Vulnerabilities > CVE-2015-3113 - Out-of-bounds Write vulnerability in multiple products

047910
CVSS 9.8 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
network
low complexity
adobe
opensuse
suse
hp
redhat
CWE-787
critical
nessus
metasploit

Summary

Heap-based buffer overflow in Adobe Flash Player before 13.0.0.296 and 14.x through 18.x before 18.0.0.194 on Windows and OS X and before 11.2.202.468 on Linux allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in June 2015.

Vulnerable Configurations

Part Description Count
Application
Adobe
338
Application
Hp
127
OS
Apple
1
OS
Microsoft
1
OS
Linux
1
OS
Opensuse
3
OS
Suse
2
OS
Redhat
4

Common Weakness Enumeration (CWE)

Metasploit

descriptionThis module exploits a buffer overflow on Adobe Flash Player when handling nellymoser encoded audio inside a FLV video, as exploited in the wild on June 2015. This module has been tested successfully on: Windows 7 SP1 (32-bit), IE11 and Adobe Flash 18.0.0.160, Windows 7 SP1 (32-bit), Firefox 38.0.5 and Adobe Flash 18.0.0.160, Windows 8.1, Firefox 38.0.5 and Adobe Flash 18.0.0.160, Linux Mint "Rebecca" (32 bits), Firefox 33.0 and Adobe Flash 11.2.202.466, and Ubuntu 14.04.2 LTS, Firefox 35.01, and Adobe Flash 11.2.202.466. Note that this exploit is effective against both CVE-2015-3113 and the earlier CVE-2015-3043, since CVE-2015-3113 is effectively a regression to the same root cause as CVE-2015-3043.
idMSF:EXPLOIT/MULTI/BROWSER/ADOBE_FLASH_NELLYMOSER_BOF
last seen2020-06-13
modified2017-07-24
published2015-07-01
references
reporterRapid7
sourcehttps://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/multi/browser/adobe_flash_nellymoser_bof.rb
titleAdobe Flash Player Nellymoser Audio Decoding Buffer Overflow

Nessus

  • NASL familyWindows
    NASL idFLASH_PLAYER_APSB15-14.NASL
    descriptionThe version of Adobe Flash Player installed on the remote Windows host is equal or prior to version 18.0.0.161. It is, therefore, affected by a remote code execution vulnerability due to improper validation of unspecified user-supplied input. A remote attacker can exploit this, via specially crafted Flash content, to cause a heap-based buffer overflow, resulting in the execution of arbitrary code.
    last seen2020-06-01
    modified2020-06-02
    plugin id84365
    published2015-06-24
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/84365
    titleAdobe Flash Player <= 18.0.0.161 RCE (APSB15-14)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2015-1184.NASL
    descriptionAn updated Adobe Flash Player package that fixes one security issue is now available for Red Hat Enterprise Linux 5 and 6 Supplementary. Red Hat Product Security has rated this update as having Critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. A flaw was found in the way flash-plugin displayed certain SWF content. An attacker could use this flaw to create a specially crafted SWF file that would cause flash-plugin to crash or, potentially, execute arbitrary code when the victim loaded a page containing the malicious SWF content. (CVE-2015-3113) All users of Adobe Flash Player should install this updated package, which upgrades Flash Player to version 11.2.202.468.
    last seen2020-06-01
    modified2020-06-02
    plugin id84391
    published2015-06-25
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/84391
    titleRHEL 5 / 6 : flash-plugin (RHSA-2015:1184)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2015-1136-1.NASL
    descriptionAdobe Flash Player was updated to 11.2.202.468, fixing a security issue, where attackers could trigger a heap overflow and could execute code. https://helpx.adobe.com/security/products/flash-player/apsb15-14.html Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id84397
    published2015-06-25
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/84397
    titleSUSE SLED12 Security Update : flash-player (SUSE-SU-2015:1136-1)
  • NASL familyWindows
    NASL idSMB_KB3074219.NASL
    descriptionThe remote Windows host is missing KB3074219. It is, therefore, affected by a remote code execution vulnerability due to improper validation of unspecified user-supplied input. A remote attacker can exploit this, via specially crafted Flash content, to cause a heap-based buffer overflow, resulting in the execution of arbitrary code.
    last seen2020-06-01
    modified2020-06-02
    plugin id84367
    published2015-06-24
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/84367
    titleMS KB3074219: Update for Vulnerabilities in Adobe Flash Player in Internet Explorer
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_D02F6B011A3F11E58BD6C485083CA99C.NASL
    descriptionAdobe reports : Adobe has released security updates for Adobe Flash Player for Windows, Macintosh and Linux. These updates address a critical vulnerability (CVE-2015-3113) that could potentially allow an attacker to take control of the affected system. Adobe is aware of reports that CVE-2015-3113 is being actively exploited in the wild via limited, targeted attacks. Systems running Internet Explorer for Windows 7 and below, as well as Firefox on Windows XP, are known targets.
    last seen2020-06-01
    modified2020-06-02
    plugin id84383
    published2015-06-25
    reporterThis script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/84383
    titleFreeBSD : Adobe Flash Player -- critical vulnerabilities (d02f6b01-1a3f-11e5-8bd6-c485083ca99c)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2015-450.NASL
    descriptionAdobe Flash Player was updated to 11.2.202.468 to fix one security issue. The following vulnerability was fixed : - CVE-2015-3113: A heap buffer overflow vulnerability could have allowed code execution (bsc#935701, APSB15-14)
    last seen2020-06-05
    modified2015-06-26
    plugin id84416
    published2015-06-26
    reporterThis script is Copyright (C) 2015-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/84416
    titleopenSUSE Security Update : Adobe Flash Player (openSUSE-2015-450)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201507-13.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201507-13 (Adobe Flash Player: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Adobe Flash Player. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could possibly execute arbitrary code with the privileges of the process, cause a Denial of Service condition, obtain sensitive information, or bypass security restrictions. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id86083
    published2015-09-23
    reporterThis script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/86083
    titleGLSA-201507-13 : Adobe Flash Player: Multiple vulnerabilities (Underminer)
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_FLASH_PLAYER_APSB15-14.NASL
    descriptionThe version of Adobe Flash Player installed on the remote Mac OS X host is equal or prior to version 18.0.0.161. It is, therefore, affected by a remote code execution vulnerability due to improper validation of unspecified user-supplied input. A remote attacker can exploit this, via specially crafted Flash content, to cause a heap-based buffer overflow, resulting in the execution of arbitrary code.
    last seen2020-06-01
    modified2020-06-02
    plugin id84366
    published2015-06-24
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/84366
    titleAdobe Flash Player <= 18.0.0.161 RCE (APSB15-14) (Mac OS X)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2015-1137-1.NASL
    descriptionAdobe Flash Player was updated to 11.2.202.468, fixing a security issue, where attackers could have triggered a heap overflow and could have executed code. <a href=
    last seen2020-06-01
    modified2020-06-02
    plugin id84424
    published2015-06-26
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/84424
    titleSUSE SLED11 Security Update : flash-player (SUSE-SU-2015:1137-1)

Packetstorm

data sourcehttps://packetstormsecurity.com/files/download/132525/adobe_flash_nellymoser_bof.rb.txt
idPACKETSTORM:132525
last seen2016-12-05
published2015-07-03
reporterjuan vazquez
sourcehttps://packetstormsecurity.com/files/132525/Adobe-Flash-Player-Nellymoser-Audio-Decoding-Buffer-Overflow.html
titleAdobe Flash Player Nellymoser Audio Decoding Buffer Overflow

Redhat

advisories
rhsa
idRHSA-2015:1184
rpms
  • flash-plugin-0:11.2.202.468-1.el5
  • flash-plugin-0:11.2.202.468-1.el6_6

The Hacker News

idTHN:F7773C10A55DCB0235E45F39B23052C6
last seen2018-01-27
modified2015-06-25
published2015-06-25
reporterSwati Khandelwal
sourcehttps://thehackernews.com/2015/06/adobe-flash-player.html
titleAdobe Releases Emergency Patch for Flash Zero-Day Vulnerability

References