← Voltar para CVEs
CVE-2015-5122
CRITICALCISA KEV9.8
Descricao
Use-after-free vulnerability in the DisplayObject class in the ActionScript 3 (AS3) implementation in Adobe Flash Player 13.x through 13.0.0.302 on Windows and OS X, 14.x through 18.0.0.203 on Windows and OS X, 11.x through 11.2.202.481 on Linux, and 12.x through 18.0.0.204 on Linux Chrome installations allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Flash content that leverages improper handling of the opaqueBackground property, as exploited in the wild in July 2015.
Detalhes CVE
Pontuacao CVSS v3.19.8
SeveridadeCRITICAL
Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vetor de ataqueNETWORK
ComplexidadeLOW
Privilegios necessariosNONE
Interacao do usuarioNONE
Publicado7/14/2015
Ultima modificacao11/17/2025
Fontekev
Avistamentos honeypot0
CISA KEV
FornecedorAdobe
ProdutoFlash Player
Nome da vulnerabilidadeAdobe Flash Player Use-After-Free Vulnerability
Data inclusao KEV2022-04-13
Prazo de remediacao2022-05-04
Uso em ransomwareUnknown
Produtos afetados
adobe:flash_playeradobe:flash_player_desktop_runtimeapple:macoslinux:linux_kernelmicrosoft:windowsmicrosoft:windows_8microsoft:windows_8.1opensuse:evergreenredhat:enterprise_linux_desktopredhat:enterprise_linux_serverredhat:enterprise_linux_server_eusredhat:enterprise_linux_workstationsuse:linux_enterprise_desktopsuse:linux_enterprise_workstation_extension
Fraquezas (CWE)
CWE-416CWE-416
Referencias
http://marc.info/?l=bugtraq&m=144050155601375&w=2(psirt@adobe.com)
http://packetstormsecurity.com/files/132663/Adobe-Flash-opaqueBackground-Use-After-Free.html(psirt@adobe.com)
http://rhn.redhat.com/errata/RHSA-2015-1235.html(psirt@adobe.com)
http://www.kb.cert.org/vuls/id/338736(psirt@adobe.com)
http://www.rapid7.com/db/modules/exploit/multi/browser/adobe_flash_opaque_background_uaf(psirt@adobe.com)
http://www.securityfocus.com/bid/75712(psirt@adobe.com)
http://www.securitytracker.com/id/1032890(psirt@adobe.com)
http://www.us-cert.gov/ncas/alerts/TA15-195A(psirt@adobe.com)
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04796784(psirt@adobe.com)
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04952467(psirt@adobe.com)
https://perception-point.io/new/breaking-cfi.php(psirt@adobe.com)
https://security.gentoo.org/glsa/201508-01(psirt@adobe.com)
https://www.exploit-db.com/exploits/37599/(psirt@adobe.com)
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00028.html(af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00029.html(af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00032.html(af854a3a-2127-422b-91ae-364da2661108)
http://marc.info/?l=bugtraq&m=144050155601375&w=2(af854a3a-2127-422b-91ae-364da2661108)
http://packetstormsecurity.com/files/132663/Adobe-Flash-opaqueBackground-Use-After-Free.html(af854a3a-2127-422b-91ae-364da2661108)
http://rhn.redhat.com/errata/RHSA-2015-1235.html(af854a3a-2127-422b-91ae-364da2661108)
http://www.kb.cert.org/vuls/id/338736(af854a3a-2127-422b-91ae-364da2661108)
http://www.rapid7.com/db/modules/exploit/multi/browser/adobe_flash_opaque_background_uaf(af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/75712(af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id/1032890(af854a3a-2127-422b-91ae-364da2661108)
http://www.us-cert.gov/ncas/alerts/TA15-195A(af854a3a-2127-422b-91ae-364da2661108)
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04796784(af854a3a-2127-422b-91ae-364da2661108)
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04952467(af854a3a-2127-422b-91ae-364da2661108)
https://helpx.adobe.com/security/products/flash-player/apsa15-04.html(af854a3a-2127-422b-91ae-364da2661108)
https://helpx.adobe.com/security/products/flash-player/apsb15-18.html(af854a3a-2127-422b-91ae-364da2661108)
https://perception-point.io/2018/04/11/breaking-cfi-cve-2015-5122-coop/(af854a3a-2127-422b-91ae-364da2661108)
https://perception-point.io/new/breaking-cfi.php(af854a3a-2127-422b-91ae-364da2661108)
https://security.gentoo.org/glsa/201508-01(af854a3a-2127-422b-91ae-364da2661108)
https://www.exploit-db.com/exploits/37599/(af854a3a-2127-422b-91ae-364da2661108)
https://www.fireeye.com/blog/threat-research/2015/07/cve-2015-5122_-_seco.html(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/cisagov/vulnrichment/issues/196(134c704f-9b21-4f2e-91b3-4a467353bcc0)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2015-5122(134c704f-9b21-4f2e-91b3-4a467353bcc0)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.