CVE-2015-3104

Integer overflow in Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160 on Windows and OS X and before 11.2.202.466 on Linux, Adobe AIR before 18.0.0.144 on Windows and before 18.0.0.143 on OS X and Android, Adobe AIR SDK before 18.0.0.144 on Windows and before 18.0.0.143 on OS X, and Adobe AIR SDK & Compiler before 18.0.0.144 on Windows and before 18.0.0.143 on OS X allows attackers to execute arbitrary code via unspecified vectors.

Published: Jun 10, 2015
Updated: Apr 13, 2023
CVE: CVE-2015-3104
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 10
AV:N/AC:L/Au:N/C:C/I:C/A:C

CWEs:

CWE-189

Affected Software
References

Software	From	Fixed in
adobe / air	-	17.0.0.144.x
google / android	-	-
adobe / air	-	17.0.0.172.x
adobe / air_sdk	-	17.0.0.172.x
adobe / air_sdk_&_compiler	-	17.0.0.172.x
adobe / flash_player	-	11.2.202.460.x
adobe / flash_player	-	13.0.0.289.x
adobe / flash_player	14.0.0.125	14.0.0.125.x
adobe / flash_player	14.0.0.145	14.0.0.145.x
adobe / flash_player	14.0.0.176	14.0.0.176.x
adobe / flash_player	14.0.0.179	14.0.0.179.x
adobe / flash_player	15.0.0.152	15.0.0.152.x
adobe / flash_player	15.0.0.167	15.0.0.167.x
adobe / flash_player	15.0.0.189	15.0.0.189.x
adobe / flash_player	15.0.0.223	15.0.0.223.x
adobe / flash_player	15.0.0.239	15.0.0.239.x
adobe / flash_player	15.0.0.246	15.0.0.246.x
adobe / flash_player	16.0.0.235	16.0.0.235.x
adobe / flash_player	16.0.0.257	16.0.0.257.x
adobe / flash_player	16.0.0.287	16.0.0.287.x
adobe / flash_player	16.0.0.296	16.0.0.296.x
adobe / flash_player	17.0.0.134	17.0.0.134.x
adobe / flash_player	17.0.0.169	17.0.0.169.x
adobe / flash_player	17.0.0.188	17.0.0.188.x

Vulnerability Database

289,599

CVE-2015-3104