ID CVE-2015-5122
Summary Use-after-free vulnerability in the DisplayObject class in the ActionScript 3 (AS3) implementation in Adobe Flash Player 13.x through 13.0.0.302 on Windows and OS X, 14.x through 18.0.0.203 on Windows and OS X, 11.x through 11.2.202.481 on Linux, and 12.x through 18.0.0.204 on Linux Chrome installations allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Flash content that leverages improper handling of the opaqueBackground property, as exploited in the wild in July 2015.
References
Vulnerable Configurations
  • Adobe Flash Player 13.0.0.182
    cpe:2.3:a:adobe:flash_player:13.0.0.182
  • Adobe Flash Player 13.0.0.201
    cpe:2.3:a:adobe:flash_player:13.0.0.201
  • Adobe Flash Player 13.0.0.206
    cpe:2.3:a:adobe:flash_player:13.0.0.206
  • Adobe Flash Player 13.0.0.214
    cpe:2.3:a:adobe:flash_player:13.0.0.214
  • Adobe Flash Player 13.0.0.223
    cpe:2.3:a:adobe:flash_player:13.0.0.223
  • Adobe Flash Player 13.0.0.231
    cpe:2.3:a:adobe:flash_player:13.0.0.231
  • cpe:2.3:a:adobe:flash_player:13.0.0.241
    cpe:2.3:a:adobe:flash_player:13.0.0.241
  • cpe:2.3:a:adobe:flash_player:13.0.0.244
    cpe:2.3:a:adobe:flash_player:13.0.0.244
  • Adobe Flash Player 13.0.0.250
    cpe:2.3:a:adobe:flash_player:13.0.0.250
  • cpe:2.3:a:adobe:flash_player:13.0.0.257
    cpe:2.3:a:adobe:flash_player:13.0.0.257
  • Adobe Flash Player 13.0.0.258
    cpe:2.3:a:adobe:flash_player:13.0.0.258
  • cpe:2.3:a:adobe:flash_player:13.0.0.259
    cpe:2.3:a:adobe:flash_player:13.0.0.259
  • Adobe Flash Player 13.0.0.260
    cpe:2.3:a:adobe:flash_player:13.0.0.260
  • Adobe Flash Player 13.0.0.262
    cpe:2.3:a:adobe:flash_player:13.0.0.262
  • Adobe Flash Player 13.0.0.264
    cpe:2.3:a:adobe:flash_player:13.0.0.264
  • Adobe Flash Player 13.0.0.289
    cpe:2.3:a:adobe:flash_player:13.0.0.289
  • Adobe Flash Player 13.0.0.292
    cpe:2.3:a:adobe:flash_player:13.0.0.292
  • cpe:2.3:a:adobe:flash_player:13.0.0.302
    cpe:2.3:a:adobe:flash_player:13.0.0.302
  • Adobe Flash Player 14.0.0.125
    cpe:2.3:a:adobe:flash_player:14.0.0.125
  • Adobe Flash Player 14.0.0.145
    cpe:2.3:a:adobe:flash_player:14.0.0.145
  • cpe:2.3:a:adobe:flash_player:14.0.0.176
    cpe:2.3:a:adobe:flash_player:14.0.0.176
  • cpe:2.3:a:adobe:flash_player:14.0.0.179
    cpe:2.3:a:adobe:flash_player:14.0.0.179
  • cpe:2.3:a:adobe:flash_player:15.0.0.152
    cpe:2.3:a:adobe:flash_player:15.0.0.152
  • cpe:2.3:a:adobe:flash_player:15.0.0.167
    cpe:2.3:a:adobe:flash_player:15.0.0.167
  • Adobe Flash Player 15.0.0.189
    cpe:2.3:a:adobe:flash_player:15.0.0.189
  • cpe:2.3:a:adobe:flash_player:15.0.0.223
    cpe:2.3:a:adobe:flash_player:15.0.0.223
  • Adobe Flash Player 15.0.0.239
    cpe:2.3:a:adobe:flash_player:15.0.0.239
  • cpe:2.3:a:adobe:flash_player:15.0.0.246
    cpe:2.3:a:adobe:flash_player:15.0.0.246
  • cpe:2.3:a:adobe:flash_player:16.0.0.235
    cpe:2.3:a:adobe:flash_player:16.0.0.235
  • Adobe Flash Player 16.0.0.257
    cpe:2.3:a:adobe:flash_player:16.0.0.257
  • Adobe Flash Player 16.0.0.287
    cpe:2.3:a:adobe:flash_player:16.0.0.287
  • Adobe Flash Player 16.0.0.296
    cpe:2.3:a:adobe:flash_player:16.0.0.296
  • Adobe Flash Player 17.0.0.134
    cpe:2.3:a:adobe:flash_player:17.0.0.134
  • Adobe Flash Player 17.0.0.169
    cpe:2.3:a:adobe:flash_player:17.0.0.169
  • Adobe Flash Player 17.0.0.188
    cpe:2.3:a:adobe:flash_player:17.0.0.188
  • cpe:2.3:a:adobe:flash_player:17.0.0.190
    cpe:2.3:a:adobe:flash_player:17.0.0.190
  • cpe:2.3:a:adobe:flash_player:18.0.0.160
    cpe:2.3:a:adobe:flash_player:18.0.0.160
  • Adobe Flash Player 18.0.0.194
    cpe:2.3:a:adobe:flash_player:18.0.0.194
  • cpe:2.3:a:adobe:flash_player:18.0.0.203
    cpe:2.3:a:adobe:flash_player:18.0.0.203
  • Apple Mac OS X
    cpe:2.3:o:apple:mac_os_x
  • Microsoft Windows
    cpe:2.3:o:microsoft:windows
  • Adobe Flash Player 11.0.1.153
    cpe:2.3:a:adobe:flash_player:11.0.1.153
  • Adobe Flash Player 11.1
    cpe:2.3:a:adobe:flash_player:11.1
  • Adobe Flash Player 11.1.102.59
    cpe:2.3:a:adobe:flash_player:11.1.102.59
  • Adobe Flash Player 11.1.102.62
    cpe:2.3:a:adobe:flash_player:11.1.102.62
  • Adobe Flash Player 11.1.102.63
    cpe:2.3:a:adobe:flash_player:11.1.102.63
  • Adobe Flash Player 11.1.111.8
    cpe:2.3:a:adobe:flash_player:11.1.111.8
  • Adobe Flash Player 11.1.111.44
    cpe:2.3:a:adobe:flash_player:11.1.111.44
  • Adobe Flash Player 11.1.111.50
    cpe:2.3:a:adobe:flash_player:11.1.111.50
  • Adobe Flash Player 11.1.111.54
    cpe:2.3:a:adobe:flash_player:11.1.111.54
  • Adobe Flash Player 11.1.111.64
    cpe:2.3:a:adobe:flash_player:11.1.111.64
  • Adobe Flash Player 11.1.111.73
    cpe:2.3:a:adobe:flash_player:11.1.111.73
  • Adobe Flash Player 11.1.115.7
    cpe:2.3:a:adobe:flash_player:11.1.115.7
  • Adobe Flash Player 11.1.115.34
    cpe:2.3:a:adobe:flash_player:11.1.115.34
  • Adobe Flash Player 11.1.115.48
    cpe:2.3:a:adobe:flash_player:11.1.115.48
  • Adobe Flash Player 11.1.115.54
    cpe:2.3:a:adobe:flash_player:11.1.115.54
  • Adobe Flash Player 11.1.115.58
    cpe:2.3:a:adobe:flash_player:11.1.115.58
  • Adobe Flash Player 11.1.115.59
    cpe:2.3:a:adobe:flash_player:11.1.115.59
  • Adobe Flash Player 11.1.115.63
    cpe:2.3:a:adobe:flash_player:11.1.115.63
  • Adobe Flash Player 11.1.115.69
    cpe:2.3:a:adobe:flash_player:11.1.115.69
  • Adobe Flash Player 11.1.115.81
    cpe:2.3:a:adobe:flash_player:11.1.115.81
  • Adobe Flash Player 11.2.202.223
    cpe:2.3:a:adobe:flash_player:11.2.202.223
  • Adobe Flash Player 11.2.202.228
    cpe:2.3:a:adobe:flash_player:11.2.202.228
  • Adobe Flash Player 11.2.202.233
    cpe:2.3:a:adobe:flash_player:11.2.202.233
  • Adobe Flash Player 11.2.202.235
    cpe:2.3:a:adobe:flash_player:11.2.202.235
  • Adobe Flash Player 11.2.202.236
    cpe:2.3:a:adobe:flash_player:11.2.202.236
  • Adobe Flash Player 11.2.202.238
    cpe:2.3:a:adobe:flash_player:11.2.202.238
  • Adobe Flash Player 11.2.202.243
    cpe:2.3:a:adobe:flash_player:11.2.202.243
  • Adobe Flash Player 11.2.202.251
    cpe:2.3:a:adobe:flash_player:11.2.202.251
  • Adobe Flash Player 11.2.202.258
    cpe:2.3:a:adobe:flash_player:11.2.202.258
  • Adobe Flash Player 11.2.202.261
    cpe:2.3:a:adobe:flash_player:11.2.202.261
  • Adobe Flash Player 11.2.202.262
    cpe:2.3:a:adobe:flash_player:11.2.202.262
  • Adobe Flash Player 11.2.202.270
    cpe:2.3:a:adobe:flash_player:11.2.202.270
  • Adobe Flash Player 11.2.202.273
    cpe:2.3:a:adobe:flash_player:11.2.202.273
  • Adobe Flash Player 11.2.202.275
    cpe:2.3:a:adobe:flash_player:11.2.202.275
  • Adobe Flash Player 11.2.202.280
    cpe:2.3:a:adobe:flash_player:11.2.202.280
  • Adobe Flash Player 11.2.202.285
    cpe:2.3:a:adobe:flash_player:11.2.202.285
  • Adobe Flash Player 11.2.202.291
    cpe:2.3:a:adobe:flash_player:11.2.202.291
  • Adobe Flash Player 11.2.202.297
    cpe:2.3:a:adobe:flash_player:11.2.202.297
  • Adobe Flash Player 11.2.202.310
    cpe:2.3:a:adobe:flash_player:11.2.202.310
  • Adobe Flash Player 11.2.202.327
    cpe:2.3:a:adobe:flash_player:11.2.202.327
  • Adobe Flash Player 11.2.202.332
    cpe:2.3:a:adobe:flash_player:11.2.202.332
  • Adobe Flash Player 11.2.202.335
    cpe:2.3:a:adobe:flash_player:11.2.202.335
  • Adobe Flash Player 11.2.202.336
    cpe:2.3:a:adobe:flash_player:11.2.202.336
  • Adobe Flash Player 11.2.202.341
    cpe:2.3:a:adobe:flash_player:11.2.202.341
  • Adobe Flash Player 11.2.202.346
    cpe:2.3:a:adobe:flash_player:11.2.202.346
  • Adobe Flash Player 11.2.202.350
    cpe:2.3:a:adobe:flash_player:11.2.202.350
  • Adobe Flash Player 11.2.202.356
    cpe:2.3:a:adobe:flash_player:11.2.202.356
  • Adobe Flash Player 11.2.202.359
    cpe:2.3:a:adobe:flash_player:11.2.202.359
  • Adobe Flash Player 11.2.202.378
    cpe:2.3:a:adobe:flash_player:11.2.202.378
  • Adobe Flash Player 11.2.202.394
    cpe:2.3:a:adobe:flash_player:11.2.202.394
  • Adobe Flash Player 11.2.202.411
    cpe:2.3:a:adobe:flash_player:11.2.202.411
  • Adobe Flash Player 11.2.202.424
    cpe:2.3:a:adobe:flash_player:11.2.202.424
  • Adobe Flash Player 11.2.202.425
    cpe:2.3:a:adobe:flash_player:11.2.202.425
  • Adobe Flash Player 11.2.202.429
    cpe:2.3:a:adobe:flash_player:11.2.202.429
  • Adobe Flash Player 11.2.202.438
    cpe:2.3:a:adobe:flash_player:11.2.202.438
  • Adobe Flash Player 11.2.202.440
    cpe:2.3:a:adobe:flash_player:11.2.202.440
  • Adobe Flash Player 11.2.202.442
    cpe:2.3:a:adobe:flash_player:11.2.202.442
  • Adobe Flash Player 11.2.202.451
    cpe:2.3:a:adobe:flash_player:11.2.202.451
  • Adobe Flash Player 11.2.202.468
    cpe:2.3:a:adobe:flash_player:11.2.202.468
  • cpe:2.3:a:adobe:flash_player:18.0.0.204
    cpe:2.3:a:adobe:flash_player:18.0.0.204
  • Linux Kernel
    cpe:2.3:o:linux:linux_kernel
CVSS
Base: 10.0 (as of 28-12-2016 - 09:36)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
exploit-db via4
description Adobe Flash opaqueBackground Use After Free. CVE-2015-5122. Remote exploit for windows platform
file exploits/windows/remote/37599.rb
id EDB-ID:37599
last seen 2016-02-04
modified 2015-07-13
platform windows
port
published 2015-07-13
reporter metasploit
source https://www.exploit-db.com/download/37599/
title Adobe Flash opaqueBackground Use After Free
type remote
metasploit via4
description This module exploits an use after free on Adobe Flash Player. The vulnerability, discovered by Hacking Team and made public as part of the July 2015 data leak, was described as an Use After Free while handling the opaqueBackground property 7 setter of the flash.display.DisplayObject class. This module is an early release tested on: Windows XP SP3, IE8 and Flash 18.0.0.194, Windows XP SP3, IE 8 and Flash 18.0.0.203, Windows XP SP3, Firefox and Flash 18.0.0.203, Windows Vista SP2 + IE 9 and Flash 18.0.0.203, Windows Vista SP2 + Firefox 39.0 and Flash 18.0.0.203, Windows 7 SP1 (32-bit), IE11 and Adobe Flash 18.0.0.203, Windows 7 SP1 (32-bit), Firefox 38.0.5 and Adobe Flash 18.0.0.194, Windows 7 SP1 (32-bit), IE9 and Adobe Flash 18.0.0.203, Windows 7 SP1 (32-bit), Firefox and Adobe Flash 18.0.0.194, Windows 8.1 (32-bit), IE11 and Adobe Flash 18.0.0.194, windows 8.1 (32-bit), Firefox and Adobe Flash 18.0.0.203, Windows 8.1 (32-bit), Firefox and Adobe Flash 18.0.0.160 and Windows 8.1 (32-bit), Firefox and Adobe Flash 18.0.0.194
id MSF:EXPLOIT/MULTI/BROWSER/ADOBE_FLASH_OPAQUE_BACKGROUND_UAF
last seen 2019-03-24
modified 2017-08-29
published 2015-07-11
reliability Great
reporter Rapid7
source https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/browser/adobe_flash_opaque_background_uaf.rb
title Adobe Flash opaqueBackground Use After Free
nessus via4
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_GOOGLE_CHROME_43_0_2357_134.NASL
    description The version of Google Chrome installed on the remote Mac OS X host is prior to 43.0.2357.134. It is, therefore, affected by multiple remote code execution vulnerabilities in the bundled version of Adobe Flash : - A use-after-free error exists in the opaqueBackground class in the ActionScript 3 (AS3) implementation. A remote attacker, via specially crafted Flash content, can dereference already freed memory, resulting in the execution of arbitrary code. (CVE-2015-5122) - A use-after-free error exists in the BitmapData class in the ActionScript 3 (AS3) implementation. A remote attacker, via specially crafted Flash content, can dereference already freed memory, resulting in the execution of arbitrary code. (CVE-2015-5123)
    last seen 2019-02-21
    modified 2018-07-14
    plugin id 84733
    published 2015-07-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=84733
    title Google Chrome < 43.0.2357.134 RCE Multiple Vulnerabilities (Mac OS X)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2015-496.NASL
    description Adobe Flash Player was updated to 11.2.202.491 to fix two security issues. The following vulnerabilities were fixed : - CVE-2015-5122: Specially crafted Flash content allowed attackers to execute arbitrary code via a use-after-free vulnerability in the DisplayObject class in the ActionScript 3 (AS3) implementation. - CVE-2015-5123: Specially crafted Flash content allowed attackers to execute arbitrary code via a use-after-free vulnerability in the BitmapData class in the ActionScript 3 (AS3) implementation.
    last seen 2019-02-21
    modified 2015-08-16
    plugin id 84865
    published 2015-07-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=84865
    title openSUSE Security Update : Adobe Flash Player (openSUSE-2015-496)
  • NASL family Windows
    NASL id SMB_KB3079777.NASL
    description The remote Windows host is missing KB3079777. It is, therefore, affected by multiple remote code execution vulnerabilities : - A use-after-free error exists in the opaqueBackground class in the ActionScript 3 (AS3) implementation. A remote attacker, via specially crafted Flash content, can dereference already freed memory, resulting in the execution of arbitrary code. (CVE-2015-5122) - A use-after-free error exists in the BitmapData class in the ActionScript 3 (AS3) implementation. A remote attacker, via specially crafted Flash content, can dereference already freed memory, resulting in the execution of arbitrary code. (CVE-2015-5123)
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 84809
    published 2015-07-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=84809
    title MS KB3079777: Update for Vulnerabilities in Adobe Flash Player in Internet Explorer
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2015-1235.NASL
    description An updated Adobe Flash Player package that fixes two security issues is now available for Red Hat Enterprise Linux 5 and 6 Supplementary. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes two vulnerabilities in Adobe Flash Player. These vulnerabilities are detailed in the Adobe Security Bulletin APSB15-18 listed in the References section. Two flaws were found in the way flash-plugin displayed certain SWF content. An attacker could use these flaws to create a specially crafted SWF file that would cause flash-plugin to crash or, potentially, execute arbitrary code when the victim loaded a page containing the malicious SWF content. (CVE-2015-5122, CVE-2015-5123) All users of Adobe Flash Player should install this updated package, which upgrades Flash Player to version 11.2.202.491.
    last seen 2019-02-21
    modified 2018-12-27
    plugin id 84820
    published 2015-07-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=84820
    title RHEL 5 / 6 : flash-plugin (RHSA-2015:1235)
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_FLASH_PLAYER_APSB15-18.NASL
    description The version of Adobe Flash Player installed on the remote Mac OS X host is equal or prior to version 18.0.0.203. It is, therefore, affected by multiple remote code execution vulnerabilities : - A use-after-free error exists in the opaqueBackground class in the ActionScript 3 (AS3) implementation. A remote attacker, via specially crafted Flash content, can dereference already freed memory, resulting in the execution of arbitrary code. (CVE-2015-5122) - A use-after-free error exists in the BitmapData class in the ActionScript 3 (AS3) implementation. A remote attacker, via specially crafted Flash content, can dereference already freed memory, resulting in the execution of arbitrary code. (CVE-2015-5123)
    last seen 2019-02-21
    modified 2018-07-14
    plugin id 84732
    published 2015-07-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=84732
    title Adobe Flash Player <= 18.0.0.203 Multiple RCE Vulnerabilities (APSB15-18) (Mac OS X)
  • NASL family Windows
    NASL id GOOGLE_CHROME_43_0_2357_134.NASL
    description The version of Google Chrome installed on the remote Windows host is prior to 43.0.2357.134. It is, therefore, affected by multiple remote code execution vulnerabilities in the bundled version of Adobe Flash : - A use-after-free error exists in the opaqueBackground class in the ActionScript 3 (AS3) implementation. A remote attacker, via specially crafted Flash content, can dereference already freed memory, resulting in the execution of arbitrary code. (CVE-2015-5122) - A use-after-free error exists in the BitmapData class in the ActionScript 3 (AS3) implementation. A remote attacker, via specially crafted Flash content, can dereference already freed memory, resulting in the execution of arbitrary code. (CVE-2015-5123)
    last seen 2019-02-21
    modified 2018-07-12
    plugin id 84731
    published 2015-07-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=84731
    title Google Chrome < 43.0.2357.134 Multiple RCE Vulnerabilities
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2015-1255-1.NASL
    description flash-player was updated to fix two security issues. These security issues were fixed : - CVE-2015-5123: Use-after-free vulnerability in the BitmapData class in the ActionScript 3 (AS3) implementation in Adobe Flash Player allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Flash content that overrides a valueOf function (bsc#937752). - CVE-2015-5122: Use-after-free vulnerability in the DisplayObject class in the ActionScript 3 (AS3) implementation in Adobe Flash Player allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Flash content that leverages improper handling of the opaqueBackground property (bsc#937752). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-29
    plugin id 84875
    published 2015-07-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=84875
    title SUSE SLED12 Security Update : flash-player (SUSE-SU-2015:1255-1)
  • NASL family Windows
    NASL id FLASH_PLAYER_APSB15-18.NASL
    description The version of Adobe Flash Player installed on the remote Windows host is equal or prior to version 18.0.0.203. It is, therefore, affected by multiple remote code execution vulnerabilities : - A use-after-free error exists in the opaqueBackground class in the ActionScript 3 (AS3) implementation. A remote attacker, via specially crafted Flash content, can dereference already freed memory, resulting in the execution of arbitrary code. (CVE-2015-5122) - A use-after-free error exists in the BitmapData class in the ActionScript 3 (AS3) implementation. A remote attacker, via specially crafted Flash content, can dereference already freed memory, resulting in the execution of arbitrary code. (CVE-2015-5123)
    last seen 2019-02-21
    modified 2018-07-11
    plugin id 84730
    published 2015-07-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=84730
    title Adobe Flash Player <= 18.0.0.203 Multiple RCE Vulnerabilities (APSB15-18)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201508-01.NASL
    description The remote host is affected by the vulnerability described in GLSA-201508-01 (Adobe Flash Player: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Adobe Flash Player. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could possibly execute arbitrary code with the privileges of the process, cause a Denial of Service condition, obtain sensitive information, or bypass security restrictions. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2016-09-23
    plugin id 86089
    published 2015-09-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=86089
    title GLSA-201508-01 : Adobe Flash Player: Multiple vulnerabilities
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2015-1258-1.NASL
    description flash-player was updated to fix two security issues. These security issues were fixed : - CVE-2015-5123: Use-after-free vulnerability in the BitmapData class in the ActionScript 3 (AS3) implementation in Adobe Flash Player allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Flash content that overrides a valueOf function (bsc#937752). - CVE-2015-5122: Use-after-free vulnerability in the DisplayObject class in the ActionScript 3 (AS3) implementation in Adobe Flash Player allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Flash content that leverages improper handling of the opaqueBackground property (bsc#937752). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-29
    plugin id 84876
    published 2015-07-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=84876
    title SUSE SLED11 Security Update : flash-player (SUSE-SU-2015:1258-1)
packetstorm via4
data source https://packetstormsecurity.com/files/download/132663/adobe_flash_opaque_background_uaf.rb.txt
id PACKETSTORM:132663
last seen 2016-12-05
published 2015-07-13
reporter sinn3r
source https://packetstormsecurity.com/files/132663/Adobe-Flash-opaqueBackground-Use-After-Free.html
title Adobe Flash opaqueBackground Use After Free
redhat via4
advisories
rhsa
id RHSA-2015:1235
refmap via4
bid 75712
cert TA15-195A
cert-vn VU#338736
confirm
exploit-db 37599
gentoo GLSA-201508-01
hp
  • HPSBHF03509
  • HPSBMU03409
  • SSRT102253
misc
sectrack 1032890
suse
  • SUSE-SU-2015:1255
  • SUSE-SU-2015:1258
  • openSUSE-SU-2015:1267
the hacker news via4
Last major update 27-12-2016 - 21:59
Published 14-07-2015 - 06:59
Last modified 23-11-2018 - 00:29
Back to Top