13 Oct 2015

CVE-2015-7626

Publié par . Publié dans Memory corruption

Vulnerability Details : CVE-2015-7626

Adobe Flash Player before 18.0.0.252 and 19.x before 19.0.0.207 on Windows and OS X and before 11.2.202.535 on Linux, Adobe AIR before 19.0.0.213, Adobe AIR SDK before 19.0.0.213, and Adobe AIR SDK & Compiler before 19.0.0.213 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-7625, CVE-2015-7627, CVE-2015-7630, CVE-2015-7633, and CVE-2015-7634.
Publish Date : 2015-10-14 Last Update Date : 2015-10-15

- CVSS Scores & Vulnerability Types

CVSS Score	10.0
Confidentiality Impact	Complete(There is total information disclosure, resulting in all system files being revealed.)
Integrity Impact	Complete(There is a total compromise of system integrity. There is a complete loss of system protection, resulting in the entire system being compromised.)
Availability Impact	Complete(There is a total shutdown of the affected resource. The attacker can render the resource completely unavailable.)
Access Complexity	Low(Specialized access conditions or extenuating circumstances do not exist. Very little knowledge or skill is required to exploit. )
Authentication	Not required(Authentication is not required to exploit the vulnerability.)
Gained Access	None
Vulnerability Type(s)	Denial Of ServiceExecute CodeOverflowMemory corruption
CWE ID	119

- Related OVAL Definitions

Title	Definition Id	Class	Family
RHSA-2015:1893: flash-plugin security update (Critical)	oval:com.redhat.rhsa:def:20151893		unix

OVAL (Open Vulnerability and Assessment Language) definitions define exactly what should be done to verify a vulnerability or a missing patch. Check out the OVAL definitions if you want to learn what you should do to verify a vulnerability.

- Products Affected By CVE-2015-7626

#	Product Type	Vendor	Product	Version
1	Application	Adobe	AIR	19.0.0.190	Version Details Vulnerabilities
2	Application	Adobe	Air Sdk	19.0.0.190	Version Details Vulnerabilities
3	Application	Adobe	Air Sdk & Compiler	19.0.0.190	Version Details Vulnerabilities
4	Application	Adobe	Flash Player	11.2.202.521	Version Details Vulnerabilities
5	Application	Adobe	Flash Player	19.0.0.185	Version Details Vulnerabilities

- Number Of Affected Versions By Product

Vendor	Product	Vulnerable Versions
Adobe	AIR	1
Adobe	Air Sdk	1
Adobe	Air Sdk & Compiler	1
Adobe	Flash Player	2

- References For CVE-2015-7626

https://helpx.adobe.com/security/products/flash-player/apsb15-25.html CONFIRM

- Vulnerability Conditions

Vulnerability is valid if product versions listed below are used TOGETHER WITH(AND)
Adobe AIR 19.0.0.190	Google Android
Vulnerability is valid if product versions listed below are used TOGETHER WITH(AND)
Adobe Flash Player 11.2.202.521	Linux Linux Kernel
Vulnerability is valid if product versions listed below are used TOGETHER WITH(AND)
Adobe Air Sdk & Compiler 19.0.0.190 Adobe Air Sdk 19.0.0.190 Adobe AIR 19.0.0.190	Apple Mac Os X Microsoft Windows
Vulnerability is valid if product versions listed below are used TOGETHER WITH(AND)
Adobe Flash Player 19.0.0.185	Apple Mac Os X Microsoft Windows

- Metasploit Modules Related To CVE-2015-7626

There are not any metasploit modules related to this vulnerability (Please visit www.metasploit.com for more information)

CVE-2015-7626

Vulnerability Details : CVE-2015-7626

- CVSS Scores & Vulnerability Types

- Related OVAL Definitions

- Products Affected By CVE-2015-7626

- Number Of Affected Versions By Product

- References For CVE-2015-7626

- Vulnerability Conditions

- Metasploit Modules Related To CVE-2015-7626

Pour nous Contacter

Newsletter Cybersécurité

Ressources Sécurité

Notre expertise cybersécurité validée par de multiples certifications internationales