CVE-2015-8651

critical-risk

Published 2015-12-28

Integer overflow in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR SDK before 20.0.0.233, and Adobe AIR SDK & Compiler before 20.0.0.233 allows attackers to execute arbitrary code via unspecified vectors.

Do I need to act?

89.0% chance of exploitation in next 30 days

EPSS score — higher than 11% of all CVEs

CISA KEV: actively exploited in the wild

On the Known Exploited Vulnerabilities catalog — federal agencies must patch

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 8.8/10 High

NETWORK / LOW complexity

Affected Products (20)

Air Sdk \& Compiler

Flash Player

Air

Enterprise Linux Desktop

Enterprise Linux Server

Enterprise Linux Workstation

Evergreen

Opensuse

Linux Enterprise Desktop

Insight Control

Matrix Operating Environment

Systems Insight Manager

Version Control Repository Manager

Air Sdk

Enterprise Linux Desktop

Enterprise Linux Server

Enterprise Linux Workstation

Opensuse

Linux Enterprise Desktop

Affected Vendors

Adobe Suse Opensuse Hp Redhat

References (25)

Mailing List http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00045.html

Mailing List http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00046.html

Mailing List http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00047.html

Mailing List http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00048.html

Third Party Advisory http://rhn.redhat.com/errata/RHSA-2015-2697.html

Broken Link http://www.securityfocus.com/bid/79705

Broken Link http://www.securitytracker.com/id/1034544

Third Party Advisory https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c...

Not Applicable https://helpx.adobe.com/security/products/flash-player/apsb16-01.html

Third Party Advisory https://security.gentoo.org/glsa/201601-03

Mailing List http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00045.html

Mailing List http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00046.html

Mailing List http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00047.html

Mailing List http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00048.html

Third Party Advisory http://rhn.redhat.com/errata/RHSA-2015-2697.html

Broken Link http://www.securityfocus.com/bid/79705

Broken Link http://www.securitytracker.com/id/1034544

Third Party Advisory https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c...

and 5 more references

/ 100

critical-risk

Severity 30/34 · Critical

Exploitability 27/34 · High

Exposure 21/34 · High