CVE-2015-0311 Detail Modified This vulnerability has been modified since it was last analyzed by the NVD. It is awaiting reanalysis which may result in further changes to the information provided. Current Description Unspecified vulnerability in Adobe Flash Player through 13.0.0.262 and 14.x, 15.x, and 16.x through 16.0.0.287 on Windows and OS X and through 11.2.202.438 on Linux allows remote attackers to execute arbitrary code via unknown vectors, as exploited in the wild in January 2015.

View Analysis Description Analysis Description Unspecified vulnerability in Adobe Flash Player through 13.0.0.262 and 14.x, 15.x, and 16.x through 16.0.0.287 on Windows and OS X and through 11.2.202.438 on Linux allows remote attackers to execute arbitrary code via unknown vectors, as exploited in the wild in January 2015. Severity CVSS Version 3.x CVSS Version 2.0



CVSS 3.x Severity and Metrics:

NIST: NVD Base Score: N/A NVD score not yet provided. CVSS 2.0 Severity and Metrics:



NIST: NVD Base Score: 10.0 HIGH Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C) Weakness Enumeration CWE-ID CWE Name Source NVD-CWE-noinfo Insufficient Information NIST Known Affected Software Configurations Switch to CPE 2.2 CPEs loading, please wait. Denotes Vulnerable Software

Are we missing a CPE here? Please let us know.

Change History 5 change records found show changes CVE Modified by Source 2/13/2015 10:0:01 PM Action Type Old Value New Value Added Reference http://security.gentoo.org/glsa/glsa-201502-02.xml



CVE Modified by Source 2/10/2015 10:1:14 PM Action Type Old Value New Value Added Reference http://secunia.com/advisories/62543



Added Reference https://technet.microsoft.com/library/security/2755801



CVE Modified by Source 2/05/2015 10:0:03 PM Action Type Old Value New Value Added Reference http://helpx.adobe.com/security/products/flash-player/apsb15-03.html



Added Reference http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00027.html



Added Reference http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00031.html



Added Reference http://malware.dontneedcoffee.com/2015/01/unpatched-vulnerability-0day-in-flash.html



Added Reference http://secunia.com/advisories/62432



Added Reference http://secunia.com/advisories/62650



Added Reference http://secunia.com/advisories/62660



Added Reference http://secunia.com/advisories/62740



Added Reference http://www.securityfocus.com/bid/72283



Added Reference http://www.securitytracker.com/id/1031597



Modified Analysis 1/26/2015 11:11:22 AM Action Type Old Value New Value Added CPE Configuration Record truncated, showing 500 of 1358 characters.

View Entire Change Record

Configuration 1 AND OR *cpe:2.3:a:adobe:flash_player:11.2.202.438:*:*:*:*:*:*:* (and previous) OR cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:* Configuration 2 AND OR *cpe:2.3:a:adobe:flash_player:15.0.0.167:*:*:*:*:*:*:* *cpe:2.3:a:adobe:flash_player:15.0.0.152:*:*:*:*:*:*:* *cpe:2.3:a:adobe:flash_player:14.0.0.179:*:*:*:*:*:*:* *cpe:2.3:a:adobe:flash_player:16.0.0.25 Added CVSS V2 (AV:N/AC:L/Au:N/C:C/I:C/A:C)



Added CWE NVD-CWE-noinfo



Changed Reference Type http://helpx.adobe.com/security/products/flash-player/apsa15-01.html No Types Assigned



http://helpx.adobe.com/security/products/flash-player/apsa15-01.html Advisory, Patch



Initial CVE Analysis 1/26/2015 10:49:38 AM Action Type Old Value New Value Quick Info CVE Dictionary Entry:

CVE-2015-0311

NVD Published Date:

01/23/2015

NVD Last Modified:

02/13/2015

Source:

MITRE

