CVE-2015-8446 — Vulnetix

CVE-2015-8446 PUBLISHED

Heap-based buffer overflow in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allows attackers to execute arbitrary code via an MP3 file with COMM tags that are mishandled during memory allocation, a different vulnerability than CVE-2015-8438.

EPSS 7.53% · 92.0th percentile

Risk Scores

EPSS Score

7.53%

92.0th percentile

Affected Products

Vendor	Product	Versions
Ubuntu:14.04:LTS	flashplugin-nonfree	0, 11.2.202.310ubuntu1, 11.2.202.327ubuntu0.13.10.1

Exploit Intelligence

(vulncheck-reported-exploitation)
(vulncheck-reported-exploitation)
(vulncheck-reported-exploitation)
(vulncheck-reported-exploitation)

Timeline

Jan 1, 2012 VulnCheck KEV Exploitation
Nov 16, 2012 VulnCheck KEV Exploitation
Mar 21, 2013 VulnCheck KEV Exploitation
Oct 22, 2014 VulnCheck KEV Exploitation
Dec 8, 2015 CVE Published
Feb 4, 2022 EPSS Score
Mar 29, 2022 EPSS Score
Jul 12, 2022 EPSS Score
Sep 3, 2022 EPSS Score
Dec 18, 2022 EPSS Score
Feb 8, 2023 EPSS Score
Mar 7, 2023 EPSS Score

References

https://ubuntu.com/security/CVE-2015-8446 third-party-advisory
https://helpx.adobe.com/security/products/flash-player/apsb15-32.html third-party-advisory
http://zerodayinitiative.com/advisories/ZDI-15-609 third-party-advisory
https://www.cve.org/CVERecord?id=CVE-2015-8446 third-party-advisory

Open in Interactive Console →