.0.0.145"	-	Affected	in	Microsoft Search vendor "Microsoft"	Windows Search vendor "Microsoft" for product "Windows"	-	-	Safe
Adobe Search vendor "Adobe"	Flash Player Search vendor "Adobe" for product "Flash Player"	14.0.0.176 Search vendor "Adobe" for product "Flash Player" and version "14.0.0.176"	-	Affected	in	Apple Search vendor "Apple"	Mac Os X Search vendor "Apple" for product "Mac Os X"	-	-	Safe
Adobe Search vendor "Adobe"	Flash Player Search vendor "Adobe" for product "Flash Player"	14.0.0.176 Search vendor "Adobe" for product "Flash Player" and version "14.0.0.176"	-	Affected	in	Microsoft Search vendor "Microsoft"	Windows Search vendor "Microsoft" for product "Windows"	-	-	Safe
Adobe Search vendor "Adobe"	Flash Player Search vendor "Adobe" for product "Flash Player"	14.0.0.179 Search vendor "Adobe" for product "Flash Player" and version "14.0.0.179"	-	Affected	in	Apple Search vendor "Apple"	Mac Os X Search vendor "Apple" for product "Mac Os X"	-	-	Safe
Adobe Search vendor "Adobe"	Flash Player Search vendor "Adobe" for product "Flash Player"	14.0.0.179 Search vendor "Adobe" for product "Flash Player" and version "14.0.0.179"	-	Affected	in	Microsoft Search vendor "Microsoft"	Windows Search vendor "Microsoft" for product "Windows"	-	-	Safe
Adobe Search vendor "Adobe"	Flash Player Search vendor "Adobe" for product "Flash Player"	15.0.0.152 Search vendor "Adobe" for product "Flash Player" and version "15.0.0.152"	-	Affected	in	Apple Search vendor "Apple"	Mac Os X Search vendor "Apple" for product "Mac Os X"	-	-	Safe
Adobe Search vendor "Adobe"	Flash Player Search vendor "Adobe" for product "Flash Player"	15.0.0.152 Search vendor "Adobe" for product "Flash Player" and version "15.0.0.152"	-	Affected	in	Microsoft Search vendor "Microsoft"	Windows Search vendor "Microsoft" for product "Windows"	-	-	Safe
Adobe Search vendor "Adobe"	Flash Player Search vendor "Adobe" for product "Flash Player"	15.0.0.167 Search vendor "Adobe" for product "Flash Player" and version "15.0.0.167"	-	Affected	in	Apple Search vendor "Apple"	Mac Os X Search vendor "Apple" for product "Mac Os X"	-	-	Safe
Adobe Search vendor "Adobe"	Flash Player Search vendor "Adobe" for product "Flash Player"	15.0.0.167 Search vendor "Adobe" for product "Flash Player" and version "15.0.0.167"	-	Affected	in	Microsoft Search vendor "Microsoft"	Windows Search vendor "Microsoft" for product "Windows"	-	-	Safe
Adobe Search vendor "Adobe"	Flash Player Search vendor "Adobe" for product "Flash Player"	15.0.0.189 Search vendor "Adobe" for product "Flash Player" and version "15.0.0.189"	-	Affected	in	Apple Search vendor "Apple"	Mac Os X Search vendor "Apple" for product "Mac Os X"	-	-	Safe
Adobe Search vendor "Adobe"	Flash Player Search vendor "Adobe" for product "Flash Player"	15.0.0.189 Search vendor "Adobe" for product "Flash Player" and version "15.0.0.189"	-	Affected	in	Microsoft Search vendor "Microsoft"	Windows Search vendor "Microsoft" for product "Windows"	-	-	Safe
Adobe Search vendor "Adobe"	Flash Player Search vendor "Adobe" for product "Flash Player"	15.0.0.223 Search vendor "Adobe" for product "Flash Player" and version "15.0.0.223"	-	Affected	in	Apple Search vendor "Apple"	Mac Os X Search vendor "Apple" for product "Mac Os X"	-	-	Safe
Adobe Search vendor "Adobe"	Flash Player Search vendor "Adobe" for product "Flash Player"	15.0.0.223 Search vendor "Adobe" for product "Flash Player" and version "15.0.0.223"	-	Affected	in	Microsoft Search vendor "Microsoft"	Windows Search vendor "Microsoft" for product "Windows"	-	-	Safe
Adobe Search vendor "Adobe"	Flash Player Search vendor "Adobe" for product "Flash Player"	15.0.0.239 Search vendor "Adobe" for product "Flash Player" and version "15.0.0.239"	-	Affected	in	Apple Search vendor "Apple"	Mac Os X Search vendor "Apple" for product "Mac Os X"	-	-	Safe
Adobe Search vendor "Adobe"	Flash Player Search vendor "Adobe" for product "Flash Player"	15.0.0.239 Search vendor "Adobe" for product "Flash Player" and version "15.0.0.239"	-	Affected	in	Microsoft Search vendor "Microsoft"	Windows Search vendor "Microsoft" for product "Windows"	-	-	Safe
Adobe Search vendor "Adobe"	Flash Player Search vendor "Adobe" for product "Flash Player"	15.0.0.246 Search vendor "Adobe" for product "Flash Player" and version "15.0.0.246"	-	Affected	in	Apple Search vendor "Apple"	Mac Os X Search vendor "Apple" for product "Mac Os X"	-	-	Safe
Adobe Search vendor "Adobe"	Flash Player Search vendor "Adobe" for product "Flash Player"	15.0.0.246 Search vendor "Adobe" for product "Flash Player" and version "15.0.0.246"	-	Affected	in	Microsoft Search vendor "Microsoft"	Windows Search vendor "Microsoft" for product "Windows"	-	-	Safe
Adobe Search vendor "Adobe"	Flash Player Search vendor "Adobe" for product "Flash Player"	16.0.0.235 Search vendor "Adobe" for product "Flash Player" and version "16.0.0.235"	-	Affected	in	Apple Search vendor "Apple"	Mac Os X Search vendor "Apple" for product "Mac Os X"	-	-	Safe
Adobe Search vendor "Adobe"	Flash Player Search vendor "Adobe" for product "Flash Player"	16.0.0.235 Search vendor "Adobe" for product "Flash Player" and version "16.0.0.235"	-	Affected	in	Microsoft Search vendor "Microsoft"	Windows Search vendor "Microsoft" for product "Windows"	-	-	Safe
Adobe Search vendor "Adobe"	Flash Player Search vendor "Adobe" for product "Flash Player"	16.0.0.257 Search vendor "Adobe" for product "Flash Player" and version "16.0.0.257"	-	Affected	in	Apple Search vendor "Apple"	Mac Os X Search vendor "Apple" for product "Mac Os X"	-	-	Safe
Adobe Search vendor "Adobe"	Flash Player Search vendor "Adobe" for product "Flash Player"	16.0.0.257 Search vendor "Adobe" for product "Flash Player" and version "16.0.0.257"	-	Affected	in	Microsoft Search vendor "Microsoft"	Windows Search vendor "Microsoft" for product "Windows"	-	-	Safe
Adobe Search vendor "Adobe"	Flash Player Search vendor "Adobe" for product "Flash Player"	16.0.0.287 Search vendor "Adobe" for product "Flash Player" and version "16.0.0.287"	-	Affected	in	Apple Search vendor "Apple"	Mac Os X Search vendor "Apple" for product "Mac Os X"	-	-	Safe
Adobe Search vendor "Adobe"	Flash Player Search vendor "Adobe" for product "Flash Player"	16.0.0.287 Search vendor "Adobe" for product "Flash Player" and version "16.0.0.287"	-	Affected	in	Microsoft Search vendor "Microsoft"	Windows Search vendor "Microsoft" for product "Windows"	-	-	Safe
Adobe Search vendor "Adobe"	Flash Player Search vendor "Adobe" for product "Flash Player"	16.0.0.296 Search vendor "Adobe" for product "Flash Player" and version "16.0.0.296"	-	Affected	in	Apple Search vendor "Apple"	Mac Os X Search vendor "Apple" for product "Mac Os X"	-	-	Safe
Adobe Search vendor "Adobe"	Flash Player Search vendor "Adobe" for product "Flash Player"	16.0.0.296 Search vendor "Adobe" for product "Flash Player" and version "16.0.0.296"	-	Affected	in	Microsoft Search vendor "Microsoft"	Windows Search vendor "Microsoft" for product "Windows"	-	-	Safe
Adobe Search vendor "Adobe"	Flash Player Search vendor "Adobe" for product "Flash Player"	17.0.0.134 Search vendor "Adobe" for product "Flash Player" and version "17.0.0.134"	-	Affected	in	Apple Search vendor "Apple"	Mac Os X Search vendor "Apple" for product "Mac Os X"	-	-	Safe
Adobe Search vendor "Adobe"	Flash Player Search vendor "Adobe" for product "Flash Player"	17.0.0.134 Search vendor "Adobe" for product "Flash Player" and version "17.0.0.134"	-	Affected	in	Microsoft Search vendor "Microsoft"	Windows Search vendor "Microsoft" for product "Windows"	-	-	Safe
Adobe Search vendor "Adobe"	Flash Player Search vendor "Adobe" for product "Flash Player"	17.0.0.169 Search vendor "Adobe" for product "Flash Player" and version "17.0.0.169"	-	Affected	in	Apple Search vendor "Apple"	Mac Os X Search vendor "Apple" for product "Mac Os X"	-	-	Safe
Adobe Search vendor "Adobe"	Flash Player Search vendor "Adobe" for product "Flash Player"	17.0.0.169 Search vendor "Adobe" for product "Flash Player" and version "17.0.0.169"	-	Affected	in	Microsoft Search vendor "Microsoft"	Windows Search vendor "Microsoft" for product "Windows"	-	-	Safe
Adobe Search vendor "Adobe"	Flash Player Search vendor "Adobe" for product "Flash Player"	<= 11.2.202.475 Search vendor "Adobe" for product "Flash Player" and version " <= 11.2.202.475"	-	Affected	in	Linux Search vendor "Linux"	Linux Kernel Search vendor "Linux" for product "Linux Kernel"	-	-	Safe
Adobe Search vendor "Adobe"		Air Search vendor "Adobe" for product "Air"				<= 17.0.0.144 Search vendor "Adobe" for product "Air" and version " <= 17.0.0.144"		-		Affected
Adobe Search vendor "Adobe"		Air Sdk Search vendor "Adobe" for product "Air Sdk"				<= 17.0.0.144 Search vendor "Adobe" for product "Air Sdk" and version " <= 17.0.0.144"		-		Affected
Adobe Search vendor "Adobe"		Air Sdk \& Compiler Search vendor "Adobe" for product "Air Sdk \& Compiler"				<= 17.0.0.144 Search vendor "Adobe" for product "Air Sdk \& Compiler" and version " <= 17.0.0.144"		-		Affected