Vulnerabilities > CVE-2015-7645 - Remote Code Execution vulnerability in Adobe Flash Player

047910
CVSS 9.3 - CRITICAL
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
network
adobe
apple
microsoft
linux
critical
nessus
exploit available

Summary

Adobe Flash Player 18.x through 18.0.0.252 and 19.x through 19.0.0.207 on Windows and OS X and 11.x through 11.2.202.535 on Linux allows remote attackers to execute arbitrary code via a crafted SWF file, as exploited in the wild in October 2015.

Vulnerable Configurations

Part Description Count
Application
Adobe
370
OS
Apple
1
OS
Microsoft
1
OS
Linux
1

Exploit-Db

descriptionAdobe Flash IExternalizable.writeExternal - Type Confusion. CVE-2015-7645. Dos exploits for multiple platform
fileexploits/multiple/dos/38490.txt
idEDB-ID:38490
last seen2016-02-04
modified2015-10-19
platformmultiple
port
published2015-10-19
reporterGoogle Security Research
sourcehttps://www.exploit-db.com/download/38490/
titleAdobe Flash IExternalizable.writeExternal - Type Confusion
typedos

Nessus

  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_84147B46E876486DB746339EE45A8BB9.NASL
    descriptionAdobe reports : These updates resolve type confusion vulnerabilities that could lead to code execution (CVE-2015-7645, CVE-2015-7647, CVE-2015-7648).
    last seen2020-06-01
    modified2020-06-02
    plugin id86433
    published2015-10-19
    reporterThis script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/86433
    titleFreeBSD : flash -- remote code execution (84147b46-e876-486d-b746-339ee45a8bb9)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2015-1770-1.NASL
    descriptionflash-player was updated to fix one security issue. This security issue was fixed : - CVE-2015-7645: Critical vulnerability affecting 11.2.202.535 used in Pawn Storm (APSA15-05) (bsc#950474). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id86441
    published2015-10-19
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/86441
    titleSUSE SLED12 Security Update : flash-player (SUSE-SU-2015:1770-1)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2015-2024.NASL
    descriptionAn updated Adobe Flash Player package that fixes multiple security issues is now available for Red Hat Enterprise Linux 5 Supplementary. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities, detailed in the Adobe Security Bulletins APSB15-25, APSB15-27, and APSB15-28 listed in the References section, could allow an attacker to create a specially crafted SWF file that would cause flash-plugin to crash, execute arbitrary code, or disclose sensitive information when the victim loaded a page containing the malicious SWF content. (CVE-2015-5569, CVE-2015-7625, CVE-2015-7626, CVE-2015-7627, CVE-2015-7628, CVE-2015-7629, CVE-2015-7630, CVE-2015-7631, CVE-2015-7632, CVE-2015-7633, CVE-2015-7634, CVE-2015-7635, CVE-2015-7636, CVE-2015-7637, CVE-2015-7638, CVE-2015-7639, CVE-2015-7640, CVE-2015-7641, CVE-2015-7642, CVE-2015-7643, CVE-2015-7644, CVE-2015-7645, CVE-2015-7647, CVE-2015-7648, CVE-2015-7651, CVE-2015-7652, CVE-2015-7653, CVE-2015-7654, CVE-2015-7655, CVE-2015-7656, CVE-2015-7657, CVE-2015-7658, CVE-2015-7659, CVE-2015-7660, CVE-2015-7661, CVE-2015-7662, CVE-2015-7663, CVE-2015-8042, CVE-2015-8043, CVE-2015-8044, CVE-2015-8046) All users of Adobe Flash Player should install this updated package, which upgrades Flash Player to version 11.2.202.548.
    last seen2020-06-01
    modified2020-06-02
    plugin id86862
    published2015-11-12
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/86862
    titleRHEL 5 : flash-plugin (RHSA-2015:2024)
  • NASL familyWindows
    NASL idSMB_KB3105216.NASL
    descriptionThe remote Windows host is missing KB3105216. It is, therefore, affected by multiple vulnerabilities : - Multiple type confusion errors exist that allow a remote attacker to execute arbitrary code. (CVE-2015-7645, CVE-2015-7647, CVE-2015-7648)
    last seen2020-06-01
    modified2020-06-02
    plugin id86469
    published2015-10-20
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/86469
    titleMS KB3105216: Update for Vulnerabilities in Adobe Flash Player in Internet Explorer and Microsoft Edge
  • NASL familyWindows
    NASL idFLASH_PLAYER_APSB15-27.NASL
    descriptionThe version of Adobe Flash Player installed on the remote Windows host is equal or prior to version 19.0.0.207. It is, therefore, affected by multiple vulnerabilities : - Multiple type confusion errors exist that allow a remote attacker to execute arbitrary code. (CVE-2015-7645, CVE-2015-7647, CVE-2015-7648)
    last seen2020-06-01
    modified2020-06-02
    plugin id86423
    published2015-10-19
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/86423
    titleAdobe Flash Player <= 19.0.0.207 Vulnerability (APSB15-27)
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_FLASH_PLAYER_APSB15-27.NASL
    descriptionThe version of Adobe Flash Player installed on the remote Mac OS X host is equal or prior to version 19.0.0.207. It is, therefore, affected by multiple vulnerabilities : - Multiple type confusion errors exist that allow a remote attacker to execute arbitrary code. (CVE-2015-7645, CVE-2015-7647, CVE-2015-7648)
    last seen2020-06-01
    modified2020-06-02
    plugin id86424
    published2015-10-19
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/86424
    titleAdobe Flash Player for Mac <= 19.0.0.207 Vulnerability (APSB15-27)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201511-02.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201511-02 (Adobe Flash Player: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Adobe Flash Player. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could possibly execute arbitrary code with the privileges of the process, cause a Denial of Service condition, obtain sensitive information, or bypass security restrictions. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id86908
    published2015-11-18
    reporterThis script is Copyright (C) 2015 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/86908
    titleGLSA-201511-02 : Adobe Flash Player: Multiple vulnerabilities
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2015-1913.NASL
    descriptionAn updated Adobe Flash Player package that fixes three security issues is now available for Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes three vulnerabilities in Adobe Flash Player. These vulnerabilities, detailed in the Adobe Security Bulletin APSB15-27 listed in the References section, could allow an attacker to create a specially crafted SWF file that would cause flash-plugin to crash, execute arbitrary code, or disclose sensitive information when the victim loaded a page containing the malicious SWF content. (CVE-2015-7645, CVE-2015-7647, CVE-2015-7648) All users of Adobe Flash Player should install this updated package, which upgrades Flash Player to version 11.2.202.540.
    last seen2020-06-01
    modified2020-06-02
    plugin id86439
    published2015-10-19
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/86439
    titleRHEL 6 : flash-plugin (RHSA-2015:1913)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2015-1771-1.NASL
    descriptionflash-player was updated to fix one security issue. This security issue was fixed : - CVE-2015-7645: Critical vulnerability affecting 11.2.202.535 used in Pawn Storm (APSA15-05) (bsc#950474). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id86442
    published2015-10-19
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/86442
    titleSUSE SLED11 Security Update : flash-player (SUSE-SU-2015:1771-1)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2015-665.NASL
    descriptionflash-player was updated to fix one security issue. This security issue was fixed : - CVE-2015-7645: Critical vulnerability affecting 11.2.202.535 used in Pawn Storm (APSA15-05) (bsc#950474).
    last seen2020-06-05
    modified2015-10-19
    plugin id86436
    published2015-10-19
    reporterThis script is Copyright (C) 2015-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/86436
    titleopenSUSE Security Update : flash-player (openSUSE-2015-665)
  • NASL familyWindows
    NASL idGOOGLE_CHROME_46_0_2490_80.NASL
    descriptionThe version of Google Chrome installed on the remote Windows host is prior to 46.0.2490.80. It is, therefore, affected by multiple vulnerabilities : - Multiple type confusion errors exist that allow a remote attacker to execute arbitrary code. (CVE-2015-7645, CVE-2015-7647, CVE-2015-7648)
    last seen2020-06-01
    modified2020-06-02
    plugin id86598
    published2015-10-26
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/86598
    titleGoogle Chrome < 46.0.2490.80 Multiple Vulnerabilities
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_GOOGLE_CHROME_46_0_2490_80.NASL
    descriptionThe version of Google Chrome installed on the remote Mac OS X host is prior to 46.0.2490.80. It is, therefore, affected by multiple vulnerabilities : - Multiple type confusion errors exist that allow a remote attacker to execute arbitrary code. (CVE-2015-7645, CVE-2015-7647, CVE-2015-7648)
    last seen2020-06-01
    modified2020-06-02
    plugin id86599
    published2015-10-26
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/86599
    titleGoogle Chrome < 46.0.2490.80 Multiple Vulnerabilities (Mac OS X)

Redhat

advisories
  • rhsa
    idRHSA-2015:1913
  • rhsa
    idRHSA-2015:2024
rpms
  • flash-plugin-0:11.2.202.540-1.el6_7
  • flash-plugin-0:11.2.202.548-1.el5

The Hacker News