Think you have a false positive on this rule?

Sid 1-41706

Message

FILE-FLASH Adobe Flash Player invalid package script information use after free attempt

Summary

Use-after-free vulnerability in Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0.0.203 on Windows and OS X and before 11.2.202.481 on Linux, Adobe AIR before 18.0.0.180, Adobe AIR SDK before 18.0.0.180, and Adobe AIR SDK & Compiler before 18.0.0.180 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-3118, CVE-2015-3124, CVE-2015-3127, CVE-2015-3128, CVE-2015-3129, CVE-2015-3131, CVE-2015-3132, CVE-2015-3136, CVE-2015-3137, CVE-2015-4428, and CVE-2015-5117.

Impact

CVSS base score 10.0 CVSS impact score 10.0 CVSS exploitability score 10.0 confidentialityImpact COMPLETE integrityImpact COMPLETE availabilityImpact COMPLETE

CVE-2015-4430:

CVSS base score 10.0

CVSS impact score 10.0

CVSS exploitability score 10.0

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

Detailed information

CVE-2015-4430: Use-after-free vulnerability in Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0.0.203 on Windows and OS X and before 11.2.202.481 on Linux, Adobe AIR before 18.0.0.180, Adobe AIR SDK before 18.0.0.180, and Adobe AIR SDK & Compiler before 18.0.0.180 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-3118, CVE-2015-3124, CVE-2015-3127, CVE-2015-3128, CVE-2015-3129, CVE-2015-3131, CVE-2015-3132, CVE-2015-3136, CVE-2015-3137, CVE-2015-4428, and CVE-2015-5117.

Affected systems

  • adobe air 18.0.0.144
  • adobe air_sdk 18.0.0.144
  • adobe airsdk&_compiler 18.0.0.144
  • adobe flash_player 11.2.202.468
  • adobe flash_player 13.0.0.289
  • adobe flash_player 14.0.0.125
  • adobe flash_player 14.0.0.145
  • adobe flash_player 14.0.0.176
  • adobe flash_player 14.0.0.179
  • adobe flash_player 15.0.0.152
  • adobe flash_player 15.0.0.167
  • adobe flash_player 15.0.0.189
  • adobe flash_player 15.0.0.223
  • adobe flash_player 15.0.0.239
  • adobe flash_player 15.0.0.246
  • adobe flash_player 16.0.0.235
  • adobe flash_player 16.0.0.257
  • adobe flash_player 16.0.0.287
  • adobe flash_player 16.0.0.296
  • adobe flash_player 17.0.0.134
  • adobe flash_player 17.0.0.169
  • adobe flash_player 17.0.0.188
  • adobe flash_player 17.0.0.190
  • adobe flash_player 18.0.0.160
  • adobe flash_player 18.0.0.194

Ease of attack

CVE-2015-4430:

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

False positives

None known

False negatives

None known

Corrective action

Upgrade to the latest non-affected version of the software.

Apply the appropriate vendor supplied patches.

Contributors

  • Talos research team.
  • This document was generated from data supplied by the national vulnerability database, a product of the national institute of standards and technology.
  • For more information see nvd.

Additional References

  • helpx.adobe.com/security/products/flash-player/apsb15-16.html