← back
CVE-2015-5123

CVE-2015-5123

CVSS 7.8 HIGHEPSS 18.5%● KEVCWE-416
In short

A use-after-free flaw in Adobe Flash Player's BitmapData class allows attackers to run malicious code or crash your browser by sending specially crafted Flash content that tricks the program into using memory that has already been freed.

Technical detail

Use-after-free vulnerability in BitmapData class (CWE-416) triggered when valueOf function is overridden in crafted Flash content, enabling arbitrary code execution or denial of service through memory corruption. Affects Flash Player 13.x–18.0.x on Windows/OS X and 11.x–18.0.x on Linux; vector is remote via malicious SWF files.

Summary generated and translated by AI from the official description.
Use-after-free vulnerability in the BitmapData class in the ActionScript 3 (AS3) implementation in Adobe Flash Player 13.x through 13.0.0.302 on Windows and OS X, 14.x through 18.0.0.203 on Windows and OS X, 11.x through 11.2.202.481 on Linux, and 12.x through 18.0.0.204 on Linux Chrome installations allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Flash content that overrides a valueOf function, as exploited in the wild in July 2015.
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://blog.trendmicro.com/trendlabs-security-intelligence/new-zero-day-vulnerability-cve-2015-5123-in-adobe-flash-emerges-from-hacking-team-leak/http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00028.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-07/msg00029.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-07/msg00032.htmlhttp://marc.info/?l=bugtraq&m=144050155601375&w=2http://rhn.redhat.com/errata/RHSA-2015-1235.htmlhttps://github.com/cisagov/vulnrichment/issues/196https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04796784https://helpx.adobe.com/security/products/flash-player/apsa15-04.htmlhttps://helpx.adobe.com/security/products/flash-player/apsb15-18.htmlhttps://security.gentoo.org/glsa/201508-01https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2015-5123