ID CVE-2015-5123
Summary Use-after-free vulnerability in the BitmapData class in the ActionScript 3 (AS3) implementation in Adobe Flash Player 13.x through 13.0.0.302 on Windows and OS X, 14.x through 18.0.0.203 on Windows and OS X, 11.x through 11.2.202.481 on Linux, and 12.x through 18.0.0.204 on Linux Chrome installations allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Flash content that overrides a valueOf function, as exploited in the wild in July 2015.
References
Vulnerable Configurations
  • cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server_eus:6.6:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server_eus:6.6:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
  • cpe:2.3:o:opensuse:evergreen:11.4:*:*:*:*:*:*:*
    cpe:2.3:o:opensuse:evergreen:11.4:*:*:*:*:*:*:*
  • cpe:2.3:o:suse:linux_enterprise_desktop:11:sp3:*:*:*:*:*:*
    cpe:2.3:o:suse:linux_enterprise_desktop:11:sp3:*:*:*:*:*:*
  • cpe:2.3:o:suse:linux_enterprise_desktop:11:sp4:*:*:*:*:*:*
    cpe:2.3:o:suse:linux_enterprise_desktop:11:sp4:*:*:*:*:*:*
  • cpe:2.3:o:suse:linux_enterprise_desktop:12:*:*:*:*:*:*:*
    cpe:2.3:o:suse:linux_enterprise_desktop:12:*:*:*:*:*:*:*
  • cpe:2.3:o:suse:linux_enterprise_workstation_extension:12:*:*:*:*:*:*:*
    cpe:2.3:o:suse:linux_enterprise_workstation_extension:12:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:flash_player:11.0:*:*:*:*:*:*:*
    cpe:2.3:a:adobe:flash_player:11.0:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:flash_player:11.0.1.152:*:*:*:*:*:*:*
    cpe:2.3:a:adobe:flash_player:11.0.1.152:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:flash_player:11.0.1.152:*:*:*:*:*:x64:*
    cpe:2.3:a:adobe:flash_player:11.0.1.152:*:*:*:*:*:x64:*
  • cpe:2.3:a:adobe:flash_player:11.0.1.153:*:*:*:*:*:*:*
    cpe:2.3:a:adobe:flash_player:11.0.1.153:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:flash_player:11.1:*:*:*:*:*:*:*
    cpe:2.3:a:adobe:flash_player:11.1:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:flash_player:11.1.102.55:*:*:*:*:*:*:*
    cpe:2.3:a:adobe:flash_player:11.1.102.55:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:flash_player:11.1.102.55:*:*:*:*:*:x64:*
    cpe:2.3:a:adobe:flash_player:11.1.102.55:*:*:*:*:*:x64:*
  • cpe:2.3:a:adobe:flash_player:11.1.102.59:*:*:*:*:*:*:*
    cpe:2.3:a:adobe:flash_player:11.1.102.59:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:flash_player:11.1.102.62:*:*:*:*:*:*:*
    cpe:2.3:a:adobe:flash_player:11.1.102.62:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:flash_player:11.1.102.63:*:*:*:*:*:*:*
    cpe:2.3:a:adobe:flash_player:11.1.102.63:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:flash_player:11.1.111.8:*:*:*:*:*:*:*
    cpe:2.3:a:adobe:flash_player:11.1.111.8:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:flash_player:11.1.111.13:*:*:*:*:*:*:*
    cpe:2.3:a:adobe:flash_player:11.1.111.13:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:flash_player:11.1.111.44:*:*:*:*:*:*:*
    cpe:2.3:a:adobe:flash_player:11.1.111.44:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:flash_player:11.1.111.50:*:*:*:*:*:*:*
    cpe:2.3:a:adobe:flash_player:11.1.111.50:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:flash_player:11.1.111.54:*:*:*:*:*:*:*
    cpe:2.3:a:adobe:flash_player:11.1.111.54:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:flash_player:11.1.111.64:*:*:*:*:*:*:*
    cpe:2.3:a:adobe:flash_player:11.1.111.64:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:flash_player:11.1.111.73:*:*:*:*:*:*:*
    cpe:2.3:a:adobe:flash_player:11.1.111.73:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:flash_player:11.1.115.7:*:*:*:*:*:*:*
    cpe:2.3:a:adobe:flash_player:11.1.115.7:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:flash_player:11.1.115.34:*:*:*:*:*:*:*
    cpe:2.3:a:adobe:flash_player:11.1.115.34:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:flash_player:11.1.115.48:*:*:*:*:*:*:*
    cpe:2.3:a:adobe:flash_player:11.1.115.48:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:flash_player:11.1.115.54:*:*:*:*:*:*:*
    cpe:2.3:a:adobe:flash_player:11.1.115.54:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:flash_player:11.1.115.58:*:*:*:*:*:*:*
    cpe:2.3:a:adobe:flash_player:11.1.115.58:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:flash_player:11.1.115.59:*:*:*:*:*:*:*
    cpe:2.3:a:adobe:flash_player:11.1.115.59:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:flash_player:11.1.115.63:*:*:*:*:*:*:*
    cpe:2.3:a:adobe:flash_player:11.1.115.63:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:flash_player:11.1.115.69:*:*:*:*:*:*:*
    cpe:2.3:a:adobe:flash_player:11.1.115.69:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:flash_player:11.1.115.81:*:*:*:*:*:*:*
    cpe:2.3:a:adobe:flash_player:11.1.115.81:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:flash_player:11.2.202.223:*:*:*:*:*:*:*
    cpe:2.3:a:adobe:flash_player:11.2.202.223:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:flash_player:11.2.202.228:*:*:*:*:*:*:*
    cpe:2.3:a:adobe:flash_player:11.2.202.228:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:flash_player:11.2.202.233:*:*:*:*:*:*:*
    cpe:2.3:a:adobe:flash_player:11.2.202.233:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:flash_player:11.2.202.235:*:*:*:*:*:*:*
    cpe:2.3:a:adobe:flash_player:11.2.202.235:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:flash_player:11.2.202.236:*:*:*:*:*:*:*
    cpe:2.3:a:adobe:flash_player:11.2.202.236:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:flash_player:11.2.202.238:*:*:*:*:*:*:*
    cpe:2.3:a:adobe:flash_player:11.2.202.238:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:flash_player:11.2.202.243:*:*:*:*:*:*:*
    cpe:2.3:a:adobe:flash_player:11.2.202.243:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:flash_player:11.2.202.251:*:*:*:*:*:*:*
    cpe:2.3:a:adobe:flash_player:11.2.202.251:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:flash_player:11.2.202.258:*:*:*:*:*:*:*
    cpe:2.3:a:adobe:flash_player:11.2.202.258:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:flash_player:11.2.202.261:*:*:*:*:*:*:*
    cpe:2.3:a:adobe:flash_player:11.2.202.261:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:flash_player:11.2.202.262:*:*:*:*:*:*:*
    cpe:2.3:a:adobe:flash_player:11.2.202.262:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:flash_player:11.2.202.270:*:*:*:*:*:*:*
    cpe:2.3:a:adobe:flash_player:11.2.202.270:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:flash_player:11.2.202.273:*:*:*:*:*:*:*
    cpe:2.3:a:adobe:flash_player:11.2.202.273:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:flash_player:11.2.202.275:*:*:*:*:*:*:*
    cpe:2.3:a:adobe:flash_player:11.2.202.275:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:flash_player:11.2.202.280:*:*:*:*:*:*:*
    cpe:2.3:a:adobe:flash_player:11.2.202.280:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:flash_player:11.2.202.285:*:*:*:*:*:*:*
    cpe:2.3:a:adobe:flash_player:11.2.202.285:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:flash_player:11.2.202.291:*:*:*:*:*:*:*
    cpe:2.3:a:adobe:flash_player:11.2.202.291:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:flash_player:11.2.202.297:*:*:*:*:*:*:*
    cpe:2.3:a:adobe:flash_player:11.2.202.297:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:flash_player:11.2.202.310:*:*:*:*:*:*:*
    cpe:2.3:a:adobe:flash_player:11.2.202.310:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:flash_player:11.2.202.327:*:*:*:*:*:*:*
    cpe:2.3:a:adobe:flash_player:11.2.202.327:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:flash_player:11.2.202.332:*:*:*:*:*:*:*
    cpe:2.3:a:adobe:flash_player:11.2.202.332:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:flash_player:11.2.202.335:*:*:*:*:*:*:*
    cpe:2.3:a:adobe:flash_player:11.2.202.335:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:flash_player:11.2.202.336:*:*:*:*:*:*:*
    cpe:2.3:a:adobe:flash_player:11.2.202.336:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:flash_player:11.2.202.341:*:*:*:*:*:*:*
    cpe:2.3:a:adobe:flash_player:11.2.202.341:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:flash_player:11.2.202.346:*:*:*:*:*:*:*
    cpe:2.3:a:adobe:flash_player:11.2.202.346:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:flash_player:11.2.202.350:*:*:*:*:*:*:*
    cpe:2.3:a:adobe:flash_player:11.2.202.350:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:flash_player:11.2.202.356:*:*:*:*:*:*:*
    cpe:2.3:a:adobe:flash_player:11.2.202.356:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:flash_player:11.2.202.359:*:*:*:*:*:*:*
    cpe:2.3:a:adobe:flash_player:11.2.202.359:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:flash_player:11.2.202.378:*:*:*:*:*:*:*
    cpe:2.3:a:adobe:flash_player:11.2.202.378:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:flash_player:11.2.202.394:*:*:*:*:*:*:*
    cpe:2.3:a:adobe:flash_player:11.2.202.394:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:flash_player:11.2.202.400:*:*:*:*:*:*:*
    cpe:2.3:a:adobe:flash_player:11.2.202.400:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:flash_player:11.2.202.406:*:*:*:*:*:*:*
    cpe:2.3:a:adobe:flash_player:11.2.202.406:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:flash_player:11.2.202.411:*:*:*:*:*:*:*
    cpe:2.3:a:adobe:flash_player:11.2.202.411:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:flash_player:11.2.202.418:*:*:*:*:*:*:*
    cpe:2.3:a:adobe:flash_player:11.2.202.418:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:flash_player:11.2.202.424:*:*:*:*:*:*:*
    cpe:2.3:a:adobe:flash_player:11.2.202.424:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:flash_player:11.2.202.425:*:*:*:*:*:*:*
    cpe:2.3:a:adobe:flash_player:11.2.202.425:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:flash_player:11.2.202.429:*:*:*:*:*:*:*
    cpe:2.3:a:adobe:flash_player:11.2.202.429:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:flash_player:11.2.202.438:*:*:*:*:*:*:*
    cpe:2.3:a:adobe:flash_player:11.2.202.438:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:flash_player:11.2.202.440:*:*:*:*:*:*:*
    cpe:2.3:a:adobe:flash_player:11.2.202.440:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:flash_player:11.2.202.442:*:*:*:*:*:*:*
    cpe:2.3:a:adobe:flash_player:11.2.202.442:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:flash_player:11.2.202.451:*:*:*:*:*:*:*
    cpe:2.3:a:adobe:flash_player:11.2.202.451:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:flash_player:11.2.202.457:*:*:*:*:*:*:*
    cpe:2.3:a:adobe:flash_player:11.2.202.457:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:flash_player:11.2.202.460:*:*:*:*:*:*:*
    cpe:2.3:a:adobe:flash_player:11.2.202.460:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:flash_player:11.2.202.466:*:*:*:*:*:*:*
    cpe:2.3:a:adobe:flash_player:11.2.202.466:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:flash_player:11.2.202.468:*:*:*:*:*:*:*
    cpe:2.3:a:adobe:flash_player:11.2.202.468:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:flash_player:11.2.202.475:*:*:*:*:*:*:*
    cpe:2.3:a:adobe:flash_player:11.2.202.475:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:flash_player:11.2.202.481:*:*:*:*:*:*:*
    cpe:2.3:a:adobe:flash_player:11.2.202.481:*:*:*:*:*:*:*
  • cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
    cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:flash_player:13.0:*:*:*:esr:*:*:*
    cpe:2.3:a:adobe:flash_player:13.0:*:*:*:esr:*:*:*
  • cpe:2.3:a:adobe:flash_player:13.0.0.302:*:*:*:esr:*:*:*
    cpe:2.3:a:adobe:flash_player:13.0.0.302:*:*:*:esr:*:*:*
  • cpe:2.3:a:adobe:flash_player:*:*:*:*:chrome:*:*:*
    cpe:2.3:a:adobe:flash_player:*:*:*:*:chrome:*:*:*
  • cpe:2.3:a:adobe:flash_player_desktop_runtime:18.0:*:*:*:*:*:*:*
    cpe:2.3:a:adobe:flash_player_desktop_runtime:18.0:*:*:*:*:*:*:*
  • cpe:2.3:a:adobe:flash_player_desktop_runtime:18.0.0.203:*:*:*:*:*:*:*
    cpe:2.3:a:adobe:flash_player_desktop_runtime:18.0.0.203:*:*:*:*:*:*:*
  • cpe:2.3:o:apple:mac_os:-:*:*:*:*:*:*:*
    cpe:2.3:o:apple:mac_os:-:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
CVSS
Base: 10.0 (as of 09-10-2019 - 23:14)
Impact:
Exploitability:
CWE CWE-416
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:L/Au:N/C:C/I:C/A:C
redhat via4
advisories
rhsa
id RHSA-2015:1235
refmap via4
bid 75710
cert TA15-195A
cert-vn VU#918568
confirm
gentoo GLSA-201508-01
hp
  • HPSBHF03509
  • HPSBMU03409
  • SSRT102253
misc http://blog.trendmicro.com/trendlabs-security-intelligence/new-zero-day-vulnerability-cve-2015-5123-in-adobe-flash-emerges-from-hacking-team-leak/
sectrack 1032890
suse
  • SUSE-SU-2015:1255
  • SUSE-SU-2015:1258
  • openSUSE-SU-2015:1267
Last major update 09-10-2019 - 23:14
Published 14-07-2015 - 10:59
Back to Top