Attacker Value
Unknown
CVE-2015-0310
Attacker Value
Unknown
(1 user assessed)
Exploitability
Unknown
(1 user assessed)User Interaction
Unknown
Privileges Required
Unknown
Attack Vector
Unknown
MITRE ATT&CK
Log in to add MITRE ATT&CK tag
Add MITRE ATT&CK tactics and techniques that apply to this CVE.
Description
Adobe Flash Player before 13.0.0.262 and 14.x through 16.x before 16.0.0.287 on Windows and OS X and before 11.2.202.438 on Linux does not properly restrict discovery of memory addresses, which allows attackers to bypass the ASLR protection mechanism on Windows, and have an unspecified impact on other platforms, via unknown vectors, as exploited in the wild in January 2015.
Add Assessment
1
Technical Analysis
Reported as exploited in the wild as part of Google’s 2020 0day vulnerability spreadsheet they made available at https://docs.google.com/spreadsheets/d/1lkNJ0uQwbeC1ZTRrxdtuPLCIl7mlUreoKfSIgajnSyY/edit#gid=1869060786. Original tweet announcing this spreadsheet with the 2020 findings can be found at https://twitter.com/maddiestone/status/1329837665378725888
CVSS V3 Severity and Metrics
Data provided by the National Vulnerability Database (NVD)
Base Score:
None
Impact Score:
Unknown
Exploitability Score:
Unknown
Attack Vector (AV):
Unknown
Attack Complexity (AC):
Unknown
Privileges Required (PR):
Unknown
User Interaction (UI):
Unknown
Scope (S):
Unknown
Confidentiality (C):
Unknown
Integrity (I):
Unknown
Availability (A):
Unknown
General Information
Vendors
- adobe
Products
- flash player,
- flash player 14.0.0.125,
- flash player 14.0.0.145,
- flash player 14.0.0.176,
- flash player 14.0.0.179,
- flash player 15.0.0.152,
- flash player 15.0.0.167,
- flash player 15.0.0.189,
- flash player 15.0.0.223,
- flash player 15.0.0.239,
- flash player 15.0.0.246,
- flash player 16.0.0.235,
- flash player 16.0.0.257
Exploited in the Wild
References
Advisory
