製品・ソフトウェアに関する情報

JVN脆弱性詳細

Adobe Flash Player におけるバッファオーバーフローの脆弱性

Title	Adobe Flash Player におけるバッファオーバーフローの脆弱性
Summary	Adobe Flash Player には、バッファオーバーフローの脆弱性が存在します。
Possible impacts	攻撃者により、任意のコードを実行される可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	Feb. 5, 2015, midnight
Registration Date	Feb. 12, 2015, 1:39 p.m.
Last Update	March 2, 2015, 2:53 p.m.

CVSS2.0 : 危険
Score	10
Vector	AV:N/AC:L/Au:N/C:C/I:C/A:C

Affected System

マイクロソフト

Microsoft Internet Explorer 10 (Windows 8/Windows Server 2012/Windows RT)

Microsoft Internet Explorer 11 (Windows 8.1/Windows Server 2012 R2/Windows RT 8.1)

アドビシステムズ

Adobe Flash Player 11.2.202.442 未満 (Linux)

Adobe Flash Player 16.0.0.305 未満 (Internet Explorer 10/11)

Adobe Flash Player 16.0.0.305 未満 (Windows/Machintosh/Linux 版の Chrome)

Adobe Flash Player デスクトップランタイム 16.0.0.305 未満 (Windows/Macintosh)

Adobe Flash Player 継続サポートリリース 13.0.0.269 未満 (Windows/Macintosh)

Google

Google Chrome 40.0.2214.115 未満 (Windows/Machintosh/Linux)

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2015-0324	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0324
National Vulnerability Database (NVD)
2	CVE-2015-0324	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0324

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-119	https://jvndb.jvn.jp/ja/cwe/CWE-119.html

ベンダー情報

No	Name	URL
Adobe Security Bulletin
1	APSB15-04	https://helpx.adobe.com/security/products/flash-player/apsb15-04.html
Adobe セキュリティ情報
2	APSB15-04	https://helpx.adobe.com/jp/security/products/flash-player/apsb15-04.html
Google
3	Chrome Releases	http://googlechromereleases.blogspot.jp/
4	Google Chrome	https://www.google.com/intl/ja/chrome/browser/features.html
5	Google Chrome を更新する	https://support.google.com/chrome/answer/95414?hl=ja
6	Stable Channel Update	http://googlechromereleases.blogspot.jp/2015/02/stable-channel-update_19.html
Microsoft Security Advisory
7	Update for Vulnerabilities in Adobe Flash Player in Internet Explorer (2755801)	https://technet.microsoft.com/en-us/library/security/2755801
Red Hat Security Advisory
8	RHSA-2015:0140	https://rhn.redhat.com/errata/RHSA-2015-0140.html
マイクロソフトセキュリティアドバイザリ
9	Internet Explorer 上の Adobe Flash Player の脆弱性に対応する更新プログラム (2755801)	https://technet.microsoft.com/ja-jp/library/security/2755801
富士通セキュリティ情報
10	アドビシステムズ社 Adobe Flash Player の脆弱性に関するお知らせ	http://www.fmworld.net/biz/common/adobe/20150209f.html

その他

No	Name	URL
IPA 重要なセキュリティ情報
1	Adobe Flash Player の脆弱性対策について(APSB15-04)(CVE-2015-0313等)	http://www.ipa.go.jp/security/ciadr/vul/20150206-adobeflashplayer.html
JPCERT 注意喚起
2	JPCERT-AT-2015-0005	http://www.jpcert.or.jp/at/2015/at150005.html
警察庁 @police
3	アドビシステムズ社の Adobe Flash Player のセキュリティ修正プログラムについて(2015年02月06日)	http://www.npa.go.jp/cyberpolice/topics/?seq=15322

Change Log

No	Changed Details	Date of change
0	[2015年02月12日] 掲載 [2015年03月02日] 影響を受けるシステム：ベンダ情報の追加に伴い内容を更新ベンダ情報：Google (Stable Channel Update) を追加ベンダ情報：レッドハット (RHSA-2015:0140) を追加	Feb. 17, 2018, 10:37 a.m.

NVD Vulnerability Information

CVE-2015-0324

Summary	Buffer overflow in Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows attackers to execute arbitrary code via unspecified vectors.
Publication Date	Feb. 6, 2015, 9:59 a.m.
Registration Date	Jan. 26, 2021, 2:44 p.m.
Last Update	Nov. 21, 2024, 11:22 a.m.

Affected software configurations

Configuration1		or higher	or less	more than	less than
cpe:2.3:a:adobe:flash_player::::::::			13.0.0.264
cpe:2.3:a:adobe:flash_player:14.0.0.125:::::::*
cpe:2.3:a:adobe:flash_player:14.0.0.145:::::::*
cpe:2.3:a:adobe:flash_player:14.0.0.176:::::::*
cpe:2.3:a:adobe:flash_player:14.0.0.179:::::::*
cpe:2.3:a:adobe:flash_player:15.0.0.152:::::::*
cpe:2.3:a:adobe:flash_player:15.0.0.167:::::::*
cpe:2.3:a:adobe:flash_player:15.0.0.189:::::::*
cpe:2.3:a:adobe:flash_player:15.0.0.223:::::::*
cpe:2.3:a:adobe:flash_player:15.0.0.239:::::::*
cpe:2.3:a:adobe:flash_player:15.0.0.246:::::::*
cpe:2.3:a:adobe:flash_player:16.0.0.235:::::::*
cpe:2.3:a:adobe:flash_player:16.0.0.257:::::::*
cpe:2.3:a:adobe:flash_player:16.0.0.287:::::::*
cpe:2.3:a:adobe:flash_player:16.0.0.296:::::::*
execution environment
1	cpe:2.3:o:apple:mac_os_x:-:::::::*
2	cpe:2.3:o:microsoft:windows:-:::::::*

Configuration2		or higher	or less	more than	less than
cpe:2.3:a:adobe:flash_player::::::::			11.2.202.440
execution environment
1	cpe:2.3:o:linux:linux_kernel:-:::::::*

Related information, measures and tools

No	URL	タグ
1	http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00006.html
2	http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00006.html
3	http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00007.html
4	http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00007.html
5	http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00008.html
6	http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00008.html
7	http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00009.html
8	http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00009.html
9	http://rhn.redhat.com/errata/RHSA-2015-0140.html
10	http://rhn.redhat.com/errata/RHSA-2015-0140.html
11	http://secunia.com/advisories/62777
12	http://secunia.com/advisories/62777
13	http://secunia.com/advisories/62886
14	http://secunia.com/advisories/62886
15	http://secunia.com/advisories/62895
16	http://secunia.com/advisories/62895
17	http://security.gentoo.org/glsa/glsa-201502-02.xml
18	http://security.gentoo.org/glsa/glsa-201502-02.xml
19	http://www.securityfocus.com/bid/72514
20	http://www.securityfocus.com/bid/72514
21	http://www.securitytracker.com/id/1031706
22	http://www.securitytracker.com/id/1031706
23	https://exchange.xforce.ibmcloud.com/vulnerabilities/100710
24	https://exchange.xforce.ibmcloud.com/vulnerabilities/100710
25	https://helpx.adobe.com/security/products/flash-player/apsb15-04.html	Patch Vendor Advisory
26	https://helpx.adobe.com/security/products/flash-player/apsb15-04.html	Patch Vendor Advisory
27	https://technet.microsoft.com/library/security/2755801
28	https://technet.microsoft.com/library/security/2755801

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-119	バッファエラー	https://cwe.mitre.org/data/definitions/118.html

Configuration1		or higher	or less	more than	less than
cpe:2.3:a:adobe:flash_player::::::::			13.0.0.264
cpe:2.3:a:adobe:flash_player:14.0.0.125:::::::*
cpe:2.3:a:adobe:flash_player:14.0.0.145:::::::*
cpe:2.3:a:adobe:flash_player:14.0.0.176:::::::*
cpe:2.3:a:adobe:flash_player:14.0.0.179:::::::*
cpe:2.3:a:adobe:flash_player:15.0.0.152:::::::*
cpe:2.3:a:adobe:flash_player:15.0.0.167:::::::*
cpe:2.3:a:adobe:flash_player:15.0.0.189:::::::*
cpe:2.3:a:adobe:flash_player:15.0.0.223:::::::*
cpe:2.3:a:adobe:flash_player:15.0.0.239:::::::*
cpe:2.3:a:adobe:flash_player:15.0.0.246:::::::*
cpe:2.3:a:adobe:flash_player:16.0.0.235:::::::*
cpe:2.3:a:adobe:flash_player:16.0.0.257:::::::*
cpe:2.3:a:adobe:flash_player:16.0.0.287:::::::*
cpe:2.3:a:adobe:flash_player:16.0.0.296:::::::*
execution environment
1	cpe:2.3:o:apple:mac_os_x:-:::::::*
2	cpe:2.3:o:microsoft:windows:-:::::::*