Back
CVE-2015-0311
CRITICAL
CISA KEV
Unspecified vulnerability in Adobe Flash Player through 13.0.0.262 and 14.x, 15.x, and 16.x through 16.0.0.287 on Windows and OS X and through 11.2.202.438 on Linux allows remote attackers to execute arbitrary code via unknown vectors, as exploited in the wild in January 2015.
Published: Jan 23, 2015
Modified: Apr 21, 2026
NVD-CWE-noinfo
CVSS Metrics
CVSSv3
Attack Vector:
NETWORK
Attack Complexity:
LOW
Privileges Required:
NONE
User Interaction:
NONE
Scope:
UNCHANGED
Confidentiality Impact:
HIGH
Integrity Impact:
HIGH
Availability Impact:
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products (9)
| Vendor | Product | Version |
|---|---|---|
| adobe | flash_player | * |
| adobe | flash_player | * |
| adobe | flash_player | * ≥ 14.0.0.125 < 16.0.0.287 |
| suse | linux_enterprise_desktop | 11 |
| suse | linux_enterprise_desktop | 12 |
| suse | linux_enterprise_workstation_extension | 12 |
| microsoft | internet_explorer | 10 |
| microsoft | internet_explorer | 11 |
| microsoft | edge | - |
GitHub Security Advisory GHSA-xvc3-rmmw-6hxp
Unspecified vulnerability in Adobe Flash Player through 13.0.0.262 and 14.x, 15.x, and 16.x...
References (30)
- http://helpx.adobe.com/security/products/flash-player/apsa15-01.html Vendor Advisory
- http://helpx.adobe.com/security/products/flash-player/apsb15-03.html Broken Link
- http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00027.html Mailing List, Third Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00031.html Mailing List, Third Party Advisory
- http://malware.dontneedcoffee.com/2015/01/unpatched-vulnerability-0day-in-flash.html Third Party Advisory
- http://secunia.com/advisories/62432 Broken Link
- http://secunia.com/advisories/62543 Broken Link
- http://secunia.com/advisories/62650 Broken Link
- http://secunia.com/advisories/62660 Broken Link
- http://secunia.com/advisories/62740 Broken Link
- http://security.gentoo.org/glsa/glsa-201502-02.xml Third Party Advisory
- http://www.securityfocus.com/bid/72283 Broken Link, Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1031597 Broken Link, Third Party Advisory, VDB Entry
- https://technet.microsoft.com/library/security/2755801 Patch, Vendor Advisory
- http://helpx.adobe.com/security/products/flash-player/apsa15-01.html Vendor Advisory
Risk Scores
CVSS Score
9.8 / 10
EPSS Score
92.55%
Top 0% most likely to be exploited
Threat Score
97 / 100
CISA Known Exploited
Date Added:
2022-04-13
Due Date:
2022-05-04
Required Action:
The impacted product is end-of-life and should be disconnected if still in use.
Data Sources
NVD
CISA KEV
EPSS
GitHub