CVE-2015-3039: Use After Free
First published: Tue Apr 14 2015(Updated: )
Use-after-free vulnerability in Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-0349, CVE-2015-0351, and CVE-2015-0358.
Credit: psirt@adobe.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat enterprise linux desktop supplementary | =5.0 | |
| redhat enterprise linux desktop supplementary | =6.0 | |
| Red Hat Enterprise Linux Server Supplementary | =5.0 | |
| Red Hat Enterprise Linux Server Supplementary | =6.0 | |
| Red Hat Enterprise Linux Server Supplementary EUS | =6.6.z | |
| Red Hat Enterprise Linux Workstation Supplementary | =6.0 | |
| Adobe Acrobat Reader | <=11.2.202.451 | |
| Linux Kernel | ||
| openSUSE | =13.1 | |
| openSUSE | =13.2 | |
| SUSE Linux Enterprise Desktop | =11.0-sp3 | |
| SUSE Linux Enterprise Desktop | =12.0 | |
| SUSE Linux Workstation Extension | =12.0 | |
| Adobe Acrobat Reader | <=13.0.0.264 | |
| Adobe Acrobat Reader | =14.0.0.125 | |
| Adobe Acrobat Reader | =14.0.0.145 | |
| Adobe Acrobat Reader | =14.0.0.176 | |
| Adobe Acrobat Reader | =14.0.0.179 | |
| Adobe Acrobat Reader | =15.0.0.152 | |
| Adobe Acrobat Reader | =15.0.0.167 | |
| Adobe Acrobat Reader | =15.0.0.189 | |
| Adobe Acrobat Reader | =15.0.0.223 | |
| Adobe Acrobat Reader | =15.0.0.239 | |
| Adobe Acrobat Reader | =15.0.0.246 | |
| Adobe Acrobat Reader | =16.0.0.235 | |
| Adobe Acrobat Reader | =16.0.0.257 | |
| Adobe Acrobat Reader | =16.0.0.287 | |
| Adobe Acrobat Reader | =16.0.0.296 | |
| Adobe Acrobat Reader | =17.0.0.134 | |
| Apple iOS and macOS | ||
| Microsoft Windows |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00010.html
- http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00011.html
- http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00012.html
- http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00013.html
- http://rhn.redhat.com/errata/RHSA-2015-0813.html
- http://www.securityfocus.com/bid/74064
- http://www.securitytracker.com/id/1032105
- https://helpx.adobe.com/security/products/flash-player/apsb15-06.html
- https://security.gentoo.org/glsa/201504-07
Frequently Asked Questions
What is the severity of CVE-2015-3039?
CVE-2015-3039 is rated as critical due to its potential to allow arbitrary code execution on affected systems.
How do I fix CVE-2015-3039?
To fix CVE-2015-3039, update Adobe Flash Player to the latest version, as this vulnerability has been patched in subsequent releases.
Which versions of Adobe Flash Player are affected by CVE-2015-3039?
CVE-2015-3039 affects Adobe Flash Player versions before 13.0.0.281, 14.x through 17.x before 17.0.0.169, and also 11.2.202.457 on Linux.
What platforms are vulnerable to CVE-2015-3039?
CVE-2015-3039 affects Windows, OS X, and Linux platforms where the vulnerable versions of Adobe Flash Player are installed.
Can CVE-2015-3039 be exploited remotely?
Yes, CVE-2015-3039 can potentially be exploited remotely through various unspecified vectors.
- agent/type
- agent/references
- agent/severity
- agent/weakness
- agent/author
- agent/remedy
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/softwarecombine
- vendor/redhat
- canonical/redhat enterprise linux desktop supplementary
- version/redhat enterprise linux desktop supplementary/5.0
- version/redhat enterprise linux desktop supplementary/6.0
- canonical/red hat enterprise linux server supplementary
- version/red hat enterprise linux server supplementary/5.0
- version/red hat enterprise linux server supplementary/6.0
- canonical/red hat enterprise linux server supplementary eus
- version/red hat enterprise linux server supplementary eus/6.6.z
- canonical/red hat enterprise linux workstation supplementary
- version/red hat enterprise linux workstation supplementary/6.0
- vendor/adobe
- canonical/adobe acrobat reader
- version/adobe acrobat reader/11.2.202.451
- vendor/linux
- canonical/linux kernel
- vendor/opensuse
- canonical/opensuse
- version/opensuse/13.1
- version/opensuse/13.2
- vendor/suse
- canonical/suse linux enterprise desktop
- version/suse linux enterprise desktop/11.0-sp3
- version/suse linux enterprise desktop/12.0
- canonical/suse linux workstation extension
- version/suse linux workstation extension/12.0
- version/adobe acrobat reader/13.0.0.264
- version/adobe acrobat reader/14.0.0.125
- version/adobe acrobat reader/14.0.0.145
- version/adobe acrobat reader/14.0.0.176
- version/adobe acrobat reader/14.0.0.179
- version/adobe acrobat reader/15.0.0.152
- version/adobe acrobat reader/15.0.0.167
- version/adobe acrobat reader/15.0.0.189
- version/adobe acrobat reader/15.0.0.223
- version/adobe acrobat reader/15.0.0.239
- version/adobe acrobat reader/15.0.0.246
- version/adobe acrobat reader/16.0.0.235
- version/adobe acrobat reader/16.0.0.257
- version/adobe acrobat reader/16.0.0.287
- version/adobe acrobat reader/16.0.0.296
- version/adobe acrobat reader/17.0.0.134
- vendor/apple
- canonical/apple ios and macos
- vendor/microsoft
- canonical/microsoft windows