CVE-2015-0313
CVE-2015-0313
In short
A use-after-free bug in Adobe Flash Player allows attackers to run malicious code on your computer by tricking you into viewing a specially crafted Flash file. This vulnerability was actively exploited by criminals in early 2015.
Technical detail
Use-after-free vulnerability in Adobe Flash Player (versions before 13.0.0.269, 14.x-16.x before 16.0.0.305 on Windows/OS X, and before 11.2.202.442 on Linux) exploitable via crafted Flash content. Remote code execution achieved through memory corruption when freed objects are accessed after deallocation. Active wild exploitation documented in February 2015.
Summary generated and translated by AI from the official description.
Use-after-free vulnerability in Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in February 2015, a different vulnerability than CVE-2015-0315, CVE-2015-0320, and CVE-2015-0322.
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected products
n/a · n/apublic PoCs found — 5
githubgithub.com/SecurityObscurity/cve-2015-0313★ 21cve_referencepacketstormsecurity.com/files/131189/Adobe-Flash-Player-ByteArray-With-Workers-Use-After-Free.htmlunverifiedexploitdbwww.exploit-db.com/exploits/36491unverifiedexploitdbwww.exploit-db.com/exploits/36579unverifiedcve_referencewww.exploit-db.com/exploits/36579/unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00006.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-02/msg00007.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-02/msg00008.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-02/msg00009.htmlhttp://packetstormsecurity.com/files/131189/Adobe-Flash-Player-ByteArray-With-Workers-Use-After-Free.htmlhttp://secunia.com/advisories/62528http://secunia.com/advisories/62777http://secunia.com/advisories/62895https://exchange.xforce.ibmcloud.com/vulnerabilities/100641https://github.com/cisagov/vulnrichment/issues/196https://helpx.adobe.com/security/products/flash-player/apsa15-02.htmlhttps://helpx.adobe.com/security/products/flash-player/apsb15-04.html