Vulnerability Details : CVE-2015-5122
Public exploit exists!
Use-after-free vulnerability in the DisplayObject class in the ActionScript 3 (AS3) implementation in Adobe Flash Player 13.x through 13.0.0.302 on Windows and OS X, 14.x through 18.0.0.203 on Windows and OS X, 11.x through 11.2.202.481 on Linux, and 12.x through 18.0.0.204 on Linux Chrome installations allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Flash content that leverages improper handling of the opaqueBackground property, as exploited in the wild in July 2015.
Vulnerability category: Memory CorruptionExecute codeDenial of service
Products affected by CVE-2015-5122
- cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_eus:6.6:*:*:*:*:*:*:*
- Adobe » Flash Player » ESR EditionVersions from including (>=) 13.0 and up to, including, (<=) 13.0.0.302cpe:2.3:a:adobe:flash_player:*:*:*:*:esr:*:*:*
- Adobe » Flash Player » For ChromeVersions from including (>=) 18.0 and up to, including, (<=) 18.0.0.204cpe:2.3:a:adobe:flash_player:*:*:*:*:*:chrome:*:*
- Adobe » Flash Player » For Internet Explorer 11Versions from including (>=) 18.0 and up to, including, (<=) 18.0.0.203cpe:2.3:a:adobe:flash_player:*:*:*:*:*:internet_explorer_11:*:*
- Adobe » Flash Player » For Internet Explorer 10Versions from including (>=) 18.0 and up to, including, (<=) 18.0.0.203cpe:2.3:a:adobe:flash_player:*:*:*:*:*:internet_explorer_10:*:*
- cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*
- Adobe » Flash Player » For ChromeVersions from including (>=) 18.0 and up to, including, (<=) 18.0.0.203cpe:2.3:a:adobe:flash_player:*:*:*:*:*:chrome:*:*
- Adobe » Flash Player Desktop RuntimeVersions from including (>=) 18.0 and up to, including, (<=) 18.0.0.203cpe:2.3:a:adobe:flash_player_desktop_runtime:*:*:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_desktop:11:sp3:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_desktop:12:*:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_desktop:11:sp4:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_workstation_extension:12:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:evergreen:11.4:*:*:*:*:*:*:*
CVE-2015-5122 is in the CISA Known Exploited Vulnerabilities Catalog
CISA vulnerability name:
Adobe Flash Player Use-After-Free Vulnerability
CISA required action:
The impacted product is end-of-life and should be disconnected if still in use.
CISA description:
Use-after-free vulnerability in the DisplayObject class in the ActionScript 3 (AS3) implementation in Adobe Flash Player allows remote attackers to execute code or cause a denial-of-service (DoS).
Notes:
https://nvd.nist.gov/vuln/detail/CVE-2015-5122
Added on
2022-04-13
Action due date
2022-05-04
Exploit prediction scoring system (EPSS) score for CVE-2015-5122
96.96%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 100 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2015-5122
-
Adobe Flash opaqueBackground Use After Free
Disclosure Date: 2015-07-06First seen: 2020-04-26exploit/multi/browser/adobe_flash_opaque_background_uafThis module exploits an use after free on Adobe Flash Player. The vulnerability, discovered by Hacking Team and made public as part of the July 2015 data leak, was described as an Use After Free while handling the opaqueBackground property 7 setter of the flash.displ
CVSS scores for CVE-2015-5122
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST | |
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST | 2024-07-02 |
CWE ids for CVE-2015-5122
-
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.Assigned by: nvd@nist.gov (Primary)
References for CVE-2015-5122
-
https://helpx.adobe.com/security/products/flash-player/apsa15-04.html
Adobe Security BulletinBroken Link;Vendor Advisory
-
https://perception-point.io/new/breaking-cfi.php
Threat Intelligence Blog | Perception PointBroken Link;Third Party Advisory
-
http://www.rapid7.com/db/modules/exploit/multi/browser/adobe_flash_opaque_background_uaf
Adobe Flash opaqueBackground Use After FreeThird Party Advisory
-
https://helpx.adobe.com/security/products/flash-player/apsb15-18.html
Adobe Security BulletinBroken Link;Vendor Advisory
-
https://www.exploit-db.com/exploits/37599/
Adobe Flash - opaqueBackground Use-After-Free (Metasploit)Exploit;Third Party Advisory;VDB Entry
-
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00028.html
[security-announce] SUSE-SU-2015:1255-1: critical: Security update for fMailing List;Third Party Advisory
-
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04952467
HPSBHF03538 rev.1 - HPE iMC Service Health Manager (SHM) and iMC PLAT running Adobe Flash, Remote Code Execution, Denial of Service (DoS)Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00032.html
[security-announce] openSUSE-SU-2015:1267-1: critical: flash-playerMailing List;Third Party Advisory
-
https://perception-point.io/2018/04/11/breaking-cfi-cve-2015-5122-coop/
CVE-2015-5122: Exploitation using COOP | Perception PointBroken Link;Third Party Advisory
-
http://www.us-cert.gov/ncas/alerts/TA15-195A
Adobe Flash and Microsoft Windows Vulnerabilities | CISAThird Party Advisory;US Government Resource
-
https://security.gentoo.org/glsa/201508-01
Adobe Flash Player: Multiple vulnerabilities (GLSA 201508-01) — Gentoo securityThird Party Advisory
-
http://www.securityfocus.com/bid/75712
Adobe Flash Player CVE-2015-5122 Use After Free Remote Memory Corruption VulnerabilityBroken Link;Third Party Advisory;VDB Entry
-
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00029.html
[security-announce] SUSE-SU-2015:1258-1: critical: Security update for fMailing List;Third Party Advisory
-
https://www.fireeye.com/blog/threat-research/2015/07/cve-2015-5122_-_seco.html
Second Adobe Flash Zero-Day CVE-2015-5122 from HackingTeam Exploited in Strategic Web Compromise Targeting Japanese Victims | FireEye IncBroken Link;Third Party Advisory
-
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04796784
HP Support for Technical Help and Troubleshooting | HP® Customer Service.Broken Link;Third Party Advisory
-
http://rhn.redhat.com/errata/RHSA-2015-1235.html
RHSA-2015:1235 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
http://www.securitytracker.com/id/1032890
Adobe Flash Player Use-After-Free Memory Flaw Lets Remote Users Execute Arbitrary Code - SecurityTrackerBroken Link;Third Party Advisory;VDB Entry
-
http://packetstormsecurity.com/files/132663/Adobe-Flash-opaqueBackground-Use-After-Free.html
Adobe Flash opaqueBackground Use After Free ≈ Packet StormExploit;Third Party Advisory;VDB Entry
-
http://www.kb.cert.org/vuls/id/338736
VU#338736 - Adobe Flash ActionScript 3 opaqueBackground use-after-free vulnerabilityThird Party Advisory;US Government Resource
-
http://marc.info/?l=bugtraq&m=144050155601375&w=2
'[security bulletin] HPSBMU03409 rev.1 - HP Matrix Operating Environment, Multiple Vulnerabilities' - MARCMailing List;Third Party Advisory
Jump to