CVE-2015-4430 : Détail

CVE-2015-4430

67.6%V3
Network
2015-07-09
14h00 +00:00
2017-09-21
07h57 +00:00
Notifications pour un CVE
Restez informé de toutes modifications pour un CVE spécifique.
Gestion des notifications

Descriptions du CVE

Use-after-free vulnerability in Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0.0.203 on Windows and OS X and before 11.2.202.481 on Linux, Adobe AIR before 18.0.0.180, Adobe AIR SDK before 18.0.0.180, and Adobe AIR SDK & Compiler before 18.0.0.180 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-3118, CVE-2015-3124, CVE-2015-3127, CVE-2015-3128, CVE-2015-3129, CVE-2015-3131, CVE-2015-3132, CVE-2015-3136, CVE-2015-3137, CVE-2015-4428, and CVE-2015-5117.

Informations du CVE

Métriques

Métriques Score Gravité CVSS Vecteur Source
V2 10 AV:N/AC:L/Au:N/C:C/I:C/A:C [email protected]

EPSS

EPSS est un modèle de notation qui prédit la probabilité qu'une vulnérabilité soit exploitée.

Score EPSS

Le modèle EPSS produit un score de probabilité compris entre 0 et 1 (0 et 100 %). Plus la note est élevée, plus la probabilité qu'une vulnérabilité soit exploitée est grande.

Percentile EPSS

Le percentile est utilisé pour classer les CVE en fonction de leur score EPSS. Par exemple, une CVE dans le 95e percentile selon son score EPSS est plus susceptible d'être exploitée que 95 % des autres CVE. Ainsi, le percentile sert à comparer le score EPSS d'une CVE par rapport à d'autres CVE.

Informations sur l'Exploit

Exploit Database EDB-ID : 37875

Date de publication : 2015-08-18 22h00 +00:00
Auteur : Google Security Research
EDB Vérifié : Yes

Source: https://code.google.com/p/google-security-research/issues/detail?id=410&can=1&q=label%3AProduct-Flash%20modified-after%3A2015%2F8%2F17&sort=id The following crash was observed in Flash Player 17.0.0.188 on Windows: (81c.854): Access violation - code c0000005 (first chance) First chance exceptions are reported before any exception handling. This exception may be expected and handled. eax=37397006 ebx=00000000 ecx=008c0493 edx=09f390d0 esi=08c24d98 edi=09dc2000 eip=07a218cb esp=015eda80 ebp=015edb24 iopl=0 nv up ei pl nz ac po nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00050216 Flash32_17_0_0_188+0x18cb: 07a218cb ff6004 jmp dword ptr [eax+0x4] ds:0023:3739700a=???????? - The test case reproduces on Windows 7 using IE11. It does not appear to immediately reproduce on Windows+Chrome or Linux+Chrome. - The crash can also reproduce on one of the two mov instructions prior to the jmp shown here. - The crash appears to occur due to a use-after-free related to loading a sub-resource from a URL. - The test case minimizes to an 11-bit difference from the original sample file. - The following test cases are attached: 2038518113_crash.swf (crashing file), 2038518113_min.swf (minimized file), 2038518113_orig.swf (original non-crashing file). Proof of Concept: https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/37875.zip

Products Mentioned

Configuraton 0

Adobe>>Air >> Version To (including) 18.0.0.144

Adobe>>Air_sdk >> Version To (including) 18.0.0.144

Adobe>>Air_sdk_\&_compiler >> Version To (including) 18.0.0.144

Configuraton 0

Adobe>>Flash_player >> Version To (including) 13.0.0.289

Adobe>>Flash_player >> Version 14.0.0.125

Adobe>>Flash_player >> Version 14.0.0.145

Adobe>>Flash_player >> Version 14.0.0.176

Adobe>>Flash_player >> Version 14.0.0.179

Adobe>>Flash_player >> Version 15.0.0.152

Adobe>>Flash_player >> Version 15.0.0.167

Adobe>>Flash_player >> Version 15.0.0.189

Adobe>>Flash_player >> Version 15.0.0.223

Adobe>>Flash_player >> Version 15.0.0.239

Adobe>>Flash_player >> Version 15.0.0.246

Adobe>>Flash_player >> Version 16.0.0.235

Adobe>>Flash_player >> Version 16.0.0.257

Adobe>>Flash_player >> Version 16.0.0.287

Adobe>>Flash_player >> Version 16.0.0.296

Adobe>>Flash_player >> Version 17.0.0.134

Adobe>>Flash_player >> Version 17.0.0.169

Adobe>>Flash_player >> Version 17.0.0.188

Adobe>>Flash_player >> Version 17.0.0.190

Adobe>>Flash_player >> Version 18.0.0.160

Adobe>>Flash_player >> Version 18.0.0.194

Apple>>Mac_os_x >> Version -

Microsoft>>Windows >> Version -

Configuraton 0

Adobe>>Flash_player >> Version To (including) 11.2.202.468

Linux>>Linux_kernel >> Version -

Références

http://www.securitytracker.com/id/1032810
Tags : vdb-entry, x_refsource_SECTRACK
http://rhn.redhat.com/errata/RHSA-2015-1214.html
Tags : vendor-advisory, x_refsource_REDHAT
https://security.gentoo.org/glsa/201507-13
Tags : vendor-advisory, x_refsource_GENTOO
http://www.securityfocus.com/bid/75590
Tags : vdb-entry, x_refsource_BID