製品・ソフトウェアに関する情報

JVN脆弱性詳細

Adobe Flash Player におけるバッファオーバーフローの脆弱性

Title	Adobe Flash Player におけるバッファオーバーフローの脆弱性
Summary	Adobe Flash Player には、バッファオーバーフローの脆弱性が存在します。
Possible impacts	攻撃者により、任意のコードを実行される可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	April 14, 2015, midnight
Registration Date	April 16, 2015, 11:36 a.m.
Last Update	April 28, 2015, 4:33 p.m.

CVSS2.0 : 危険
Score	10
Vector	AV:N/AC:L/Au:N/C:C/I:C/A:C

Affected System

マイクロソフト

Microsoft Internet Explorer 10 (Windows 8/Windows Server 2012/Windows RT)

Microsoft Internet Explorer 11 (Windows 8.1/Windows Server 2012 R2/Windows RT 8.1)

アドビシステムズ

Adobe Flash Player 11.2.202.457 未満 (Linux)

Adobe Flash Player 17.0.0.169 未満 (Internet Explorer 10/11)

Adobe Flash Player 17.0.0.169 未満 (Windows/Machintosh/Linux 版の Chrome)

Adobe Flash Player デスクトップランタイム 17.0.0.169 未満 (Windows/Macintosh)

Adobe Flash Player 継続サポートリリース 13.0.0.281 未満 (Windows/Macintosh)

Google

Google Chrome

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2015-0348	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0348
National Vulnerability Database (NVD)
2	CVE-2015-0348	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0348

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-119	https://jvndb.jvn.jp/ja/cwe/CWE-119.html

ベンダー情報

No	Name	URL
Adobe Security Bulletin
1	APSB15-06	http://helpx.adobe.com/security/products/flash-player/apsb15-06.html
Adobe セキュリティ情報
2	APSB15-06	http://helpx.adobe.com/jp/security/products/flash-player/apsb15-06.html
Google
3	Chrome Releases	http://googlechromereleases.blogspot.jp/
4	Google Chrome	https://www.google.com/intl/ja/chrome/browser/features.html
5	Google Chrome を更新する	https://support.google.com/chrome/answer/95414?hl=ja
Microsoft Security Advisory
6	Update for Vulnerabilities in Adobe Flash Player in Internet Explorer (2755801)	https://technet.microsoft.com/en-us/library/security/2755801
Red Hat Security Advisory
7	RHSA-2015:0813	http://rhn.redhat.com/errata/RHSA-2015-0813.html
マイクロソフトセキュリティアドバイザリ
8	Internet Explorer 上の Adobe Flash Player の脆弱性に対応する更新プログラム (2755801)	https://technet.microsoft.com/ja-jp/library/security/2755801
富士通
9	アドビシステムズ社 Adobe Flash Player の脆弱性に関するお知らせ	http://www.fmworld.net/biz/common/adobe/20150416f.html

その他

No	Name	URL
IPA 重要なセキュリティ情報
1	Adobe Flash Player の脆弱性対策について(APSB15-06)(CVE-2015-3043等)	http://www.ipa.go.jp/security/ciadr/vul/20150415-adobeflashplayer.html
JPCERT 注意喚起
2	JPCERT-AT-2015-0011	http://www.jpcert.or.jp/at/2015/at150011.html
警察庁 @police
3	アドビシステムズ社の Adobe Flash Player のセキュリティ修正プログラムについて(2015年04月15日)	http://www.npa.go.jp/cyberpolice/topics/?seq=16044

Change Log

No	Changed Details	Date of change
0	[2015年04月16日] 掲載 [2015年04月22日] ベンダ情報：富士通 (アドビシステムズ社 Adobe Flash Player の脆弱性に関するお知らせ) を追加 [2015年04月28日] ベンダ情報：レッドハット (RHSA-2015:0813) を追加	Feb. 17, 2018, 10:37 a.m.

NVD Vulnerability Information

CVE-2015-0348

Summary	Buffer overflow in Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code via unspecified vectors.
Publication Date	April 15, 2015, 7:59 a.m.
Registration Date	Jan. 26, 2021, 2:44 p.m.
Last Update	Nov. 21, 2024, 11:22 a.m.

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:o:redhat:enterprise_linux_desktop_supplementary:6.0:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_supplementary:6.0:::::::*
cpe:2.3:o:redhat:enterprise_linux_workstation_supplementary:6.0:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_supplementary_eus:6.6.z:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_supplementary:5.0:::::::*
cpe:2.3:o:redhat:enterprise_linux_desktop_supplementary:5.0:::::::*

Configuration2		or higher	or less	more than	less than
cpe:2.3:a:adobe:flash_player::::::::			13.0.0.264
cpe:2.3:a:adobe:flash_player:14.0.0.125:::::::*
cpe:2.3:a:adobe:flash_player:14.0.0.145:::::::*
cpe:2.3:a:adobe:flash_player:14.0.0.176:::::::*
cpe:2.3:a:adobe:flash_player:14.0.0.179:::::::*
cpe:2.3:a:adobe:flash_player:15.0.0.152:::::::*
cpe:2.3:a:adobe:flash_player:15.0.0.167:::::::*
cpe:2.3:a:adobe:flash_player:15.0.0.189:::::::*
cpe:2.3:a:adobe:flash_player:15.0.0.223:::::::*
cpe:2.3:a:adobe:flash_player:15.0.0.239:::::::*
cpe:2.3:a:adobe:flash_player:15.0.0.246:::::::*
cpe:2.3:a:adobe:flash_player:16.0.0.235:::::::*
cpe:2.3:a:adobe:flash_player:16.0.0.257:::::::*
cpe:2.3:a:adobe:flash_player:16.0.0.287:::::::*
cpe:2.3:a:adobe:flash_player:16.0.0.296:::::::*
cpe:2.3:a:adobe:flash_player:17.0.0.134:::::::*
execution environment
1	cpe:2.3:o:apple:mac_os_x:-:::::::*
2	cpe:2.3:o:microsoft:windows:-:::::::*

Configuration3		or higher	or less	more than	less than
cpe:2.3:a:adobe:flash_player::::::::			11.2.202.451
execution environment
1	cpe:2.3:o:linux:linux_kernel:-:::::::*

Configuration4	or higher	or less	more than	less than
cpe:2.3:o:suse:suse_linux_enterprise_desktop:12.0:::::::*
cpe:2.3:o:suse:suse_linux_workstation_extension:12.0:::::::*
cpe:2.3:o:suse:suse_linux_enterprise_desktop:11.0:sp3::::::
cpe:2.3:o:opensuse:opensuse:13.1:::::::*
cpe:2.3:o:opensuse:opensuse:13.2:::::::*

Related information, measures and tools

No	URL	タグ
1	http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00010.html	Third Party Advisory
2	http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00010.html	Third Party Advisory
3	http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00011.html	Third Party Advisory
4	http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00011.html	Third Party Advisory
5	http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00012.html	Third Party Advisory
6	http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00012.html	Third Party Advisory
7	http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00013.html
8	http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00013.html
9	http://rhn.redhat.com/errata/RHSA-2015-0813.html	Third Party Advisory
10	http://rhn.redhat.com/errata/RHSA-2015-0813.html	Third Party Advisory
11	http://www.securitytracker.com/id/1032105
12	http://www.securitytracker.com/id/1032105
13	https://helpx.adobe.com/security/products/flash-player/apsb15-06.html	Patch Vendor Advisory
14	https://helpx.adobe.com/security/products/flash-player/apsb15-06.html	Patch Vendor Advisory
15	https://security.gentoo.org/glsa/201504-07
16	https://security.gentoo.org/glsa/201504-07

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-119	バッファエラー	https://cwe.mitre.org/data/definitions/118.html

Configuration1	or higher	or less	more than	less than
cpe:2.3:o:redhat:enterprise_linux_desktop_supplementary:6.0:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_supplementary:6.0:::::::*
cpe:2.3:o:redhat:enterprise_linux_workstation_supplementary:6.0:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_supplementary_eus:6.6.z:::::::*
cpe:2.3:o:redhat:enterprise_linux_server_supplementary:5.0:::::::*
cpe:2.3:o:redhat:enterprise_linux_desktop_supplementary:5.0:::::::*

Configuration2		or higher	or less	more than	less than
cpe:2.3:a:adobe:flash_player::::::::			13.0.0.264
cpe:2.3:a:adobe:flash_player:14.0.0.125:::::::*
cpe:2.3:a:adobe:flash_player:14.0.0.145:::::::*
cpe:2.3:a:adobe:flash_player:14.0.0.176:::::::*
cpe:2.3:a:adobe:flash_player:14.0.0.179:::::::*
cpe:2.3:a:adobe:flash_player:15.0.0.152:::::::*
cpe:2.3:a:adobe:flash_player:15.0.0.167:::::::*
cpe:2.3:a:adobe:flash_player:15.0.0.189:::::::*
cpe:2.3:a:adobe:flash_player:15.0.0.223:::::::*
cpe:2.3:a:adobe:flash_player:15.0.0.239:::::::*
cpe:2.3:a:adobe:flash_player:15.0.0.246:::::::*
cpe:2.3:a:adobe:flash_player:16.0.0.235:::::::*
cpe:2.3:a:adobe:flash_player:16.0.0.257:::::::*
cpe:2.3:a:adobe:flash_player:16.0.0.287:::::::*
cpe:2.3:a:adobe:flash_player:16.0.0.296:::::::*
cpe:2.3:a:adobe:flash_player:17.0.0.134:::::::*
execution environment
1	cpe:2.3:o:apple:mac_os_x:-:::::::*
2	cpe:2.3:o:microsoft:windows:-:::::::*