CVE-2015-0311

Known Exploited (CISA KEV)CRITICAL

9.8

CVSS Severity Score

EPSS Score77.6090%

EPSS Percentile96.55th

PublishedJan 23, 2015

Last ModifiedApr 21, 2026

Vulnerability Description

Unspecified vulnerability in Adobe Flash Player through 13.0.0.262 and 14.x, 15.x, and 16.x through 16.0.0.287 on Windows and OS X and through 11.2.202.438 on Linux allows remote attackers to execute arbitrary code via unknown vectors, as exploited in the wild in January 2015.

Affected Platforms (CPE)

📦

Adobe

Flash Player

<= 11.2.202.438

📦

Adobe

Flash Player

<= 13.0.0.262

📦

Adobe

Flash Player

>= 14.0.0.125 and < 16.0.0.287

💻

Suse

Linux Enterprise Desktop

= 11

💻

Suse

Linux Enterprise Desktop

= 12

💻

Suse

Linux Enterprise Workstation Extension

= 12

📦

Microsoft

Internet Explorer

= 10

📦

Microsoft

Internet Explorer

= 11

📦

Microsoft

Edge

All versions

References & Advisories

🔗 http://helpx.adobe.com/security/products/flash-player/apsa15-01.html

🔗 http://helpx.adobe.com/security/products/flash-player/apsb15-03.html

🔗 http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00027.html

🔗 http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00031.html

🔗 http://malware.dontneedcoffee.com/2015/01/unpatched-vulnerability-0day-in-flash.html

🔗 http://secunia.com/advisories/62432

🔗 http://secunia.com/advisories/62543

🔗 http://secunia.com/advisories/62650

Vulnerability Description

Affected Platforms (CPE)

Flash Player

Flash Player

Flash Player

Linux Enterprise Desktop

Linux Enterprise Desktop

Linux Enterprise Workstation Extension

Internet Explorer

Internet Explorer

Edge

References & Advisories

Related Vulnerabilities