Unknown
CVE-2015-3113
CVE ID
AttackerKB requires a CVE ID in order to pull vulnerability data and references from the CVE list and the National Vulnerability Database. If available, please supply below:
Add References:
Unknown
(1 user assessed)Unknown
(1 user assessed)Unknown
Unknown
Unknown
MITRE ATT&CK
Collection
Command and Control
Credential Access
Defense Evasion
Discovery
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation
Topic Tags
Description
Heap-based buffer overflow in Adobe Flash Player before 13.0.0.296 and 14.x through 18.x before 18.0.0.194 on Windows and OS X and before 11.2.202.468 on Linux allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in June 2015.
Add Assessment
Technical Analysis
Reported as exploited in the wild as part of Google’s 2020 0day vulnerability spreadsheet they made available at https://docs.google.com/spreadsheets/d/1lkNJ0uQwbeC1ZTRrxdtuPLCIl7mlUreoKfSIgajnSyY/edit#gid=1869060786. Original tweet announcing this spreadsheet with the 2020 findings can be found at https://twitter.com/maddiestone/status/1329837665378725888
Would you also like to delete your Exploited in the Wild Report?
Delete Assessment Only Delete Assessment and Exploited in the Wild ReportCVSS V3 Severity and Metrics
General Information
Vendors
- adobe
Products
- flash player,
- flash player 14.0.0.125,
- flash player 14.0.0.145,
- flash player 14.0.0.176,
- flash player 14.0.0.179,
- flash player 15.0.0.152,
- flash player 15.0.0.167,
- flash player 15.0.0.189,
- flash player 15.0.0.223,
- flash player 15.0.0.239,
- flash player 15.0.0.246,
- flash player 16.0.0.235,
- flash player 16.0.0.257,
- flash player 16.0.0.287,
- flash player 16.0.0.296,
- flash player 17.0.0.134,
- flash player 17.0.0.169,
- flash player 17.0.0.188,
- flash player 18.0.0.161
Exploited in the Wild
Would you like to delete this Exploited in the Wild Report?
Yes, delete this reportReferences
Advisory
Additional Info
Technical Analysis
Report as Exploited in the Wild
CVE ID
AttackerKB requires a CVE ID in order to pull vulnerability data and references from the CVE list and the National Vulnerability Database. If available, please supply below: