VDB
CVE-2015-5119
CVE-2015-5119
PUBLISHED
KEV
Use-after-free vulnerability in the ByteArray class in the ActionScript 3 (AS3) implementation in Adobe Flash Player 13.x through 13.0.0.296 and 14.x through 18.0.0.194 on Windows and OS X and 11.x through 11.2.202.468 on Linux allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Flash content that overrides a valueOf function, as exploited in the wild in July 2015.
EPSS 93.20% · 99.8th percentile
Risk Scores
EPSS Score
93.20%
99.8th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:14.04:LTS | flashplugin-nonfree | 11.2.202.327ubuntu0.13.10.1, 11.2.202.332ubuntu1, 11.2.202.335ubuntu1 |
Exploit Intelligence
- jvazquez-r7/CVE-2015-5119 (github-poc-repo)
- jvazquez-r7/CVE-2015-5119 (github-poc-repo)
- jvazquez-r7/CVE-2015-5119 (github-poc-repo)
- jvazquez-r7/CVE-2015-5119 (github-poc-repo)
- jvazquez-r7/CVE-2015-5119 (github-poc-repo)
- jvazquez-r7/CVE-2015-5119 (github-poc-repo)
- jvazquez-r7/CVE-2015-5119 (github-poc-repo)
- jvazquez-r7/CVE-2015-5119 (github-poc-repo)
- Archive from the article CVE-2015-5119 Flash ByteArray UaF: A beginner's walkthrough (github-poc-repo)
- Archive from the article CVE-2015-5119 Flash ByteArray UaF: A beginner's walkthrough (github-poc-repo)
…and 178 more exploits
Timeline
- Jan 19, 1970 VulnCheck XDB Entry
- Jul 5, 2015 VulnCheck KEV Exploitation
- Jul 8, 2015 PoC Published
- Jul 8, 2015 PoC Published
- Jul 8, 2015 PoC Published
- Jul 8, 2015 CVE Published
- Jul 9, 2015 PoC Published
- Jul 13, 2015 PoC Published
- Jul 21, 2015 VulnCheck KEV Exploitation
- Jul 24, 2015 PoC Published
- Aug 10, 2015 VulnCheck KEV Exploitation
- Aug 11, 2015 PoC Published
References
- https://ubuntu.com/security/CVE-2015-5119 third-party-advisory
- http://www.kb.cert.org/vuls/id/561288 third-party-advisory
- https://helpx.adobe.com/security/products/flash-player/apsa15-03.html third-party-advisory
- https://packetstormsecurity.com/files/132600/Adobe-Flash-Player-ByteArray-Use-After-Free.html third-party-advisory
- http://twitter.com/w3bd3vil/statuses/618168863708962816 third-party-advisory
- http://blog.trendmicro.com/trendlabs-security-intelligence/unpatched-flash-player-flaws-more-pocs-found-in-hacking-team-leak/ third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2015-5119 third-party-advisory
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog third-party-advisory