CVE-2015-0304

Heap-based buffer overflow in Adobe Flash Player before 13.0.0.260 and 14.x through 16.x before 16.0.0.257 on Windows and OS X and before 11.2.202.429 on Linux, Adobe AIR before 16.0.0.245 on Windows and OS X and before 16.0.0.272 on Android, Adobe AIR SDK before 16.0.0.272, and Adobe AIR SDK & Compiler before 16.0.0.272 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-0309.

Published: Jan 14, 2015
Updated: Apr 13, 2023
CVE: CVE-2015-0304
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 10
AV:N/AC:L/Au:N/C:C/I:C/A:C

CWEs:

CWE-119

Affected Software
References

Software	From	Fixed in
adobe / adobe_air_sdk	-	15.0.0.356.x
adobe / adobe_air	-	15.0.0.356.x
adobe / adobe_air_sdk_and_compiler	-	15.0.0.356.x
adobe / flash_player	-	13.0.0.259.x
adobe / flash_player	14.0.0.125	14.0.0.125.x
adobe / flash_player	14.0.0.145	14.0.0.145.x
adobe / flash_player	14.0.0.176	14.0.0.176.x
adobe / flash_player	14.0.0.179	14.0.0.179.x
adobe / flash_player	15.0.0.144	15.0.0.144.x
adobe / flash_player	15.0.0.152	15.0.0.152.x
adobe / flash_player	15.0.0.167	15.0.0.167.x
adobe / flash_player	15.0.0.189	15.0.0.189.x
adobe / flash_player	15.0.0.223	15.0.0.223.x
adobe / flash_player	15.0.0.238	15.0.0.238.x
adobe / flash_player	15.0.0.239	15.0.0.239.x
adobe / flash_player	15.0.0.246	15.0.0.246.x
adobe / flash_player	16.0.0.234	16.0.0.234.x
adobe / flash_player	16.0.0.235	16.0.0.235.x
adobe / flash_player	-	11.2.202.425.x

Vulnerability Database

289,697

CVE-2015-0304