CVE-2015-0310

ENISA EUVD: EUVD-2015-0323 ↗

Exploited in the Wild ✓ Confirmed 0-Day ★ Google Project Zero

Triaged: March 5, 2026 1 article Published: 2015-01-23

VulnLookup ↗ NVD ↗ EUVD ↗ MITRE ↗ Advisory ↗ P0 Sheet ↗ CISA KEV ↗

EPSS Score

Source: FIRST.org · 2026-05-23

10.11%

probability

This CVE has a 10.11% probability of being exploited in the next 30 days.

0% Top 93.2th percentile of all CVEs 100%

CVSS v3.1

Source: VulnerabilityLookup (CIRCL)

7.8

HIGH

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS v2 (legacy)

10.0

HIGH

Access Vector

Network

Access Complexity

Low

Authentication

None

Confidentiality

Complete

Integrity

Complete

Availability

Complete

AV:N/AC:L/Au:N/C:C/I:C/A:C

Description

VulnerabilityLookup (CNA)

Adobe Flash Player before 13.0.0.262 and 14.x through 16.x before 16.0.0.287 on Windows and OS X and before 11.2.202.438 on Linux does not properly restrict discovery of memory addresses, which allows attackers to bypass the ASLR protection mechanism on Windows, and have an unspecified impact on other platforms, via unknown vectors, as exploited in the wild in January 2015.

Affected Products

n/a

adobe

flash player

n/a

Attack Intelligence

CWE-200 · Information Exposure CWE-664 · Improper Control of a Resource Through its Lifetime CWE-668 · Exposure of Resource to Wrong Sphere

Google Project Zero

Discovered

Jan. 16, 2015

Patched

Jan. 22, 2015

Reported by

Yang Dingning, working with the Chromium Vulnerability Rewards Program, Timo Hirvonen of F-Secure and Kafeine

Root Cause Analysis

???

http://security.gentoo.org/glsa/glsa-201502-02.xml

vendor-advisory x_refsource_GENTOO

http://www.securityfocus.com/bid/72261

vdb-entry x_refsource_BID

http://secunia.com/advisories/62660

third-party-advisory x_refsource_SECUNIA

http://secunia.com/advisories/62740

third-party-advisory x_refsource_SECUNIA

http://www.securitytracker.com/id/1031609

vdb-entry x_refsource_SECTRACK

http://helpx.adobe.com/security/products/flash-player/apsb15-02.html

x_refsource_CONFIRM

Signal Intelligence

Confidenceⓘ

95%

EPSS 10.11%

CVSS v3.1 7.8

Mentions 1

Last Seen Jan 21, 2015

CNA Information

CNA Assigner

adobe

Analyst Note

Auto-imported from Google Project Zero — confirmed zero-day by definition.

Triage Info

Decided atMar 05, 2026

Published DateJan 23, 2015