CVE-2015-5119

Published: Jul 8, 2015Modified: Apr 21, 2026CISA KEV

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

Use-after-free vulnerability in the ByteArray class in the ActionScript 3 (AS3) implementation in Adobe Flash Player 13.x through 13.0.0.296 and 14.x through 18.0.0.194 on Windows and OS X and 11.x through 11.2.202.468 on Linux allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Flash content that overrides a valueOf function, as exploited in the wild in July 2015.

Affected (20)

Products: Adobe: Flash Player · Redhat: Enterprise Linux Desktop, Enterprise Linux Eus, Enterprise Linux Server, Enterprise Linux Server Aus, Enterprise Linux Server From Rhui, Enterprise Linux Workstation · Opensuse: Evergreen, Opensuse · +1 more

Show all products

Adobe: Flash Player · Redhat: Enterprise Linux Desktop, Enterprise Linux Eus, Enterprise Linux Server, Enterprise Linux Server Aus, Enterprise Linux Server From Rhui, Enterprise Linux Workstation · Opensuse: Evergreen, Opensuse · Suse: Linux Enterprise Desktop, Linux Enterprise Workstation Extension

Adobe

1 product

Flash Player

Redhat

6 products

Enterprise Linux Desktop

Enterprise Linux Eus

Enterprise Linux Server

Enterprise Linux Server Aus

Enterprise Linux Server From Rhui

Enterprise Linux Workstation

2 products

2 products

Linux Enterprise Desktop

Linux Enterprise Workstation Extension

Configuration A

2 vulnerable · 2 platform

Vulnerable Software	Affected Versions
Adobe Flash Player	From 13.0.0.182 to 13.0.0296
Adobe Flash Player	From 14.0.0.125 to 18.0.0.194

Running on/with	Platform Versions
Apple Mac Os X	All versions
Microsoft Windows	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Adobe Flash Player	Up to 11.2.202.468

Running on/with	Platform Versions
Linux Linux Kernel	All versions

Configuration C

10 vulnerable

Vulnerable Software	Affected Versions
Redhat Enterprise Linux Desktop	Version 5.0
Redhat Enterprise Linux Desktop	Version 6.0
Redhat Enterprise Linux Eus	Version 6.6
Redhat Enterprise Linux Server	Version 5.0
Redhat Enterprise Linux Server	Version 6.0
Redhat Enterprise Linux Server Aus	Version 6.6
Redhat Enterprise Linux Server From Rhui	Version 5.0
Redhat Enterprise Linux Server From Rhui	Version 6.0
Redhat Enterprise Linux Workstation	Version 5.0
Redhat Enterprise Linux Workstation	Version 6.0

Configuration D

7 vulnerable

Vulnerable Software	Affected Versions
Opensuse Evergreen	Version 11.4
Opensuse Opensuse	Version 13.1
Opensuse Opensuse	Version 13.2
Suse Linux Enterprise Desktop	Version 11 sp3
Suse Linux Enterprise Desktop	Version 11 sp4
Suse Linux Enterprise Desktop	Version 12
Suse Linux Enterprise Workstation Extension	Version 12

Related CWEs

CWE-416

Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

References (34)

http://blog.trendmicro.com/trendlabs-security-intelligence/unpatched-flash-player-flaws-more-pocs-found-in-hacking-team-leak/

Source: psirt@adobe.com

Broken Link

http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00015.html

Source: psirt@adobe.com

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00016.html

Source: psirt@adobe.com

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00017.html

Source: psirt@adobe.com

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00018.html

Source: psirt@adobe.com

Mailing ListThird Party Advisory

http://rhn.redhat.com/errata/RHSA-2015-1214.html

Source: psirt@adobe.com

Third Party Advisory

http://twitter.com/w3bd3vil/statuses/618168863708962816

Source: psirt@adobe.com

Broken Link

http://www.kb.cert.org/vuls/id/561288

Source: psirt@adobe.com

Third Party AdvisoryUS Government Resource

http://www.rapid7.com/db/modules/exploit/multi/browser/adobe_flash_hacking_team_uaf

Source: psirt@adobe.com

Third Party Advisory

http://www.securityfocus.com/bid/75568

Source: psirt@adobe.com

Broken LinkThird Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1032809

Source: psirt@adobe.com

Broken LinkThird Party AdvisoryVDB Entry

http://www.us-cert.gov/ncas/alerts/TA15-195A

Source: psirt@adobe.com

Third Party AdvisoryUS Government Resource

https://helpx.adobe.com/security/products/flash-player/apsa15-03.html

Source: psirt@adobe.com

Broken LinkPatchVendor Advisory

https://helpx.adobe.com/security/products/flash-player/apsb15-16.html

Source: psirt@adobe.com

Broken LinkPatchVendor Advisory

https://packetstormsecurity.com/files/132600/Adobe-Flash-Player-ByteArray-Use-After-Free.html

Source: psirt@adobe.com

ExploitThird Party AdvisoryVDB Entry

https://security.gentoo.org/glsa/201507-13

Source: psirt@adobe.com

Third Party Advisory

http://blog.trendmicro.com/trendlabs-security-intelligence/unpatched-flash-player-flaws-more-pocs-found-in-hacking-team-leak/