CVE DATABASE / CVE-2015-0310
CVE-2015-0310
Adobe Flash Player ASLR Bypass Vulnerability
Confirmed exploited in the wild. Added 2022-05-25.
Federal remediation due 2022-06-15.
Required action: The impacted product is end-of-life and should be disconnected if still in use.
Summary
Adobe Flash Player before 13.0.0.262 and 14.x through 16.x before 16.0.0.287 on Windows and OS X and before 11.2.202.438 on Linux does not properly restrict discovery of memory addresses, which allows attackers to bypass the ASLR protection mechanism on Windows, and have an unspecified impact on other platforms, via unknown vectors, as exploited in the wild in January 2015.
CVSS 3.1 breakdown
| Base score | 7.8 (HIGH) |
| Vector | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
| Attack vector | LOCAL |
| Attack complexity | LOW |
| Privileges required | NONE |
| User interaction | REQUIRED |
| Scope | UNCHANGED |
| Confidentiality | HIGH |
| Integrity | HIGH |
| Availability | HIGH |
Weakness type (CWE)
Affected products
Use our free CVE Lookup tool for the latest NVD record, or browse the full CISA KEV catalog.
References
- http://helpx.adobe.com/security/products/flash-player/apsb15-02.html
- http://secunia.com/advisories/62452
- http://secunia.com/advisories/62601
- http://secunia.com/advisories/62660
- http://secunia.com/advisories/62740
- http://security.gentoo.org/glsa/glsa-201502-02.xml
- http://www.securityfocus.com/bid/72261
- http://www.securitytracker.com/id/1031609
- https://github.com/cisagov/vulnrichment/issues/196
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2015-0310
Data: NIST NVD + CISA KEV. NVD last modified 2026-04-21. Always verify against the vendor advisory before acting.