← Back to CVEs
CVE-2015-0313
CRITICALCISA KEV9.8
Description
Use-after-free vulnerability in Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in February 2015, a different vulnerability than CVE-2015-0315, CVE-2015-0320, and CVE-2015-0322.
CVE Details
CVSS v3.1 Score9.8
SeverityCRITICAL
CVSS VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack VectorNETWORK
ComplexityLOW
Privileges RequiredNONE
User InteractionNONE
Published2/2/2015
Last Modified11/17/2025
Sourcekev
Honeypot Sightings0
CISA KEV
VendorAdobe
ProductFlash Player
Vulnerability NameAdobe Flash Player Use-After-Free Vulnerability
KEV Date Added2022-04-13
Remediation Due Date2022-05-04
Ransomware UseUnknown
Affected Products
adobe:flash_playerapple:mac_os_xlinux:linux_kernelmicrosoft:edgemicrosoft:internet_explorermicrosoft:windowsmicrosoft:windows_10_1507microsoft:windows_8microsoft:windows_8.1microsoft:windows_rtmicrosoft:windows_rt_8.1microsoft:windows_server_2012opensuse:evergreenopensuse:opensusesuse:linux_enterprise_desktopsuse:linux_enterprise_workstation_extension
Weaknesses (CWE)
CWE-416CWE-416
References
http://packetstormsecurity.com/files/131189/Adobe-Flash-Player-ByteArray-With-Workers-Use-After-Free.html(psirt@adobe.com)
http://secunia.com/advisories/62528(psirt@adobe.com)
http://secunia.com/advisories/62777(psirt@adobe.com)
http://secunia.com/advisories/62895(psirt@adobe.com)
http://www.osvdb.org/117853(psirt@adobe.com)
http://www.securityfocus.com/bid/72429(psirt@adobe.com)
http://www.securitytracker.com/id/1031686(psirt@adobe.com)
https://exchange.xforce.ibmcloud.com/vulnerabilities/100641(psirt@adobe.com)
https://technet.microsoft.com/library/security/2755801(psirt@adobe.com)
https://www.exploit-db.com/exploits/36579/(psirt@adobe.com)
http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00006.html(af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00007.html(af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00008.html(af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00009.html(af854a3a-2127-422b-91ae-364da2661108)
http://packetstormsecurity.com/files/131189/Adobe-Flash-Player-ByteArray-With-Workers-Use-After-Free.html(af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/62528(af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/62777(af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/62895(af854a3a-2127-422b-91ae-364da2661108)
http://www.osvdb.org/117853(af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/72429(af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id/1031686(af854a3a-2127-422b-91ae-364da2661108)
https://exchange.xforce.ibmcloud.com/vulnerabilities/100641(af854a3a-2127-422b-91ae-364da2661108)
https://helpx.adobe.com/security/products/flash-player/apsa15-02.html(af854a3a-2127-422b-91ae-364da2661108)
https://helpx.adobe.com/security/products/flash-player/apsb15-04.html(af854a3a-2127-422b-91ae-364da2661108)
https://technet.microsoft.com/library/security/2755801(af854a3a-2127-422b-91ae-364da2661108)
https://www.exploit-db.com/exploits/36579/(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/cisagov/vulnrichment/issues/196(134c704f-9b21-4f2e-91b3-4a467353bcc0)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2015-0313(134c704f-9b21-4f2e-91b3-4a467353bcc0)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.