CVE-2015-0311 - Vulnerability Details

Unspecified vulnerability in Adobe Flash Player through 13.0.0.262 and 14.x, 15.x, and 16.x through 16.0.0.287 on Windows and OS X and through 11.2.202.438 on Linux allows remote attackers to execute arbitrary code via unknown vectors, as exploited in the wild in January 2015.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:L/Au:N/C:C/I:C/A:C

This CVE is in the KEV database since April 13, 2022.

Exploitation active

Automatable yes

Technical Impact total

Vendors	Products
Adobe	Flash Player
Apple	Mac Os X
Linux	Linux Kernel
Microsoft	Edge Internet Explorer Windows Windows 10 1507 Windows 8 Windows 8.1 Windows Rt Windows Rt 8.1 Windows Server 2012
Redhat	Rhel Extras
Suse	Linux Enterprise Desktop Linux Enterprise Workstation Extension

Configuration 1 [-]

AND

cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

OR	cpe:2.3:a:adobe:flash_player::::::::
	cpe:2.3:a:adobe:flash_player::::::::

OR	cpe:2.3:o:apple:mac_os_x:-:::::::*
	cpe:2.3:o:microsoft:windows:-:::::::*

Configuration 3 [-]

OR	cpe:2.3:o:suse:linux_enterprise_desktop:11:sp3::::::
	cpe:2.3:o:suse:linux_enterprise_desktop:12:-::::::
	cpe:2.3:o:suse:linux_enterprise_workstation_extension:12:-::::::

Configuration 4 [-]

AND

cpe:2.3:a:microsoft:internet_explorer:10:*:*:*:*:*:*:*

OR	cpe:2.3:o:microsoft:windows_8:-:::::::*
	cpe:2.3:o:microsoft:windows_rt:-:::::::*
	cpe:2.3:o:microsoft:windows_server_2012:-:::::::*

Configuration 5 [-]

AND

cpe:2.3:a:microsoft:internet_explorer:11:-:*:*:*:*:*:*

OR	cpe:2.3:o:microsoft:windows_10_1507:-:::::::*
	cpe:2.3:o:microsoft:windows_8.1:-:::::::*
	cpe:2.3:o:microsoft:windows_rt_8.1:-:::::::*
	cpe:2.3:o:microsoft:windows_server_2012:r2:::::::*

Configuration 6 [-]

AND

cpe:2.3:a:microsoft:edge:-:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_10_1507:-:*:*:*:*:*:*:*

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 5 Supplementary
flash-plugin-0:11.2.202.440-1.el5	cpe:/a:redhat:rhel_extras:5	RHSA-2015:0094	2015-01-27T00:00:00Z
Supplementary for Red Hat Enterprise Linux 6
flash-plugin-0:11.2.202.440-1.el6	cpe:/a:redhat:rhel_extras:6	RHSA-2015:0094	2015-01-27T00:00:00Z

References

Link	Providers
http://helpx.adobe.com/security/products/flash-player/apsa15-01.html
http://helpx.adobe.com/security/products/flash-player/apsb15-03.html
http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00027.html
http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00031.html
http://malware.dontneedcoffee.com/2015/01/unpatched-vulnerability-0day-in-flash.html
http://secunia.com/advisories/62432
http://secunia.com/advisories/62543
http://secunia.com/advisories/62650
http://secunia.com/advisories/62660
http://secunia.com/advisories/62740
http://security.gentoo.org/glsa/glsa-201502-02.xml
http://www.securityfocus.com/bid/72283
http://www.securitytracker.com/id/1031597
https://helpx.adobe.com/security/products/flash-player/apsa15-01.html
https://helpx.adobe.com/security/products/flash-player/apsb15-03.html
https://nvd.nist.gov/vuln/detail/CVE-2015-0311
https://technet.microsoft.com/library/security/2755801
https://www.cisa.gov/known-exploited-vulnerabilities-catalog
https://www.cve.org/CVERecord?id=CVE-2015-0311

History

Tue, 04 Feb 2025 22:15:00 +0000

Type	Values Removed	Values Added
Metrics		kev `{'dateAdded': '2022-04-13'}` ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'active', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Wed, 14 Aug 2024 00:00:00 +0000

Type	Values Removed	Values Added
References		https://www.cisa.gov/known-exploited-vulnerabilities-catalog

MITRE

Status: PUBLISHED

Assigner: adobe

Published: 2015-01-23T21:00:00.000Z

Updated: 2025-02-04T21:58:49.941Z

Reserved: 2014-12-01T00:00:00.000Z

Link: CVE-2015-0311

Vulnrichment

Updated: 2024-08-06T04:03:10.995Z

NVD

Status : Deferred

Published: 2015-01-23T21:59:04.897

Modified: 2025-04-12T10:46:40.837

Link: CVE-2015-0311

Redhat

Severity : Critical

Publid Date: 2015-01-26T00:00:00Z

Links: CVE-2015-0311 - Bugzilla

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2015-01-22T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in Adobe Flash Player through 13.0.0.262 and 14.x, 15.x, and 16.x through 16.0.0.287 on Windows and OS X and through 11.2.202.438 on Linux allows remote attackers to execute arbitrary code via unknown vectors, as exploited in the wild in January 2015."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2015-02-12T14:57:01.000Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe"}, "references": [{"name": "GLSA-201502-02", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "http://security.gentoo.org/glsa/glsa-201502-02.xml"}, {"name": "62660", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/62660"}, {"name": "62740", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/62740"}, {"name": "62432", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/62432"}, {"name": "62650", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/62650"}, {"name": "SUSE-SU-2015:0163", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00031.html"}, {"name": "72283", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/72283"}, {"name": "62543", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/62543"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://technet.microsoft.com/library/security/2755801"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://helpx.adobe.com/security/products/flash-player/apsb15-03.html"}, {"name": "SUSE-SU-2015:0151", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00027.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://helpx.adobe.com/security/products/flash-player/apsa15-01.html"}, {"name": "1031597", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1031597"}, {"tags": ["x_refsource_MISC"], "url": "http://malware.dontneedcoffee.com/2015/01/unpatched-vulnerability-0day-in-flash.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@adobe.com", "ID": "CVE-2015-0311", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Unspecified vulnerability in Adobe Flash Player through 13.0.0.262 and 14.x, 15.x, and 16.x through 16.0.0.287 on Windows and OS X and through 11.2.202.438 on Linux allows remote attackers to execute arbitrary code via unknown vectors, as exploited in the wild in January 2015."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "GLSA-201502-02", "refsource": "GENTOO", "url": "http://security.gentoo.org/glsa/glsa-201502-02.xml"}, {"name": "62660", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/62660"}, {"name": "62740", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/62740"}, {"name": "62432", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/62432"}, {"name": "62650", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/62650"}, {"name": "SUSE-SU-2015:0163", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00031.html"}, {"name": "72283", "refsource": "BID", "url": "http://www.securityfocus.com/bid/72283"}, {"name": "62543", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/62543"}, {"name": "https://technet.microsoft.com/library/security/2755801", "refsource": "CONFIRM", "url": "https://technet.microsoft.com/library/security/2755801"}, {"name": "http://helpx.adobe.com/security/products/flash-player/apsb15-03.html", "refsource": "CONFIRM", "url": "http://helpx.adobe.com/security/products/flash-player/apsb15-03.html"}, {"name": "SUSE-SU-2015:0151", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00027.html"}, {"name": "http://helpx.adobe.com/security/products/flash-player/apsa15-01.html", "refsource": "CONFIRM", "url": "http://helpx.adobe.com/security/products/flash-player/apsa15-01.html"}, {"name": "1031597", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1031597"}, {"name": "http://malware.dontneedcoffee.com/2015/01/unpatched-vulnerability-0day-in-flash.html", "refsource": "MISC", "url": "http://malware.dontneedcoffee.com/2015/01/unpatched-vulnerability-0day-in-flash.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T04:03:10.995Z"}, "title": "CVE Program Container", "references": [{"name": "GLSA-201502-02", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "http://security.gentoo.org/glsa/glsa-201502-02.xml"}, {"name": "62660", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/62660"}, {"name": "62740", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/62740"}, {"name": "62432", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/62432"}, {"name": "62650", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/62650"}, {"name": "SUSE-SU-2015:0163", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00031.html"}, {"name": "72283", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/72283"}, {"name": "62543", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/62543"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://technet.microsoft.com/library/security/2755801"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://helpx.adobe.com/security/products/flash-player/apsb15-03.html"}, {"name": "SUSE-SU-2015:0151", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00027.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://helpx.adobe.com/security/products/flash-player/apsa15-01.html"}, {"name": "1031597", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1031597"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://malware.dontneedcoffee.com/2015/01/unpatched-vulnerability-0day-in-flash.html"}]}, {"problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-noinfo Not enough information"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-02-04T21:58:44.133081Z", "id": "CVE-2015-0311", "options": [{"Exploitation": "active"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}, {"other": {"type": "kev", "content": {"dateAdded": "2022-04-13", "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2015-0311"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-04T21:58:49.941Z"}}]}, "cveMetadata": {"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2015-0311", "datePublished": "2015-01-23T21:00:00.000Z", "dateReserved": "2014-12-01T00:00:00.000Z", "dateUpdated": "2025-02-04T21:58:49.941Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "http://security.gentoo.org/glsa/glsa-201502-02.xml", "name": "GLSA-201502-02", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"]}, {"url": "http://secunia.com/advisories/62660", "name": "62660", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"]}, {"url": "http://secunia.com/advisories/62740", "name": "62740", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"]}, {"url": "http://secunia.com/advisories/62432", "name": "62432", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"]}, {"url": "http://secunia.com/advisories/62650", "name": "62650", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"]}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00031.html", "name": "SUSE-SU-2015:0163", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"]}, {"url": "http://www.securityfocus.com/bid/72283", "name": "72283", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"]}, {"url": "http://secunia.com/advisories/62543", "name": "62543", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"]}, {"url": "https://technet.microsoft.com/library/security/2755801", "tags": ["x_refsource_CONFIRM", "x_transferred"]}, {"url": "http://helpx.adobe.com/security/products/flash-player/apsb15-03.html", "tags": ["x_refsource_CONFIRM", "x_transferred"]}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00027.html", "name": "SUSE-SU-2015:0151", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"]}, {"url": "http://helpx.adobe.com/security/products/flash-player/apsa15-01.html", "tags": ["x_refsource_CONFIRM", "x_transferred"]}, {"url": "http://www.securitytracker.com/id/1031597", "name": "1031597", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"]}, {"url": "http://malware.dontneedcoffee.com/2015/01/unpatched-vulnerability-0day-in-flash.html", "tags": ["x_refsource_MISC", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T04:03:10.995Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2015-0311", "role": "CISA Coordinator", "options": [{"Exploitation": "active"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-02-04T21:58:44.133081Z"}}}, {"other": {"type": "kev", "content": {"dateAdded": "2022-04-13", "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2015-0311"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "description": "CWE-noinfo Not enough information"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-04T21:58:34.250Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2015-01-22T00:00:00.000Z", "references": [{"url": "http://security.gentoo.org/glsa/glsa-201502-02.xml", "name": "GLSA-201502-02", "tags": ["vendor-advisory", "x_refsource_GENTOO"]}, {"url": "http://secunia.com/advisories/62660", "name": "62660", "tags": ["third-party-advisory", "x_refsource_SECUNIA"]}, {"url": "http://secunia.com/advisories/62740", "name": "62740", "tags": ["third-party-advisory", "x_refsource_SECUNIA"]}, {"url": "http://secunia.com/advisories/62432", "name": "62432", "tags": ["third-party-advisory", "x_refsource_SECUNIA"]}, {"url": "http://secunia.com/advisories/62650", "name": "62650", "tags": ["third-party-advisory", "x_refsource_SECUNIA"]}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00031.html", "name": "SUSE-SU-2015:0163", "tags": ["vendor-advisory", "x_refsource_SUSE"]}, {"url": "http://www.securityfocus.com/bid/72283", "name": "72283", "tags": ["vdb-entry", "x_refsource_BID"]}, {"url": "http://secunia.com/advisories/62543", "name": "62543", "tags": ["third-party-advisory", "x_refsource_SECUNIA"]}, {"url": "https://technet.microsoft.com/library/security/2755801", "tags": ["x_refsource_CONFIRM"]}, {"url": "http://helpx.adobe.com/security/products/flash-player/apsb15-03.html", "tags": ["x_refsource_CONFIRM"]}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00027.html", "name": "SUSE-SU-2015:0151", "tags": ["vendor-advisory", "x_refsource_SUSE"]}, {"url": "http://helpx.adobe.com/security/products/flash-player/apsa15-01.html", "tags": ["x_refsource_CONFIRM"]}, {"url": "http://www.securitytracker.com/id/1031597", "name": "1031597", "tags": ["vdb-entry", "x_refsource_SECTRACK"]}, {"url": "http://malware.dontneedcoffee.com/2015/01/unpatched-vulnerability-0day-in-flash.html", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in Adobe Flash Player through 13.0.0.262 and 14.x, 15.x, and 16.x through 16.0.0.287 on Windows and OS X and through 11.2.202.438 on Linux allows remote attackers to execute arbitrary code via unknown vectors, as exploited in the wild in January 2015."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe", "dateUpdated": "2015-02-12T14:57:01.000Z"}, "x_legacyV4Record": {"affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "n/a"}]}, "product_name": "n/a"}]}, "vendor_name": "n/a"}]}}, "data_type": "CVE", "references": {"reference_data": [{"url": "http://security.gentoo.org/glsa/glsa-201502-02.xml", "name": "GLSA-201502-02", "refsource": "GENTOO"}, {"url": "http://secunia.com/advisories/62660", "name": "62660", "refsource": "SECUNIA"}, {"url": "http://secunia.com/advisories/62740", "name": "62740", "refsource": "SECUNIA"}, {"url": "http://secunia.com/advisories/62432", "name": "62432", "refsource": "SECUNIA"}, {"url": "http://secunia.com/advisories/62650", "name": "62650", "refsource": "SECUNIA"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00031.html", "name": "SUSE-SU-2015:0163", "refsource": "SUSE"}, {"url": "http://www.securityfocus.com/bid/72283", "name": "72283", "refsource": "BID"}, {"url": "http://secunia.com/advisories/62543", "name": "62543", "refsource": "SECUNIA"}, {"url": "https://technet.microsoft.com/library/security/2755801", "name": "https://technet.microsoft.com/library/security/2755801", "refsource": "CONFIRM"}, {"url": "http://helpx.adobe.com/security/products/flash-player/apsb15-03.html", "name": "http://helpx.adobe.com/security/products/flash-player/apsb15-03.html", "refsource": "CONFIRM"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00027.html", "name": "SUSE-SU-2015:0151", "refsource": "SUSE"}, {"url": "http://helpx.adobe.com/security/products/flash-player/apsa15-01.html", "name": "http://helpx.adobe.com/security/products/flash-player/apsa15-01.html", "refsource": "CONFIRM"}, {"url": "http://www.securitytracker.com/id/1031597", "name": "1031597", "refsource": "SECTRACK"}, {"url": "http://malware.dontneedcoffee.com/2015/01/unpatched-vulnerability-0day-in-flash.html", "name": "http://malware.dontneedcoffee.com/2015/01/unpatched-vulnerability-0day-in-flash.html", "refsource": "MISC"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "eng", "value": "Unspecified vulnerability in Adobe Flash Player through 13.0.0.262 and 14.x, 15.x, and 16.x through 16.0.0.287 on Windows and OS X and through 11.2.202.438 on Linux allows remote attackers to execute arbitrary code via unknown vectors, as exploited in the wild in January 2015."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2015-0311", "STATE": "PUBLIC", "ASSIGNER": "psirt@adobe.com"}}}}, "cveMetadata": {"cveId": "CVE-2015-0311", "state": "PUBLISHED", "dateUpdated": "2025-02-04T21:58:49.941Z", "dateReserved": "2014-12-01T00:00:00.000Z", "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "datePublished": "2015-01-23T21:00:00.000Z", "assignerShortName": "adobe"}, "dataVersion": "5.1"}

{"cisaActionDue": "2022-05-04", "cisaExploitAdd": "2022-04-13", "cisaRequiredAction": "The impacted product is end-of-life and should be disconnected if still in use.", "cisaVulnerabilityName": "Adobe Flash Player Remote Code Execution Vulnerability", "configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*", "matchCriteriaId": "774569CC-7893-4712-9BAF-96F6C58F1F10", "versionEndIncluding": "11.2.202.438", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*", "matchCriteriaId": "04AE698A-9E64-42CA-AAFB-F72295C0BFE9", "versionEndIncluding": "13.0.0.262", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*", "matchCriteriaId": "4112453A-E2BA-4C22-AC5A-F186F953012B", "versionEndExcluding": "16.0.0.287", "versionStartIncluding": "14.0.0.125", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*", "matchCriteriaId": "4781BF1E-8A4E-4AFF-9540-23D523EE30DD", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:11:sp3:*:*:*:*:*:*", "matchCriteriaId": "3ED68ADD-BBDA-4485-BC76-58F011D72311", "vulnerable": true}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:12:-:*:*:*:*:*:*", "matchCriteriaId": "D2DF4815-B8CB-4AD3-B91D-2E09A8E318E9", "vulnerable": true}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_workstation_extension:12:-:*:*:*:*:*:*", "matchCriteriaId": "028ABA8F-4E7B-4CD0-B6FC-3A0941E254BA", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:internet_explorer:10:*:*:*:*:*:*:*", "matchCriteriaId": "D5808661-A082-4CBE-808C-B253972487B4", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows_8:-:*:*:*:*:*:*:*", "matchCriteriaId": "0D229E41-A971-4284-9657-16D78414B93F", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows_rt:-:*:*:*:*:*:*:*", "matchCriteriaId": "ABC7A32C-4A4A-4533-B42E-350E728ADFEB", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:internet_explorer:11:-:*:*:*:*:*:*", "matchCriteriaId": "D7809F78-8D56-4925-A8F9-4119B973A667", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows_10_1507:-:*:*:*:*:*:*:*", "matchCriteriaId": "542DAEEC-73CC-46C6-A630-BF474A3446AC", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "matchCriteriaId": "E93068DB-549B-45AB-8E5C-00EB5D8B5CF8", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "matchCriteriaId": "C6CE5198-C498-4672-AF4C-77AB4BE06C5C", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:edge:-:*:*:*:*:*:*:*", "matchCriteriaId": "77D197D7-57FB-4898-8C70-B19D5F0D5BE0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows_10_1507:-:*:*:*:*:*:*:*", "matchCriteriaId": "542DAEEC-73CC-46C6-A630-BF474A3446AC", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in Adobe Flash Player through 13.0.0.262 and 14.x, 15.x, and 16.x through 16.0.0.287 on Windows and OS X and through 11.2.202.438 on Linux allows remote attackers to execute arbitrary code via unknown vectors, as exploited in the wild in January 2015."}, {"lang": "es", "value": "Vulnerabilidad no especificada en Adobe Flash Player hasta 13.0.0.262 y 14.x, 15.x, y 16.x hasta 16.0.0.287 en Windows y OS X y hasta 11.2.202.438 en Linux permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de vectores desconocidos, tal y como fue utilizado activamente en enero del 2015."}], "id": "CVE-2015-0311", "lastModified": "2025-04-12T10:46:40.837", "metrics": {"cvssMetricV2": [{"acInsufInfo": true, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2015-01-23T21:59:04.897", "references": [{"source": "psirt@adobe.com", "tags": ["Vendor Advisory"], "url": "http://helpx.adobe.com/security/products/flash-player/apsa15-01.html"}, {"source": "psirt@adobe.com", "tags": ["Broken Link"], "url": "http://helpx.adobe.com/security/products/flash-player/apsb15-03.html"}, {"source": "psirt@adobe.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00027.html"}, {"source": "psirt@adobe.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00031.html"}, {"source": "psirt@adobe.com", "tags": ["Third Party Advisory"], "url": "http://malware.dontneedcoffee.com/2015/01/unpatched-vulnerability-0day-in-flash.html"}, {"source": "psirt@adobe.com", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/62432"}, {"source": "psirt@adobe.com", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/62543"}, {"source": "psirt@adobe.com", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/62650"}, {"source": "psirt@adobe.com", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/62660"}, {"source": "psirt@adobe.com", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/62740"}, {"source": "psirt@adobe.com", "tags": ["Third Party Advisory"], "url": "http://security.gentoo.org/glsa/glsa-201502-02.xml"}, {"source": "psirt@adobe.com", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/72283"}, {"source": "psirt@adobe.com", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1031597"}, {"source": "psirt@adobe.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://technet.microsoft.com/library/security/2755801"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://helpx.adobe.com/security/products/flash-player/apsa15-01.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://helpx.adobe.com/security/products/flash-player/apsb15-03.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00027.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00031.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://malware.dontneedcoffee.com/2015/01/unpatched-vulnerability-0day-in-flash.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/62432"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/62543"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/62650"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/62660"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/62740"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://security.gentoo.org/glsa/glsa-201502-02.xml"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/72283"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1031597"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "https://technet.microsoft.com/library/security/2755801"}], "sourceIdentifier": "psirt@adobe.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2015:0094", "cpe": "cpe:/a:redhat:rhel_extras:5", "package": "flash-plugin-0:11.2.202.440-1.el5", "product_name": "Red Hat Enterprise Linux 5 Supplementary", "release_date": "2015-01-27T00:00:00Z"}, {"advisory": "RHSA-2015:0094", "cpe": "cpe:/a:redhat:rhel_extras:6", "package": "flash-plugin-0:11.2.202.440-1.el6", "product_name": "Supplementary for Red Hat Enterprise Linux 6", "release_date": "2015-01-27T00:00:00Z"}], "bugzilla": {"description": "flash-plugin: multiple critical vulnerabilities (APSA15-01)(APSB15-03)", "id": "1185296", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1185296"}, "csaw": false, "cvss": {"cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified"}, "details": ["Unspecified vulnerability in Adobe Flash Player through 13.0.0.262 and 14.x, 15.x, and 16.x through 16.0.0.287 on Windows and OS X and through 11.2.202.438 on Linux allows remote attackers to execute arbitrary code via unknown vectors, as exploited in the wild in January 2015."], "name": "CVE-2015-0311", "public_date": "2015-01-26T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2015-0311\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-0311\nhttps://helpx.adobe.com/security/products/flash-player/apsa15-01.html\nhttps://helpx.adobe.com/security/products/flash-player/apsb15-03.html\nhttps://www.cisa.gov/known-exploited-vulnerabilities-catalog"], "threat_severity": "Critical"}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Exploitation active

Automatable yes

Technical Impact total

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object