CVE-2015-5119
CVE-2015-5119
In short
A flaw in Adobe Flash Player allows attackers to run malicious code or crash your computer by sending specially crafted Flash content that tricks the program into using memory that was already freed. This vulnerability was actively exploited by hackers in July 2015.
Technical detail
Use-after-free vulnerability in ByteArray class of AS3 implementation affects Flash Player 13.x–18.0.0.194 (Windows/OS X) and 11.x–11.2.202.468 (Linux). Attack vector is remote via crafted Flash content that overrides valueOf function, resulting in arbitrary code execution or denial of service through memory corruption. Actively exploited in-the-wild as of July 2015.
Summary generated and translated by AI from the official description.
Use-after-free vulnerability in the ByteArray class in the ActionScript 3 (AS3) implementation in Adobe Flash Player 13.x through 13.0.0.296 and 14.x through 18.0.0.194 on Windows and OS X and 11.x through 11.2.202.468 on Linux allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Flash content that overrides a valueOf function, as exploited in the wild in July 2015.
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected products
n/a · n/apublic PoCs found — 5
githubgithub.com/CiscoCXSecurity/CVE-2015-5119_walkthrough★ 12githubgithub.com/jvazquez-r7/CVE-2015-5119★ 11githubgithub.com/dangokyo/CVE-2015-5119★ 3cve_referencepacketstormsecurity.com/files/132600/Adobe-Flash-Player-ByteArray-Use-After-Free.htmlunverifiedexploitdbwww.exploit-db.com/exploits/37523unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://blog.trendmicro.com/trendlabs-security-intelligence/unpatched-flash-player-flaws-more-pocs-found-in-hacking-team-leak/http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00015.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-07/msg00016.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-07/msg00017.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-07/msg00018.htmlhttp://rhn.redhat.com/errata/RHSA-2015-1214.htmlhttps://github.com/cisagov/vulnrichment/issues/196https://helpx.adobe.com/security/products/flash-player/apsa15-03.htmlhttps://helpx.adobe.com/security/products/flash-player/apsb15-16.htmlhttps://packetstormsecurity.com/files/132600/Adobe-Flash-Player-ByteArray-Use-After-Free.htmlhttps://security.gentoo.org/glsa/201507-13https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2015-5119