CVE-2015-5119 — Vulnetix

Try Vulnetix Request Demo

CVE-2015-5119 PUBLISHED KEV

Use-after-free vulnerability in the ByteArray class in the ActionScript 3 (AS3) implementation in Adobe Flash Player 13.x through 13.0.0.296 and 14.x through 18.0.0.194 on Windows and OS X and 11.x through 11.2.202.468 on Linux allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Flash content that overrides a valueOf function, as exploited in the wild in July 2015.

EPSS 93.21% · 99.8th percentile

Risk Scores

EPSS Score

93.21%

99.8th percentile

Affected Products

Vendor	Product	Versions
Ubuntu:14.04:LTS	flashplugin-nonfree	0, 11.2.202.310ubuntu1, 11.2.202.327ubuntu0.13.10.1

Timeline

Jan 19, 1970 VulnCheck XDB Entry
Jul 5, 2015 VulnCheck KEV Exploitation
Jul 8, 2015 PoC Published
Jul 8, 2015 PoC Published
Jul 8, 2015 PoC Published
Jul 8, 2015 CVE Published
Jul 9, 2015 PoC Published
Jul 13, 2015 PoC Published
Jul 21, 2015 VulnCheck KEV Exploitation
Jul 24, 2015 PoC Published
Aug 10, 2015 VulnCheck KEV Exploitation
Aug 11, 2015 PoC Published

References

https://ubuntu.com/security/CVE-2015-5119 third-party-advisory
http://www.kb.cert.org/vuls/id/561288 third-party-advisory
https://helpx.adobe.com/security/products/flash-player/apsa15-03.html third-party-advisory
https://packetstormsecurity.com/files/132600/Adobe-Flash-Player-ByteArray-Use-After-Free.html third-party-advisory
http://twitter.com/w3bd3vil/statuses/618168863708962816 third-party-advisory
http://blog.trendmicro.com/trendlabs-security-intelligence/unpatched-flash-player-flaws-more-pocs-found-in-hacking-team-leak/ third-party-advisory
https://www.cve.org/CVERecord?id=CVE-2015-5119 third-party-advisory
https://www.cisa.gov/known-exploited-vulnerabilities-catalog third-party-advisory

Open in Interactive Console →