Vulnerabilities > CVE-2015-0313 - Use After Free vulnerability in multiple products

047910
CVSS 9.8 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
network
low complexity
adobe
suse
opensuse
microsoft
CWE-416
critical
nessus
exploit available
metasploit

Summary

Use-after-free vulnerability in Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in February 2015, a different vulnerability than CVE-2015-0315, CVE-2015-0320, and CVE-2015-0322.

Vulnerable Configurations

Part Description Count
Application
Adobe
321
Application
Microsoft
3
OS
Linux
1
OS
Apple
1
OS
Microsoft
8
OS
Suse
3
OS
Opensuse
3

Common Weakness Enumeration (CWE)

Exploit-Db

  • descriptionAdobe Flash Player ByteArray With Workers Use After Free. CVE-2015-0313. Remote exploit for windows platform
    fileexploits/windows/remote/36579.rb
    idEDB-ID:36579
    last seen2016-02-04
    modified2015-03-31
    platformwindows
    port
    published2015-03-31
    reportermetasploit
    sourcehttps://www.exploit-db.com/download/36579/
    titleAdobe Flash Player ByteArray With Workers Use After Free
    typeremote
  • descriptionAdobe Flash Player - Arbitrary Code Execution. CVE-2015-0313. Remote exploit for windows platform
    idEDB-ID:36491
    last seen2016-02-04
    modified2015-03-25
    published2015-03-25
    reporterSecurityObscurity
    sourcehttps://www.exploit-db.com/download/36491/
    titleAdobe Flash Player - Arbitrary Code Execution

Metasploit

descriptionThis module exploits a use-after-free vulnerability in Adobe Flash Player. The vulnerability occurs when the ByteArray assigned to the current ApplicationDomain is freed from an ActionScript worker, which can fill the memory and notify the main thread to corrupt the new contents. This module has been tested successfully on Windows 7 SP1 (32-bit), IE 8 to IE 11 and Flash 16.0.0.296.
idMSF:EXPLOIT/WINDOWS/BROWSER/ADOBE_FLASH_WORKER_BYTE_ARRAY_UAF
last seen2020-06-07
modified2017-07-24
published2015-03-27
references
reporterRapid7
sourcehttps://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/windows/browser/adobe_flash_worker_byte_array_uaf.rb
titleAdobe Flash Player ByteArray With Workers Use After Free

Nessus

  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_734BCD49AAE611E4A0C1C485083CA99C.NASL
    descriptionAdobe reports : A critical vulnerability (CVE-2015-0313) exists in Adobe Flash Player 16.0.0.296 and earlier versions for Windows, Macintosh, and Linux. Successful exploitation could cause a crash and potentially allow an attacker to take control of the affected system. We are aware of reports that this vulnerability is being actively exploited in the wild via drive-by-download attacks against systems running Internet Explorer and Firefox on Windows 8.1 and below. The FreeBSD security team determined this vulnerability does not affect the flashplugin11 package, so the patch has been pulled. Therefore, this plugin has been deprecated.
    last seen2017-10-29
    modified2015-03-17
    plugin id81135
    published2015-02-03
    reporterTenable
    sourcehttps://www.tenable.com/plugins/index.php?view=single&id=81135
    titleFreeBSD : Adobe Flash Player -- critical vulnerability (734bcd49-aae6-11e4-a0c1-c485083ca99c) (deprecated)
    code
    #%NASL_MIN_LEVEL 999999
    
    #
    # (C) Tenable Network Security, Inc.
    #
    # @DEPRECATED@
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from the FreeBSD VuXML database :
    #
    # Copyright 2003-2015 Jacques Vidrine and contributors
    #
    # Redistribution and use in source (VuXML) and 'compiled' forms (SGML,
    # HTML, PDF, PostScript, RTF and so forth) with or without modification,
    # are permitted provided that the following conditions are met:
    # 1. Redistributions of source code (VuXML) must retain the above
    #    copyright notice, this list of conditions and the following
    #    disclaimer as the first lines of this file unmodified.
    # 2. Redistributions in compiled form (transformed to other DTDs,
    #    published online in any format, converted to PDF, PostScript,
    #    RTF and other formats) must reproduce the above copyright
    #    notice, this list of conditions and the following disclaimer
    #    in the documentation and/or other materials provided with the
    #    distribution.
    # 
    # THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS "AS IS"
    # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
    # THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
    # PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS
    # BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
    # OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT
    # OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
    # BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
    # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
    # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,
    # EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(81135);
      script_version("1.7");
      script_cvs_date("Date: 2018/07/20  0:18:52");
    
      script_cve_id("CVE-2015-0313");
    
      script_name(english:"FreeBSD : Adobe Flash Player -- critical vulnerability (734bcd49-aae6-11e4-a0c1-c485083ca99c) (deprecated)");
      script_summary(english:"Checks for updated packages in pkg_info output");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"This plugin has been deprecated."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Adobe reports :
    
    A critical vulnerability (CVE-2015-0313) exists in Adobe Flash Player
    16.0.0.296 and earlier versions for Windows, Macintosh, and Linux.
    Successful exploitation could cause a crash and potentially allow an
    attacker to take control of the affected system. We are aware of
    reports that this vulnerability is being actively exploited in the
    wild via drive-by-download attacks against systems running Internet
    Explorer and Firefox on Windows 8.1 and below.
    
    The FreeBSD security team determined this vulnerability does not
    affect the flashplugin11 package, so the patch has been pulled.
    Therefore, this plugin has been deprecated."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://helpx.adobe.com/security/products/flash-player/apsa15-02.html"
      );
      # http://www.freebsd.org/ports/portaudit/734bcd49-aae6-11e4-a0c1-c485083ca99c.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?aca19368"
      );
      script_set_attribute(attribute:"solution", value:"n/a");
      script_set_attribute(attribute:"risk_factor", value:"None");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:linux-c6-flashplugin11");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:linux-f10-flashplugin11");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:freebsd:freebsd");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2015/02/02");
      script_set_attribute(attribute:"patch_publication_date", value:"2015/02/02");
      script_set_attribute(attribute:"plugin_publication_date", value:"2015/02/03");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.");
      script_family(english:"FreeBSD Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/FreeBSD/release", "Host/FreeBSD/pkg_info");
    
      exit(0);
    }
    
    exit(0, 'This vulnerability does not affect flashplugin11. The patch has been pulled, so this plugin has been deprecated.');
    
    include("audit.inc");
    include("freebsd_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/FreeBSD/release")) audit(AUDIT_OS_NOT, "FreeBSD");
    if (!get_kb_item("Host/FreeBSD/pkg_info")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    
    if (pkg_test(save_report:TRUE, pkg:"linux-c6-flashplugin11<=11.2r202.440")) flag++;
    if (pkg_test(save_report:TRUE, pkg:"linux-f10-flashplugin11<=11.2r202.440")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2015-118.NASL
    descriptionflash-player was updated to version 11.2.202.442 to fix 18 security issues. These security issues were fixed : - Use-after-free vulnerabilities that could lead to code execution (CVE-2015-0313, CVE-2015-0315, CVE-2015-0320, CVE-2015-0322). - Memory corruption vulnerabilities that could lead to code execution (CVE-2015-0314, CVE-2015-0316, CVE-2015-0318, CVE-2015-0321, CVE-2015-0329, CVE-2015-0330). - Type confusion vulnerabilities that could lead to code execution (CVE-2015-0317, CVE-2015-0319). - Heap buffer overflow vulnerabilities that could lead to code execution (CVE-2015-0323, CVE-2015-0327). - Buffer overflow vulnerability that could lead to code execution (CVE-2015-0324). - NULL pointer dereference issues (CVE-2015-0325, CVE-2015-0326, CVE-2015-0328). More information is available at https://helpx.adobe.com/security/products/flash-player/apsb15-04.html
    last seen2020-06-05
    modified2015-02-09
    plugin id81243
    published2015-02-09
    reporterThis script is Copyright (C) 2015-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/81243
    titleopenSUSE Security Update : flash-player (openSUSE-2015-118)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update openSUSE-2015-118.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(81243);
      script_version("1.9");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2015-0313", "CVE-2015-0314", "CVE-2015-0315", "CVE-2015-0316", "CVE-2015-0317", "CVE-2015-0318", "CVE-2015-0319", "CVE-2015-0320", "CVE-2015-0321", "CVE-2015-0322", "CVE-2015-0323", "CVE-2015-0324", "CVE-2015-0325", "CVE-2015-0326", "CVE-2015-0327", "CVE-2015-0328", "CVE-2015-0329", "CVE-2015-0330");
    
      script_name(english:"openSUSE Security Update : flash-player (openSUSE-2015-118)");
      script_summary(english:"Check for the openSUSE-2015-118 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "flash-player was updated to version 11.2.202.442 to fix 18 security
    issues.
    
    These security issues were fixed :
    
      - Use-after-free vulnerabilities that could lead to code
        execution (CVE-2015-0313, CVE-2015-0315, CVE-2015-0320,
        CVE-2015-0322). 
    
      - Memory corruption vulnerabilities that could lead to
        code execution (CVE-2015-0314, CVE-2015-0316,
        CVE-2015-0318, CVE-2015-0321, CVE-2015-0329,
        CVE-2015-0330). 
    
      - Type confusion vulnerabilities that could lead to code
        execution (CVE-2015-0317, CVE-2015-0319). 
    
      - Heap buffer overflow vulnerabilities that could lead to
        code execution (CVE-2015-0323, CVE-2015-0327). 
    
      - Buffer overflow vulnerability that could lead to code
        execution (CVE-2015-0324). 
    
      - NULL pointer dereference issues (CVE-2015-0325,
        CVE-2015-0326, CVE-2015-0328).
    
    More information is available at
    https://helpx.adobe.com/security/products/flash-player/apsb15-04.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=915918"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://helpx.adobe.com/security/products/flash-player/apsb15-04.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected flash-player packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'Adobe Flash Player PCRE Regex Vulnerability');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
      script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
      script_set_attribute(attribute:"canvas_package", value:'CANVAS');
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:flash-player");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:flash-player-gnome");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:flash-player-kde4");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:13.1");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:13.2");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2015/02/06");
      script_set_attribute(attribute:"plugin_publication_date", value:"2015/02/09");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2015-2020 Tenable Network Security, Inc.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE13\.1|SUSE13\.2)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "13.1 / 13.2", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE13.1", reference:"flash-player-11.2.202.442-98.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"flash-player-gnome-11.2.202.442-98.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"flash-player-kde4-11.2.202.442-98.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"flash-player-11.2.202.442-2.33.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"flash-player-gnome-11.2.202.442-2.33.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"flash-player-kde4-11.2.202.442-2.33.1") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "flash-player / flash-player-gnome / flash-player-kde4");
    }
    
  • NASL familyWindows
    NASL idFLASH_PLAYER_APSA15-02.NASL
    descriptionAccording to its version, the Adobe Flash Player installed on the remote Windows host is equal or prior to 16.0.0.296. It is, therefore, affected by the following vulnerabilities : - Several use-after-free errors exist that allow arbitrary code execution. (CVE-2015-0313, CVE-2015-0315, CVE-2015-0320, CVE-2015-0322) - Several memory corruption errors exist that allow arbitrary code execution. (CVE-2015-0314, CVE-2015-0316, CVE-2015-0318, CVE-2015-0321, CVE-2015-0329, CVE-2015-0330) - Several type confusion errors exist that allow arbitrary code execution. (CVE-2015-0317, CVE-2015-0319) - Several heap-based buffer-overflow errors exist that allow arbitrary code execution. (CVE-2015-0323, CVE-2015-0327) - A buffer overflow error exists that allows arbitrary code execution. (CVE-2015-0324) - Several null pointer dereference errors exist that have unspecified impacts. (CVE-2015-0325, CVE-2015-0326, CVE-2015-0328). - A user-after-free error exists within the processing of invalid m3u8 playlists. A remote attacker, with a specially crafted m3u8 playlist file, can force a dangling pointer to be reused after it has been freed, allowing the execution of arbitrary code. (CVE-2015-0331)
    last seen2020-06-01
    modified2020-06-02
    plugin id81127
    published2015-02-02
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/81127
    titleFlash Player <= 16.0.0.296 Unspecified Code Execution (APSA15-02 / APSB15-04)
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_FLASH_PLAYER_APSA15-02.NASL
    descriptionAccording to its version, the Adobe Flash Player installed on the remote Mac OS X host is equal or prior to 16.0.0.296. It is, therefore, affected by the following vulnerabilities : - Several use-after-free errors exist that allow arbitrary code execution. (CVE-2015-0313, CVE-2015-0315, CVE-2015-0320, CVE-2015-0322) - Several memory corruption errors exist that allow arbitrary code execution. (CVE-2015-0314, CVE-2015-0316, CVE-2015-0318, CVE-2015-0321, CVE-2015-0329, CVE-2015-0330) - Several type confusion errors exist that allow arbitrary code execution. (CVE-2015-0317, CVE-2015-0319) - Several heap-based buffer-overflow errors exist that allow arbitrary code execution. (CVE-2015-0323, CVE-2015-0327) - A buffer overflow error exists that allows arbitrary code execution. (CVE-2015-0324) - Several null pointer dereference errors exist that have unspecified impacts. (CVE-2015-0325, CVE-2015-0326, CVE-2015-0328). - A user-after-free error exists within the processing of invalid m3u8 playlists. A remote attacker, with a specially crafted m3u8 playlist file, can force a dangling pointer to be reused after it has been freed, allowing the execution of arbitrary code. (CVE-2015-0331)
    last seen2020-06-01
    modified2020-06-02
    plugin id81128
    published2015-02-02
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/81128
    titleFlash Player For Mac <= 16.0.0.296 Unspecified Code Execution (APSA15-02 / APSB15-04)
  • NASL familyWindows
    NASL idSMB_KB3021953.NASL
    descriptionThe remote host is missing KB3021953. It is, therefore, affected by the following vulnerabilities : - Several use-after-free errors exist that allow arbitrary code execution. (CVE-2015-0313, CVE-2015-0315, CVE-2015-0320, CVE-2015-0322) - Several memory corruption errors exist that allow arbitrary code execution. (CVE-2015-0314, CVE-2015-0316, CVE-2015-0318, CVE-2015-0321, CVE-2015-0329, CVE-2015-0330) - Several type confusion errors exist that allow arbitrary code execution. (CVE-2015-0317, CVE-2015-0319) - Several heap-based buffer-overflow errors exist that allow arbitrary code execution. (CVE-2015-0323, CVE-2015-0327) - A buffer overflow error exists that allows arbitrary code execution. (CVE-2015-0324) - Several null pointer dereference errors exist that have unspecified impacts. (CVE-2015-0325, CVE-2015-0326, CVE-2015-0328) - A user-after-free error exists within the processing of invalid m3u8 playlists. A remote attacker, with a specially crafted m3u8 playlist file, can force a dangling pointer to be reused after it has been freed, allowing the execution of arbitrary code. (CVE-2015-0331)
    last seen2020-06-01
    modified2020-06-02
    plugin id81209
    published2015-02-06
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/81209
    titleMS KB3021953: Update for Vulnerabilities in Adobe Flash Player in Internet Explorer
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_FLASH-PLAYER-150206.NASL
    descriptionflash-player was updated to version 11.2.202.442 to fix 18 security issues. These security issues were fixed: - Use-after-free vulnerabilities that could lead to code execution (CVE-2015-0313 / CVE-2015-0315 / CVE-2015-0320 / CVE-2015-0322). - Memory corruption vulnerabilities that could lead to code execution (CVE-2015-0314 / CVE-2015-0316 / CVE-2015-0318 / CVE-2015-0321 / CVE-2015-0329 / CVE-2015-0330). - Type confusion vulnerabilities that could lead to code execution (CVE-2015-0317 / CVE-2015-0319). - Heap buffer overflow vulnerabilities that could lead to code execution (CVE-2015-0323 / CVE-2015-0327). - Buffer overflow vulnerability that could lead to code execution (CVE-2015-0324). - NULL pointer dereference issues. (CVE-2015-0325 / CVE-2015-0326 / CVE-2015-0328) More information is available at https://helpx.adobe.com/security/products/flash-player/apsb15-04.html
    last seen2020-06-01
    modified2020-06-02
    plugin id81245
    published2015-02-09
    reporterThis script is Copyright (C) 2015-2016 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/81245
    titleSuSE 11.3 Security Update : flash-player, flash-player-gnome, flash-player-kde4 (SAT Patch Number 10287)
  • NASL familyWindows
    NASL idGOOGLE_CHROME_40_0_2214_111.NASL
    descriptionThe version of Google Chrome installed on the remote Windows host is prior to 40.0.2214.111. It is, therefore, affected by the following vulnerabilities : - Several use-after-free errors exist that allow arbitrary code execution. (CVE-2015-0313, CVE-2015-0315, CVE-2015-0320, CVE-2015-0322) - Several memory corruption errors exist that allow arbitrary code execution. (CVE-2015-0314, CVE-2015-0316, CVE-2015-0318, CVE-2015-0321, CVE-2015-0329, CVE-2015-0330) - Several type confusion errors exist that allow arbitrary code execution. (CVE-2015-0317, CVE-2015-0319) - Several heap-based buffer-overflow errors exist that allow arbitrary code execution. (CVE-2015-0323, CVE-2015-0327) - A buffer overflow error exists that allows arbitrary code execution. (CVE-2015-0324) - Several null pointer dereference errors exist that have unspecified impacts. (CVE-2015-0325, CVE-2015-0326, CVE-2015-0328). - A user-after-free error exists within the processing of invalid m3u8 playlists. A remote attacker, with a specially crafted m3u8 playlist file, can force a dangling pointer to be reused after it has been freed, allowing the execution of arbitrary code. (CVE-2015-0331) - A use-after-free error exists related to the DOM component. (CVE-2015-1209) - A cross-origin bypass error exists related to the V8 JavaScript engine bindings. (CVE-2015-1210) - A privilege escalation error exists related to service workers. (CVE-2015-1211) - Various, unspecified errors exist. (CVE-2015-1212)
    last seen2020-06-01
    modified2020-06-02
    plugin id81207
    published2015-02-06
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/81207
    titleGoogle Chrome < 40.0.2214.111 Multiple Vulnerabilities
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_GOOGLE_CHROME_40_0_2214_111.NASL
    descriptionThe version of Google Chrome installed on the remote Mac OS X host is prior to 40.0.2214.111. It is, therefore, affected by the following vulnerabilities : - Several use-after-free errors exist that allow arbitrary code execution. (CVE-2015-0313, CVE-2015-0315, CVE-2015-0320, CVE-2015-0322) - Several memory corruption errors exist that allow arbitrary code execution. (CVE-2015-0314, CVE-2015-0316, CVE-2015-0318, CVE-2015-0321, CVE-2015-0329, CVE-2015-0330) - Several type confusion errors exist that allow arbitrary code execution. (CVE-2015-0317, CVE-2015-0319) - Several heap-based buffer-overflow errors exist that allow arbitrary code execution. (CVE-2015-0323, CVE-2015-0327) - A buffer overflow error exists that allows arbitrary code execution. (CVE-2015-0324) - Several null pointer dereference errors exist that have unspecified impacts. (CVE-2015-0325, CVE-2015-0326, CVE-2015-0328). - A user-after-free error exists within the processing of invalid m3u8 playlists. A remote attacker, with a specially crafted m3u8 playlist file, can force a dangling pointer to be reused after it has been freed, allowing the execution of arbitrary code. (CVE-2015-0331) - A use-after-free error exists related to the DOM component. (CVE-2015-1209) - A cross-origin bypass error exists related to the V8 JavaScript engine bindings. (CVE-2015-1210) - A privilege escalation error exists related to service workers. (CVE-2015-1211) - Various, unspecified errors exist. (CVE-2015-1212)
    last seen2020-06-01
    modified2020-06-02
    plugin id81208
    published2015-02-06
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/81208
    titleGoogle Chrome < 40.0.2214.111 Multiple Vulnerabilities (Mac OS X)

Packetstorm

data sourcehttps://packetstormsecurity.com/files/download/131189/adobe_flash_worker_byte_array_uaf.rb.txt
idPACKETSTORM:131189
last seen2016-12-05
published2015-03-30
reporterjuan vazquez
sourcehttps://packetstormsecurity.com/files/131189/Adobe-Flash-Player-ByteArray-With-Workers-Use-After-Free.html
titleAdobe Flash Player ByteArray With Workers Use After Free

The Hacker News

idTHN:40B2D007112A9624A902E319B3C1366B
last seen2018-01-27
modified2015-02-05
published2015-02-02
reporterSwati Khandelwal
sourcehttps://thehackernews.com/2015/02/adobe-flash-zero-day-vulnerability_2.html
titleAnother Unpatched Adobe Flash Zero-Day vulnerability Exploited in the Wild

References