CVE-2015-5119 : Use-after-free vulnerability in the ByteArray class in the ActionScript 3 (AS3)

Use-after-free vulnerability in the ByteArray class in the ActionScript 3 (AS3) implementation in Adobe Flash Player 13.x through 13.0.0.296 and 14.x through 18.0.0.194 on Windows and OS X and 11.x through 11.2.202.468 on Linux allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Flash content that overrides a valueOf function, as exploited in the wild in July 2015.

Published 2015-07-08 14:59:06

Updated 2025-04-21 15:09:01

Source Adobe Systems Incorporated

View at NVD, CVE.org

Vulnerability category: Memory CorruptionExecute codeDenial of service

Products affected by CVE-2015-5119

Redhat » Enterprise Linux Desktop » Version: 5.0
cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Desktop » Version: 6.0
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Eus » Version: 6.6
cpe:2.3:o:redhat:enterprise_linux_eus:6.6:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server » Version: 5.0
cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server » Version: 6.0
cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Workstation » Version: 5.0
cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Workstation » Version: 6.0
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server Aus » Version: 6.6
cpe:2.3:o:redhat:enterprise_linux_server_aus:6.6:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server From Rhui » Version: 6.0
cpe:2.3:o:redhat:enterprise_linux_server_from_rhui:6.0:*:*:*:*:*:*:*
Matching versions
Redhat » Enterprise Linux Server From Rhui » Version: 5.0
cpe:2.3:o:redhat:enterprise_linux_server_from_rhui:5.0:*:*:*:*:*:*:*
Matching versions
Adobe » Flash Player
Versions from including (>=) 13.0.0.182 and up to, including, (<=) 13.0.0296
cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*
Matching versions
When used together with: Apple » Mac Os X » Version: N/A
When used together with: Microsoft » Windows » Version: N/A
Adobe » Flash Player
Versions up to, including, (<=) 11.2.202.468
cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*
Matching versions
When used together with: Linux » Linux Kernel » Version: N/A
Adobe » Flash Player
Versions from including (>=) 14.0.0.125 and up to, including, (<=) 18.0.0.194
cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*
Matching versions
When used together with: Apple » Mac Os X » Version: N/A
When used together with: Microsoft » Windows » Version: N/A
Suse » Linux Enterprise Desktop » Version: 11 Update SP3
cpe:2.3:o:suse:linux_enterprise_desktop:11:sp3:*:*:*:*:*:*
Matching versions
Suse » Linux Enterprise Desktop » Version: 12
cpe:2.3:o:suse:linux_enterprise_desktop:12:-:*:*:*:*:*:*
Matching versions
Suse » Linux Enterprise Desktop » Version: 11 Update SP4
cpe:2.3:o:suse:linux_enterprise_desktop:11:sp4:*:*:*:*:*:*
Matching versions
Suse » Linux Enterprise Workstation Extension » Version: 12
cpe:2.3:o:suse:linux_enterprise_workstation_extension:12:-:*:*:*:*:*:*
Matching versions
Opensuse » Opensuse » Version: 13.2
cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*
Matching versions
Opensuse » Opensuse » Version: 13.1
cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*
Matching versions
Opensuse » Evergreen » Version: 11.4
cpe:2.3:o:opensuse:evergreen:11.4:*:*:*:*:*:*:*
Matching versions

CVE-2015-5119 is in the CISA Known Exploited Vulnerabilities Catalog

CISA vulnerability name:

Adobe Flash Player Use-After-Free Vulnerability

CISA required action:

The impacted product is end-of-life and should be disconnected if still in use.

CISA description:

A use-after-free vulnerability exists within the ActionScript 3 ByteArray class in Adobe Flash Player that allows an attacker to perform remote code execution.

Notes:

https://nvd.nist.gov/vuln/detail/CVE-2015-5119

Added on 2022-03-03 Action due date 2022-03-24

Exploit prediction scoring system (EPSS) score for CVE-2015-5119

EPSS FAQ

93.23%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 100 %

Percentile, the proportion of vulnerabilities that are scored at or less

Metasploit modules for CVE-2015-5119

Adobe Flash Player ByteArray Use After Free

Disclosure Date: 2015-07-06

First seen: 2020-04-26

exploit/multi/browser/adobe_flash_hacking_team_uaf

This module exploits an use after free on Adobe Flash Player. The vulnerability, discovered by Hacking Team and made public as part of the July 2015 data leak, was described as an Use After Free while handling ByteArray objects. This module has been tested successful

More information

CVSS scores for CVE-2015-5119

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
10.0	HIGH	AV:N/AC:L/Au:N/C:C/I:C/A:C	10.0	10.0	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete
9.8	CRITICAL	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	3.9	5.9	134c704f-9b21-4f2e-91b3-4a467353bcc0	2025-02-04
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High
9.8	CRITICAL	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	3.9	5.9	NIST	2024-07-16
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2015-5119

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

Assigned by: nvd@nist.gov (Primary)
CWE-416 Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.
Assigned by:
- 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)
- nvd@nist.gov (Primary)

References for CVE-2015-5119

http://twitter.com/w3bd3vil/statuses/618168863708962816

Twitter / ?
Broken Link
https://helpx.adobe.com/security/products/flash-player/apsb15-16.html

Adobe Security Bulletin
Broken Link;Patch;Vendor Advisory

CVEs referencing this url
http://blog.trendmicro.com/trendlabs-security-intelligence/unpatched-flash-player-flaws-more-pocs-found-in-hacking-team-leak/

Unpatched Flash Player Flaw, More POCs Found in Hacking Team Leak - TrendLabs Security Intelligence Blog
Broken Link
https://packetstormsecurity.com/files/132600/Adobe-Flash-Player-ByteArray-Use-After-Free.html

Adobe Flash Player ByteArray Use After Free ≈ Packet Storm
Exploit;Third Party Advisory;VDB Entry
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00015.html

[security-announce] openSUSE-SU-2015:1207-1: critical: Security update f
Mailing List;Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00018.html

[security-announce] SUSE-SU-2015:1214-1: critical: Security update for f
Mailing List;Third Party Advisory

CVEs referencing this url
http://www.us-cert.gov/ncas/alerts/TA15-195A

Adobe Flash and Microsoft Windows Vulnerabilities | CISA
Third Party Advisory;US Government Resource

CVEs referencing this url
https://helpx.adobe.com/security/products/flash-player/apsa15-03.html

Adobe Security Bulletin
Broken Link;Patch;Vendor Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00016.html

[security-announce] openSUSE-SU-2015:1210-1: critical: Security update f
Mailing List;Third Party Advisory
http://www.rapid7.com/db/modules/exploit/multi/browser/adobe_flash_hacking_team_uaf

Adobe Flash Player ByteArray Use After Free
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00017.html

[security-announce] SUSE-SU-2015:1211-1: critical: Security update for f
Mailing List;Third Party Advisory

CVEs referencing this url
https://security.gentoo.org/glsa/201507-13

Adobe Flash Player: Multiple vulnerabilities (GLSA 201507-13) — Gentoo security
Third Party Advisory

CVEs referencing this url
http://www.securitytracker.com/id/1032809

Adobe Flash Player Use-After-Free Memory Flaw Lets Remote Users Execute Arbitrary Code - SecurityTracker
Broken Link;Third Party Advisory;VDB Entry
http://www.securityfocus.com/bid/75568

Adobe Flash Player ActionScript 3 ByteArray Use After Free Remote Memory Corruption Vulnerability
Broken Link;Third Party Advisory;VDB Entry
http://www.kb.cert.org/vuls/id/561288

VU#561288 - Adobe Flash ActionScript 3 ByteArray use-after-free vulnerability
Third Party Advisory;US Government Resource
http://rhn.redhat.com/errata/RHSA-2015-1214.html

RHSA-2015:1214 - Security Advisory - Red Hat Customer Portal
Third Party Advisory

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2015-5119