CVE-2015-0310

moderate-risk
Published 2015-01-23

Adobe Flash Player before 13.0.0.262 and 14.x through 16.x before 16.0.0.287 on Windows and OS X and before 11.2.202.438 on Linux does not properly restrict discovery of memory addresses, which allows attackers to bypass the ASLR protection mechanism on Windows, and have an unspecified impact on other platforms, via unknown vectors, as exploited in the wild in January 2015.

Do I need to act?

!
10.1% chance of exploitation in next 30 days
EPSS score — higher than 90% of all CVEs
!
CISA KEV: actively exploited in the wild
On the Known Exploited Vulnerabilities catalog — federal agencies must patch
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.8/10 High
LOCAL / LOW complexity

Affected Products (1)

Affected Vendors

Adobe

References (18)

Patch http://helpx.adobe.com/security/products/flash-player/apsb15-02.html
Broken Link http://secunia.com/advisories/62452
Broken Link http://secunia.com/advisories/62601
Broken Link http://secunia.com/advisories/62660
Broken Link http://secunia.com/advisories/62740
Third Party Advisory http://security.gentoo.org/glsa/glsa-201502-02.xml
Broken Link http://www.securityfocus.com/bid/72261
Broken Link http://www.securitytracker.com/id/1031609
Patch http://helpx.adobe.com/security/products/flash-player/apsb15-02.html
Broken Link http://secunia.com/advisories/62452
Broken Link http://secunia.com/advisories/62601
Broken Link http://secunia.com/advisories/62660
Broken Link http://secunia.com/advisories/62740
Third Party Advisory http://security.gentoo.org/glsa/glsa-201502-02.xml
Broken Link http://www.securityfocus.com/bid/72261
Broken Link http://www.securitytracker.com/id/1031609
Issue Tracking https://github.com/cisagov/vulnrichment/issues/196
US Government Resource https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2015-...
47
/ 100
moderate-risk
Severity 24/34 · High
Exploitability 18/34 · Moderate
Exposure 5/34 · Minimal