// For flags

CVE-2015-8420

Adobe Flash TextField.sharpness Setter - Use-After-Free

Severity Score

10.0
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

1
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Vulnerabilidad de uso después de liberación de memoria en Adobe Flash Player en versiones anteriores a 18.0.0.268 y 19.x y 20.x en versiones anteriores a 20.0.0.228 en Windows y OS X y en versiones anteriores a 11.2.202.554 en Linux, Adobe AIR en versiones anteriores a 20.0.0.204, Adobe AIR SDK en versiones anteriores a 20.0.0.204 y Adobe AIR SDK & Compiler en versiones anteriores a 20.0.0.204 permite a atacantes ejecutar código arbitrario a través de vectores no especificados, una vulnerabilidad diferente a CVE-2015-8048, CVE-2015-8049, CVE-2015-8050, CVE-2015-8055, CVE-2015-8056, CVE-2015-8057, CVE-2015-8058, CVE-2015-8059, CVE-2015-8061, CVE-2015-8062, CVE-2015-8063, CVE-2015-8064, CVE-2015-8065, CVE-2015-8066, CVE-2015-8067, CVE-2015-8068, CVE-2015-8069, CVE-2015-8070, CVE-2015-8071, CVE-2015-8401, CVE-2015-8402, CVE-2015-8403, CVE-2015-8404, CVE-2015-8405, CVE-2015-8406, CVE-2015-8410, CVE-2015-8411, CVE-2015-8412, CVE-2015-8413, CVE-2015-8414, CVE-2015-8421, CVE-2015-8422, CVE-2015-8423, CVE-2015-8424, CVE-2015-8425, CVE-2015-8426, CVE-2015-8427, CVE-2015-8428, CVE-2015-8429, CVE-2015-8430, CVE-2015-8431 , CVE-2015-8432, CVE-2015-8433, CVE-2015-8434, CVE-2015-8435, CVE-2015-8436, CVE-2015-8437, CVE-2015-8441, CVE-2015-8442, CVE-2015-8447, CVE-2015-8448, CVE-2015-8449, CVE-2015-8450, CVE-2015-8452 y CVE-2015-8454.

There is a use-after-free in the TextField sharpness setter. If the sharpness parameter is an object with valueOf set to a function which frees the TextField parent, it is used after it is freed.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Complete
Integrity
Complete
Availability
Complete
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2015-12-02 CVE Reserved
  • 2015-12-10 CVE Published
  • 2024-08-06 CVE Updated
  • 2024-08-06 First Exploit
  • 2024-08-16 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Adobe
Search vendor "Adobe"
Flash Player
Search vendor "Adobe" for product "Flash Player"
<= 18.0.0.261
Search vendor "Adobe" for product "Flash Player" and version " <= 18.0.0.261"
-
Affected
in Apple
Search vendor "Apple"
Mac Os X
Search vendor "Apple" for product "Mac Os X"
*-
Safe
Adobe
Search vendor "Adobe"
Flash Player
Search vendor "Adobe" for product "Flash Player"
<= 18.0.0.261
Search vendor "Adobe" for product "Flash Player" and version " <= 18.0.0.261"
-
Affected
in Microsoft
Search vendor "Microsoft"
Windows
Search vendor "Microsoft" for product "Windows"
*-
Safe
Adobe
Search vendor "Adobe"
Flash Player
Search vendor "Adobe" for product "Flash Player"
19.0.0.185
Search vendor "Adobe" for product "Flash Player" and version "19.0.0.185"
-
Affected
in Apple
Search vendor "Apple"
Mac Os X
Search vendor "Apple" for product "Mac Os X"
*-
Safe
Adobe
Search vendor "Adobe"
Flash Player
Search vendor "Adobe" for product "Flash Player"
19.0.0.185
Search vendor "Adobe" for product "Flash Player" and version "19.0.0.185"
-
Affected
in Microsoft
Search vendor "Microsoft"
Windows
Search vendor "Microsoft" for product "Windows"
*-
Safe
Adobe
Search vendor "Adobe"
Flash Player
Search vendor "Adobe" for product "Flash Player"
19.0.0.207
Search vendor "Adobe" for product "Flash Player" and version "19.0.0.207"
-
Affected
in Apple
Search vendor "Apple"
Mac Os X
Search vendor "Apple" for product "Mac Os X"
*-
Safe
Adobe
Search vendor "Adobe"
Flash Player
Search vendor "Adobe" for product "Flash Player"
19.0.0.207
Search vendor "Adobe" for product "Flash Player" and version "19.0.0.207"
-
Affected
in Microsoft
Search vendor "Microsoft"
Windows
Search vendor "Microsoft" for product "Windows"
*-
Safe
Adobe
Search vendor "Adobe"
Flash Player
Search vendor "Adobe" for product "Flash Player"
19.0.0.226
Search vendor "Adobe" for product "Flash Player" and version "19.0.0.226"
-
Affected
in Apple
Search vendor "Apple"
Mac Os X
Search vendor "Apple" for product "Mac Os X"
*-
Safe
Adobe
Search vendor "Adobe"
Flash Player
Search vendor "Adobe" for product "Flash Player"
19.0.0.226
Search vendor "Adobe" for product "Flash Player" and version "19.0.0.226"
-
Affected
in Microsoft
Search vendor "Microsoft"
Windows
Search vendor "Microsoft" for product "Windows"
*-
Safe
Adobe
Search vendor "Adobe"
Flash Player
Search vendor "Adobe" for product "Flash Player"
19.0.0.245
Search vendor "Adobe" for product "Flash Player" and version "19.0.0.245"
-
Affected
in Apple
Search vendor "Apple"
Mac Os X
Search vendor "Apple" for product "Mac Os X"
*-
Safe
Adobe
Search vendor "Adobe"
Flash Player
Search vendor "Adobe" for product "Flash Player"
19.0.0.245
Search vendor "Adobe" for product "Flash Player" and version "19.0.0.245"
-
Affected
in Microsoft
Search vendor "Microsoft"
Windows
Search vendor "Microsoft" for product "Windows"
*-
Safe
Adobe
Search vendor "Adobe"
Flash Player
Search vendor "Adobe" for product "Flash Player"
<= 11.2.202.548
Search vendor "Adobe" for product "Flash Player" and version " <= 11.2.202.548"
-
Affected
in Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
*-
Safe
Adobe
Search vendor "Adobe"
Air
Search vendor "Adobe" for product "Air"
<= 19.0.0.241
Search vendor "Adobe" for product "Air" and version " <= 19.0.0.241"
-
Affected
in Apple
Search vendor "Apple"
Mac Os X
Search vendor "Apple" for product "Mac Os X"
*-
Safe
Adobe
Search vendor "Adobe"
Air
Search vendor "Adobe" for product "Air"
<= 19.0.0.241
Search vendor "Adobe" for product "Air" and version " <= 19.0.0.241"
-
Affected
in Microsoft
Search vendor "Microsoft"
Windows
Search vendor "Microsoft" for product "Windows"
*-
Safe
Adobe
Search vendor "Adobe"
Air Sdk
Search vendor "Adobe" for product "Air Sdk"
<= 19.0.0.241
Search vendor "Adobe" for product "Air Sdk" and version " <= 19.0.0.241"
-
Affected
in Apple
Search vendor "Apple"
Iphone Os
Search vendor "Apple" for product "Iphone Os"
*-
Safe
Adobe
Search vendor "Adobe"
Air Sdk
Search vendor "Adobe" for product "Air Sdk"
<= 19.0.0.241
Search vendor "Adobe" for product "Air Sdk" and version " <= 19.0.0.241"
-
Affected
in Apple
Search vendor "Apple"
Mac Os X
Search vendor "Apple" for product "Mac Os X"
*-
Safe
Adobe
Search vendor "Adobe"
Air Sdk
Search vendor "Adobe" for product "Air Sdk"
<= 19.0.0.241
Search vendor "Adobe" for product "Air Sdk" and version " <= 19.0.0.241"
-
Affected
in Google
Search vendor "Google"
Android
Search vendor "Google" for product "Android"
*-
Safe
Adobe
Search vendor "Adobe"
Air Sdk
Search vendor "Adobe" for product "Air Sdk"
<= 19.0.0.241
Search vendor "Adobe" for product "Air Sdk" and version " <= 19.0.0.241"
-
Affected
in Microsoft
Search vendor "Microsoft"
Windows
Search vendor "Microsoft" for product "Windows"
*-
Safe
Adobe
Search vendor "Adobe"
Air Sdk \& Compiler
Search vendor "Adobe" for product "Air Sdk \& Compiler"
<= 19.0.0.241
Search vendor "Adobe" for product "Air Sdk \& Compiler" and version " <= 19.0.0.241"
-
Affected
in Apple
Search vendor "Apple"
Iphone Os
Search vendor "Apple" for product "Iphone Os"
*-
Safe
Adobe
Search vendor "Adobe"
Air Sdk \& Compiler
Search vendor "Adobe" for product "Air Sdk \& Compiler"
<= 19.0.0.241
Search vendor "Adobe" for product "Air Sdk \& Compiler" and version " <= 19.0.0.241"
-
Affected
in Apple
Search vendor "Apple"
Mac Os X
Search vendor "Apple" for product "Mac Os X"
*-
Safe
Adobe
Search vendor "Adobe"
Air Sdk \& Compiler
Search vendor "Adobe" for product "Air Sdk \& Compiler"
<= 19.0.0.241
Search vendor "Adobe" for product "Air Sdk \& Compiler" and version " <= 19.0.0.241"
-
Affected
in Google
Search vendor "Google"
Android
Search vendor "Google" for product "Android"
*-
Safe
Adobe
Search vendor "Adobe"
Air Sdk \& Compiler
Search vendor "Adobe" for product "Air Sdk \& Compiler"
<= 19.0.0.241
Search vendor "Adobe" for product "Air Sdk \& Compiler" and version " <= 19.0.0.241"
-
Affected
in Microsoft
Search vendor "Microsoft"
Windows
Search vendor "Microsoft" for product "Windows"
*-
Safe