[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244625

 
 

909

 
 

193379

 
 

277

Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2015-5119Date: (C)2015-07-08   (M)2023-12-22


Use-after-free vulnerability in the ByteArray class in the ActionScript 3 (AS3) implementation in Adobe Flash Player 13.x through 13.0.0.296 and 14.x through 18.0.0.194 on Windows and OS X and 11.x through 11.2.202.468 on Linux allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Flash content that overrides a valueOf function, as exploited in the wild in July 2015.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 10.0
Exploit Score: 10.0
Impact Score: 10.0
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: COMPLETE
Integrity: COMPLETE
Availability: COMPLETE
  
Reference:
SECTRACK-1032809
BID-75568
GLSA-201507-13
RHSA-2015:1214
SUSE-SU-2015:1211
SUSE-SU-2015:1214
TA15-195A
VU#561288
http://blog.trendmicro.com/trendlabs-security-intelligence/unpatched-flash-player-flaws-more-pocs-found-in-hacking-team-leak/
http://twitter.com/w3bd3vil/statuses/618168863708962816
http://www.rapid7.com/db/modules/exploit/multi/browser/adobe_flash_hacking_team_uaf
https://helpx.adobe.com/security/products/flash-player/apsa15-03.html
https://helpx.adobe.com/security/products/flash-player/apsb15-16.html
https://packetstormsecurity.com/files/132600/Adobe-Flash-Player-ByteArray-Use-After-Free.html
openSUSE-SU-2015:1207
openSUSE-SU-2015:1210

CPE    14
cpe:/a:adobe:flash_player:16.0.0.287
cpe:/a:adobe:flash_player:17.0.0.169
cpe:/a:adobe:flash_player:17.0.0.188
cpe:/a:adobe:flash_player:18.0.0.161
...
CWE    1
CWE-119
OVAL    13
oval:org.secpod.oval:def:25727
oval:org.secpod.oval:def:25728
oval:org.secpod.oval:def:505620
oval:org.secpod.oval:def:25313
...

© SecPod Technologies