Vulnerability Details : CVE-2015-5119
Public exploit exists!
Use-after-free vulnerability in the ByteArray class in the ActionScript 3 (AS3) implementation in Adobe Flash Player 13.x through 13.0.0.296 and 14.x through 18.0.0.194 on Windows and OS X and 11.x through 11.2.202.468 on Linux allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Flash content that overrides a valueOf function, as exploited in the wild in July 2015.
Vulnerability category: Memory CorruptionExecute codeDenial of service
Products affected by CVE-2015-5119
- cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_eus:6.6:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_aus:6.6:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_from_rhui:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_from_rhui:5.0:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*
- cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_desktop:11:sp3:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_desktop:12:-:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_desktop:11:sp4:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_workstation_extension:12:-:*:*:*:*:*:*
- cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:evergreen:11.4:*:*:*:*:*:*:*
CVE-2015-5119 is in the CISA Known Exploited Vulnerabilities Catalog
CISA vulnerability name:
Adobe Flash Player Use-After-Free Vulnerability
CISA required action:
The impacted product is end-of-life and should be disconnected if still in use.
CISA description:
A use-after-free vulnerability exists within the ActionScript 3 ByteArray class in Adobe Flash Player that allows an attacker to perform remote code execution.
Notes:
https://nvd.nist.gov/vuln/detail/CVE-2015-5119
Added on
2022-03-03
Action due date
2022-03-24
Exploit prediction scoring system (EPSS) score for CVE-2015-5119
93.23%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 100 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2015-5119
-
Adobe Flash Player ByteArray Use After Free
Disclosure Date: 2015-07-06First seen: 2020-04-26exploit/multi/browser/adobe_flash_hacking_team_uafThis module exploits an use after free on Adobe Flash Player. The vulnerability, discovered by Hacking Team and made public as part of the July 2015 data leak, was described as an Use After Free while handling ByteArray objects. This module has been tested successful
CVSS scores for CVE-2015-5119
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST | |
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
134c704f-9b21-4f2e-91b3-4a467353bcc0 | 2025-02-04 |
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST | 2024-07-16 |
CWE ids for CVE-2015-5119
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
-
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.Assigned by:
- 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)
- nvd@nist.gov (Primary)
References for CVE-2015-5119
-
http://twitter.com/w3bd3vil/statuses/618168863708962816
Twitter / ?Broken Link
-
https://helpx.adobe.com/security/products/flash-player/apsb15-16.html
Adobe Security BulletinBroken Link;Patch;Vendor Advisory
-
http://blog.trendmicro.com/trendlabs-security-intelligence/unpatched-flash-player-flaws-more-pocs-found-in-hacking-team-leak/
Unpatched Flash Player Flaw, More POCs Found in Hacking Team Leak - TrendLabs Security Intelligence BlogBroken Link
-
https://packetstormsecurity.com/files/132600/Adobe-Flash-Player-ByteArray-Use-After-Free.html
Adobe Flash Player ByteArray Use After Free ≈ Packet StormExploit;Third Party Advisory;VDB Entry
-
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00015.html
[security-announce] openSUSE-SU-2015:1207-1: critical: Security update fMailing List;Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00018.html
[security-announce] SUSE-SU-2015:1214-1: critical: Security update for fMailing List;Third Party Advisory
-
http://www.us-cert.gov/ncas/alerts/TA15-195A
Adobe Flash and Microsoft Windows Vulnerabilities | CISAThird Party Advisory;US Government Resource
-
https://helpx.adobe.com/security/products/flash-player/apsa15-03.html
Adobe Security BulletinBroken Link;Patch;Vendor Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00016.html
[security-announce] openSUSE-SU-2015:1210-1: critical: Security update fMailing List;Third Party Advisory
-
http://www.rapid7.com/db/modules/exploit/multi/browser/adobe_flash_hacking_team_uaf
Adobe Flash Player ByteArray Use After FreeThird Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00017.html
[security-announce] SUSE-SU-2015:1211-1: critical: Security update for fMailing List;Third Party Advisory
-
https://security.gentoo.org/glsa/201507-13
Adobe Flash Player: Multiple vulnerabilities (GLSA 201507-13) — Gentoo securityThird Party Advisory
-
http://www.securitytracker.com/id/1032809
Adobe Flash Player Use-After-Free Memory Flaw Lets Remote Users Execute Arbitrary Code - SecurityTrackerBroken Link;Third Party Advisory;VDB Entry
-
http://www.securityfocus.com/bid/75568
Adobe Flash Player ActionScript 3 ByteArray Use After Free Remote Memory Corruption VulnerabilityBroken Link;Third Party Advisory;VDB Entry
-
http://www.kb.cert.org/vuls/id/561288
VU#561288 - Adobe Flash ActionScript 3 ByteArray use-after-free vulnerabilityThird Party Advisory;US Government Resource
-
http://rhn.redhat.com/errata/RHSA-2015-1214.html
RHSA-2015:1214 - Security Advisory - Red Hat Customer PortalThird Party Advisory
Jump to