CVE-2015-8822

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allows attackers to execute arbitrary code via crafted MPEG-4 data, a different vulnerability than CVE-2015-8048, CVE-2015-8049, CVE-2015-8050, CVE-2015-8055, CVE-2015-8056, CVE-2015-8057, CVE-2015-8058, CVE-2015-8059, CVE-2015-8061, CVE-2015-8062, CVE-2015-8063, CVE-2015-8064, CVE-2015-8065, CVE-2015-8066, CVE-2015-8067, CVE-2015-8068, CVE-2015-8069, CVE-2015-8070, CVE-2015-8071, CVE-2015-8401, CVE-2015-8402, CVE-2015-8403, CVE-2015-8404, CVE-2015-8405, CVE-2015-8406, CVE-2015-8410, CVE-2015-8411, CVE-2015-8412, CVE-2015-8413, CVE-2015-8414, CVE-2015-8420, CVE-2015-8421, CVE-2015-8422, CVE-2015-8423, CVE-2015-8424, CVE-2015-8425, CVE-2015-8426, CVE-2015-8427, CVE-2015-8428, CVE-2015-8429, CVE-2015-8430, CVE-2015-8431, CVE-2015-8432, CVE-2015-8433, CVE-2015-8434, CVE-2015-8435, CVE-2015-8436, CVE-2015-8437, CVE-2015-8441, CVE-2015-8442, CVE-2015-8447, CVE-2015-8448, CVE-2015-8449, CVE-2015-8450, CVE-2015-8452, CVE-2015-8454, CVE-2015-8653, CVE-2015-8655, and CVE-2015-8821.

CVSS v3 8.8 HIGH
CVSS v2.0 9.3 HIGH

8.8^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

9.3^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 8.6 / Impact : 10.0

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://www.zerodayinitiative.com/advisories/ZDI-15-664	Third Party Advisory VDB Entry
https://helpx.adobe.com/security/products/flash-player/apsb15-32.html	Patch Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:a:adobe:flash_player_desktop_runtime:*:*:*:*:*:*:*:*

OR	cpe:2.3:o:apple:mac_os_x:-:::::::*
	cpe:2.3:o:microsoft:windows:-:::::::*

Configuration 3 (hide)

AND

cpe:2.3:a:adobe:flash_player:*:*:*:*:esr:*:*:*

OR	cpe:2.3:o:apple:mac_os_x:-:::::::*
	cpe:2.3:o:microsoft:windows:-:::::::*

Configuration 4 (hide)

AND

OR	cpe:2.3:o:microsoft:windows_10:-:::::::*
	cpe:2.3:o:microsoft:windows_8:-:::::::*
	cpe:2.3:o:microsoft:windows_8.1:-:::::::*

cpe:2.3:a:adobe:flash_player:*:*:*:*:*:internet_explorer:*:*

Configuration 5 (hide)

AND

cpe:2.3:a:adobe:flash_player:*:*:*:*:*:chrome:*:*

OR	cpe:2.3:o:apple:mac_os_x:-:::::::*
	cpe:2.3:o:google:chrome_os:-:::::::*
	cpe:2.3:o:linux:linux_kernel:-:::::::*
	cpe:2.3:o:microsoft:windows:-:::::::*

Configuration 6 (hide)

AND

cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:*:*:*:*:*:edge:*:*

Configuration 7 (hide)

AND

cpe:2.3:a:adobe:air_desktop_runtime:*:*:*:*:*:*:*:*

OR	cpe:2.3:o:apple:mac_os_x:-:::::::*
	cpe:2.3:o:microsoft:windows:-:::::::*

Configuration 8 (hide)

AND

cpe:2.3:a:adobe:air_sdk:*:*:*:*:*:*:*:*

OR	cpe:2.3:o:apple:iphone_os:-:::::::*
	cpe:2.3:o:apple:mac_os_x:-:::::::*
	cpe:2.3:o:google:android:-:::::::*
	cpe:2.3:o:microsoft:windows:-:::::::*

Configuration 9 (hide)

AND

cpe:2.3:a:adobe:air_sdk_\&_compiler:*:*:*:*:*:*:*:*

OR	cpe:2.3:o:apple:iphone_os:-:::::::*
	cpe:2.3:o:apple:mac_os_x:-:::::::*
	cpe:2.3:o:google:android:-:::::::*
	cpe:2.3:o:microsoft:windows:-:::::::*

Configuration 10 (hide)

AND

cpe:2.3:a:adobe:air:*:*:*:*:*:*:*:*

cpe:2.3:o:google:android:-:*:*:*:*:*:*:*

History

08 May 2023, 13:29

Type	Values Removed	Values Added
First Time		Microsoft windows 8
CPE	cpe:2.3:o:microsoft:windows_8.0:-:::::::*	cpe:2.3:o:microsoft:windows_8:-:::::::*

30 Jan 2023, 17:32

Type	Values Removed	Values Added
CPE	cpe:2.3:o:google:android:::::::: cpe:2.3:o:apple:iphone_os:::::::: cpe:2.3:o:linux:linux_kernel:::::::: cpe:2.3:a:adobe:flash_player:20.0.0.286:::::::* cpe:2.3:a:adobe:flash_player:20.0.0.228:::::::* cpe:2.3:o:microsoft:windows:::::::: cpe:2.3:a:adobe:flash_player:20.0.0.235:::::::* cpe:2.3:o:apple:mac_os_x:::::::: cpe:2.3:a:adobe:flash_player:19.0.0.185:::::::* cpe:2.3:a:adobe:flash_player:19.0.0.226:::::::* cpe:2.3:a:adobe:flash_player:19.0.0.207:::::::* cpe:2.3:a:adobe:flash_player:19.0.0.245:::::::* cpe:2.3:a:adobe:air_sdk_\\\&_compiler::::::::	cpe:2.3:a:adobe:air_desktop_runtime:::::::: cpe:2.3:o:linux:linux_kernel:-:::::::* cpe:2.3:a:adobe:flash_player:::::esr:::* cpe:2.3:o:apple:iphone_os:-:::::::* cpe:2.3:o:google:chrome_os:-:::::::* cpe:2.3:o:google:android:-:::::::* cpe:2.3:o:microsoft:windows_8.0:-:::::::* cpe:2.3:a:adobe:flash_player::::::chrome::* cpe:2.3:o:microsoft:windows_8.1:-:::::::* cpe:2.3:a:adobe:flash_player::::::edge::* cpe:2.3:o:apple:mac_os_x:-:::::::* cpe:2.3:a:adobe:air_sdk_\&_compiler:::::::: cpe:2.3:o:microsoft:windows:-:::::::* cpe:2.3:a:adobe:flash_player::::::internet_explorer::* cpe:2.3:a:adobe:flash_player_desktop_runtime:::::::: cpe:2.3:o:microsoft:windows_10:-:::::::*
CWE	~~NVD-CWE-Other~~	CWE-416
References	~~(MISC) http://www.zerodayinitiative.com/advisories/ZDI-15-664 -~~	(MISC) http://www.zerodayinitiative.com/advisories/ZDI-15-664 - Third Party Advisory, VDB Entry
First Time		Adobe air Desktop Runtime Adobe flash Player Desktop Runtime Microsoft windows 8.1 Google chrome Os Microsoft windows 10 Microsoft windows 8.0 Adobe air Sdk \& Compiler

Information

Published : 2016-03-04 23:59

Updated : 2023-12-10 11:46

NVD link : CVE-2015-8822

Mitre link : CVE-2015-8822

CVE.ORG link : CVE-2015-8822

JSON object : View

Products Affected

google

chrome_os
android

apple

iphone_os
mac_os_x

adobe

flash_player_desktop_runtime
air_desktop_runtime
air_sdk_\&_compiler
air
air_sdk
flash_player

microsoft

windows
windows_8.1
windows_10
windows_8

linux

linux_kernel

CWE

CWE-416

Use After Free

8.8 /10