CVE-2015-3043

critical-risk

Published 2015-04-14

Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, as exploited in the wild in April 2015, a different vulnerability than CVE-2015-0347, CVE-2015-0350, CVE-2015-0352, CVE-2015-0353, CVE-2015-0354, CVE-2015-0355, CVE-2015-0360, CVE-2015-3038, CVE-2015-3041, and CVE-2015-3042.

Do I need to act?

87.4% chance of exploitation in next 30 days

EPSS score — higher than 13% of all CVEs

CISA KEV: actively exploited in the wild

On the Known Exploited Vulnerabilities catalog — federal agencies must patch

1 public exploit available

37536

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 9.8/10 Critical

NETWORK / LOW complexity

Affected Products (17)

Flash Player

Suse Linux Enterprise Desktop

Suse Linux Enterprise Workstation Extension

Evergreen

Opensuse

Enterprise Linux Desktop

Enterprise Linux Server

Enterprise Linux Server Aus

Enterprise Linux Server From Rhui

Enterprise Linux Workstation

Suse Linux Enterprise Desktop

Opensuse

Enterprise Linux Desktop

Enterprise Linux Eus

Enterprise Linux Server

Enterprise Linux Workstation

Affected Vendors

Novell Adobe Opensuse Redhat

References (22)

Mailing List http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00010.html

Mailing List http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00011.html

Mailing List http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00012.html

Mailing List http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00013.html

Third Party Advisory http://rhn.redhat.com/errata/RHSA-2015-0813.html

Broken Link http://www.securityfocus.com/bid/74062

Broken Link http://www.securitytracker.com/id/1032105

Broken Link https://helpx.adobe.com/security/products/flash-player/apsb15-06.html

Third Party Advisory https://security.gentoo.org/glsa/201504-07

Exploit https://www.exploit-db.com/exploits/37536/

Mailing List http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00010.html

Mailing List http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00011.html

Mailing List http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00012.html

Mailing List http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00013.html

Third Party Advisory http://rhn.redhat.com/errata/RHSA-2015-0813.html

Broken Link http://www.securityfocus.com/bid/74062

Broken Link http://www.securitytracker.com/id/1032105

Broken Link https://helpx.adobe.com/security/products/flash-player/apsb15-06.html

Third Party Advisory https://security.gentoo.org/glsa/201504-07

Exploit https://www.exploit-db.com/exploits/37536/

and 2 more references

/ 100

critical-risk

Severity 32/34 · Critical

Exploitability 34/34 · Critical

Exposure 19/34 · Moderate