CVE-2015-0310

Confirmed PUBLISHED

Adobe Flash Player before 13.0.0.262 and 14.x through 16.x before 16.0.0.287 on Windows and OS X and before 11.2.202.438 on Linux does not properly...

Adobe · Flash Player
Exploited in the wild

Recommended Action

Prioritize remediation. Validate affected assets and apply vendor fixes on an accelerated timeline.

Confidence
Confirmed
Exploitation Status
Exploited in the wild
Observed in Sensors
No
Attempts (30d)
Unique Attacker IPs
CISA KEV
In CISA KEV
CVSS / EPSS
7.8 High

At a Glance

Adobe Flash Player before 13.0.0.262 and 14.x through 16.x before 16.0.0.287 on Windows and OS X and before 11.2.202.438 on Linux does not properly restrict discovery of memory addresses, which allows attackers to bypass the ASLR protection mechanism on Windows, and have an unspecified impact on other platforms, via unknown vectors, as exploited in the wild in January 2015.

windows linux cisa
CVE Published
Jan 23, 2015
Exploitation Reported
May 25, 2022
CVSS
7.8 High
EPSS
Low complexity Unauthenticated

Affected Versions

Vendor Product Version Status
n/a
n/a

n/a

Affected

CVE References

  • GLSA-201502-02 security.gentoo.org · Vendor Advisory http://security.gentoo.org/glsa/glsa-201502-02.xml
  • 62660 secunia.com · Third-Party Advisory http://secunia.com/advisories/62660
  • 62740 secunia.com · Third-Party Advisory http://secunia.com/advisories/62740
  • 62452 secunia.com · Third-Party Advisory http://secunia.com/advisories/62452
  • 62601 secunia.com · Third-Party Advisory http://secunia.com/advisories/62601
Show 3 more references

Recommended Actions

  • Prioritize remediation. Validate affected assets and apply vendor fixes on an accelerated timeline.
  • Use the Pro API to automate enrichment, telemetry, and workflow delivery for VM, SOC, and CTI pipelines.