CVE-2015-0354
First published: Tue Apr 14 2015(Updated: )
Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-0347, CVE-2015-0350, CVE-2015-0352, CVE-2015-0353, CVE-2015-0355, CVE-2015-0360, CVE-2015-3038, CVE-2015-3041, CVE-2015-3042, and CVE-2015-3043.
Credit: psirt@adobe.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Adobe Acrobat Reader | <=11.2.202.451 | |
| Linux Kernel | ||
| Adobe Acrobat Reader | <=13.0.0.264 | |
| Adobe Acrobat Reader | =14.0.0.125 | |
| Adobe Acrobat Reader | =14.0.0.145 | |
| Adobe Acrobat Reader | =14.0.0.176 | |
| Adobe Acrobat Reader | =14.0.0.179 | |
| Adobe Acrobat Reader | =15.0.0.152 | |
| Adobe Acrobat Reader | =15.0.0.167 | |
| Adobe Acrobat Reader | =15.0.0.189 | |
| Adobe Acrobat Reader | =15.0.0.223 | |
| Adobe Acrobat Reader | =15.0.0.239 | |
| Adobe Acrobat Reader | =15.0.0.246 | |
| Adobe Acrobat Reader | =16.0.0.235 | |
| Adobe Acrobat Reader | =16.0.0.257 | |
| Adobe Acrobat Reader | =16.0.0.287 | |
| Adobe Acrobat Reader | =16.0.0.296 | |
| Adobe Acrobat Reader | =17.0.0.134 | |
| Apple iOS and macOS | ||
| Microsoft Windows | ||
| openSUSE | =13.1 | |
| openSUSE | =13.2 | |
| SUSE Linux Enterprise Desktop | =11.0-sp3 | |
| SUSE Linux Enterprise Desktop | =12.0 | |
| SUSE Linux Workstation Extension | =12.0 | |
| redhat enterprise linux desktop supplementary | =5.0 | |
| redhat enterprise linux desktop supplementary | =6.0 | |
| Red Hat Enterprise Linux Server Supplementary | =5.0 | |
| Red Hat Enterprise Linux Server Supplementary | =6.0 | |
| Red Hat Enterprise Linux Server Supplementary EUS | =6.6.z | |
| Red Hat Enterprise Linux Workstation Supplementary | =6.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00010.html
- http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00011.html
- http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00012.html
- http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00013.html
- http://rhn.redhat.com/errata/RHSA-2015-0813.html
- http://www.securityfocus.com/bid/74062
- http://www.securitytracker.com/id/1032105
- https://helpx.adobe.com/security/products/flash-player/apsb15-06.html
- https://security.gentoo.org/glsa/201504-07
Frequently Asked Questions
What is the severity of CVE-2015-0354?
CVE-2015-0354 has a critical severity rating, allowing attackers to execute arbitrary code or cause denial of service.
How do I fix CVE-2015-0354?
To fix CVE-2015-0354, update Adobe Flash Player to version 17.0.0.169 or later.
Which versions of Adobe Flash Player are affected by CVE-2015-0354?
CVE-2015-0354 affects Adobe Flash Player versions before 13.0.0.281, 14.x through 17.x before 17.0.0.169 on Windows and OS X, and versions before 11.2.202.457 on Linux.
What platforms are vulnerable to CVE-2015-0354?
CVE-2015-0354 affects Windows, OS X, and Linux platforms running the specified vulnerable versions of Adobe Flash Player.
Is it safe to use outdated versions of Adobe Flash Player affected by CVE-2015-0354?
Using outdated versions of Adobe Flash Player affected by CVE-2015-0354 is not safe, as they are susceptible to code execution and denial of service attacks.
- agent/type
- agent/references
- agent/author
- agent/severity
- agent/remedy
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/first-publish-date
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/adobe
- canonical/adobe acrobat reader
- version/adobe acrobat reader/11.2.202.451
- vendor/linux
- canonical/linux kernel
- version/adobe acrobat reader/13.0.0.264
- version/adobe acrobat reader/14.0.0.125
- version/adobe acrobat reader/14.0.0.145
- version/adobe acrobat reader/14.0.0.176
- version/adobe acrobat reader/14.0.0.179
- version/adobe acrobat reader/15.0.0.152
- version/adobe acrobat reader/15.0.0.167
- version/adobe acrobat reader/15.0.0.189
- version/adobe acrobat reader/15.0.0.223
- version/adobe acrobat reader/15.0.0.239
- version/adobe acrobat reader/15.0.0.246
- version/adobe acrobat reader/16.0.0.235
- version/adobe acrobat reader/16.0.0.257
- version/adobe acrobat reader/16.0.0.287
- version/adobe acrobat reader/16.0.0.296
- version/adobe acrobat reader/17.0.0.134
- vendor/apple
- canonical/apple ios and macos
- vendor/microsoft
- canonical/microsoft windows
- vendor/opensuse
- canonical/opensuse
- version/opensuse/13.1
- version/opensuse/13.2
- vendor/suse
- canonical/suse linux enterprise desktop
- version/suse linux enterprise desktop/11.0-sp3
- version/suse linux enterprise desktop/12.0
- canonical/suse linux workstation extension
- version/suse linux workstation extension/12.0
- vendor/redhat
- canonical/redhat enterprise linux desktop supplementary
- version/redhat enterprise linux desktop supplementary/5.0
- version/redhat enterprise linux desktop supplementary/6.0
- canonical/red hat enterprise linux server supplementary
- version/red hat enterprise linux server supplementary/5.0
- version/red hat enterprise linux server supplementary/6.0
- canonical/red hat enterprise linux server supplementary eus
- version/red hat enterprise linux server supplementary eus/6.6.z
- canonical/red hat enterprise linux workstation supplementary
- version/red hat enterprise linux workstation supplementary/6.0