Use-after-free vulnerability in the ByteArray class in the ActionScript 3 (AS3) implementation in Adobe Flash Player 13.x through 13.0.0.296 and 14.x through 18.0.0.194 on Windows and OS X and 11.x through 11.2.202.468 on Linux allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Flash content that overrides a valueOf function, as exploited in the wild in July 2015.
Published 2015-07-08 14:59:06
Updated 2017-01-20 02:59:03
View at NVD,   CVE.org
Vulnerability category: OverflowMemory CorruptionExecute codeDenial of service

CVE-2015-5119 is in the CISA Known Exploited Vulnerabilities Catalog

CISA vulnerability name:
Adobe Flash Player Use-After-Free Vulnerability
CISA required action:
The impacted product is end-of-life and should be disconnected if still in use.
CISA description:
A use-after-free vulnerability exists within the ActionScript 3 ByteArray class in Adobe Flash Player that allows an attacker to perform remote code execution.
Added on 2022-03-03 Action due date 2022-03-24

Exploit prediction scoring system (EPSS) score for CVE-2015-5119

97.44%
Probability of exploitation activity in the next 30 days EPSS Score History
~ 100 %
Percentile, the proportion of vulnerabilities that are scored at or less

Metasploit modules for CVE-2015-5119

  • Adobe Flash Player ByteArray Use After Free
    Disclosure Date: 2015-07-06
    First seen: 2020-04-26
    exploit/multi/browser/adobe_flash_hacking_team_uaf
    This module exploits an use after free on Adobe Flash Player. The vulnerability, discovered by Hacking Team and made public as part of the July 2015 data leak, was described as an Use After Free while handling ByteArray objects. This module has been tested successful

CVSS scores for CVE-2015-5119

Base Score Base Severity CVSS Vector Exploitability Score Impact Score Score Source First Seen
10.0
HIGH AV:N/AC:L/Au:N/C:C/I:C/A:C
10.0
10.0
NIST

CWE ids for CVE-2015-5119

References for CVE-2015-5119

Products affected by CVE-2015-5119

This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!