CVE-2015-5119
Adobe Flash Player Use-After-Free Vulnerability
Severity Score
9.8
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
6
*Multiple Sources
Exploited in Wild
Yes
*KEV
Decision
Act
*SSVC
Descriptions
Use-after-free vulnerability in the ByteArray class in the ActionScript 3 (AS3) implementation in Adobe Flash Player 13.x through 13.0.0.296 and 14.x through 18.0.0.194 on Windows and OS X and 11.x through 11.2.202.468 on Linux allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Flash content that overrides a valueOf function, as exploited in the wild in July 2015.
Vulnerabilidad de uso después de liberación de memoria en la clase ByteArray en la implementación ActionScript 3 (AS3) en Adobe Flash Player 13.x hasta la versión 13.0.0.296 y 14.x hasta la versión 18.0.0.194 en Windows y OS X y 11.x hasta la versión 11.2.202.468 en Linux permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria) a través de contenido Flash manipulado que anula una función valueOf, según se ha explotado activamente en julio de 2015.
The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities are detailed in the Adobe Security Bulletin APSB15-16 listed in the References section. Multiple flaws were found in the way flash-plugin displayed certain SWF content. An attacker could use these flaws to create a specially crafted SWF file that would cause flash-plugin to crash or, potentially, execute arbitrary code when the victim loaded a page containing the malicious SWF content.
A use-after-free vulnerability exists within the ActionScript 3 ByteArray class in Adobe Flash Player that allows an attacker to perform remote code execution.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:Act
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2015-06-26 CVE Reserved
- 2015-07-08 CVE Published
- 2015-07-08 First Exploit
- 2022-03-03 Exploited in Wild
- 2022-03-24 KEV Due Date
- 2025-02-04 CVE Updated
- 2025-04-18 EPSS Updated
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
- CWE-416: Use After Free
CAPEC
References (24)
| URL | Tag | Source |
|---|---|---|
| http://blog.trendmicro.com/trendlabs-security-intelligence/unpatched-flash-player-flaws-more-pocs-found-in-hacking-team-leak | X_refsource_misc | |
| http://twitter.com/w3bd3vil/statuses/618168863708962816 | X_refsource_misc | |
| http://www.kb.cert.org/vuls/id/561288 | Third Party Advisory |
|
| http://www.rapid7.com/db/modules/exploit/multi/browser/adobe_flash_hacking_team_uaf | X_refsource_misc | |
| http://www.securityfocus.com/bid/75568 | Vdb Entry | |
| http://www.securitytracker.com/id/1032809 | Vdb Entry | |
| http://www.us-cert.gov/ncas/alerts/TA15-195A | Third Party Advisory | |
| https://twitter.com/w3bd3vil/status/618168863708962816 |
| URL | Date | SRC |
|---|---|---|
| https://packetstorm.news/files/id/132600 | 2015-07-08 | |
| https://www.exploit-db.com/exploits/37523 | 2015-07-08 | |
| https://github.com/jvazquez-r7/CVE-2015-5119 | 2015-08-04 | |
| https://github.com/dangokyo/CVE-2015-5119 | 2018-08-21 | |
| https://github.com/CiscoCXSecurity/CVE-2015-5119_walkthrough | 2024-08-12 | |
| https://packetstormsecurity.com/files/132600/Adobe-Flash-Player-ByteArray-Use-After-Free.html | 2025-02-04 |
| URL | Date | SRC |
|---|---|---|
| https://helpx.adobe.com/security/products/flash-player/apsa15-03.html | 2015-07-06 | |
| https://helpx.adobe.com/security/products/flash-player/apsb15-16.html | 2017-01-20 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Adobe Search vendor "Adobe" | Flash Player Search vendor "Adobe" for product "Flash Player" | <= 13.0.0.292 Search vendor "Adobe" for product "Flash Player" and version " <= 13.0.0.292" | - |
Affected
| in | Apple Search vendor "Apple" | Mac Os X Search vendor "Apple" for product "Mac Os X" | - | - |
Safe
|
| Adobe Search vendor "Adobe" | Flash Player Search vendor "Adobe" for product "Flash Player" | <= 13.0.0.292 Search vendor "Adobe" for product "Flash Player" and version " <= 13.0.0.292" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | - | - |
Safe
|
| Adobe Search vendor "Adobe" | Flash Player Search vendor "Adobe" for product "Flash Player" | 14.0.0.125 Search vendor "Adobe" for product "Flash Player" and version "14.0.0.125" | - |
Affected
| in | Apple Search vendor "Apple" | Mac Os X Search vendor "Apple" for product "Mac Os X" | - | - |
Safe
|
| Adobe Search vendor "Adobe" | Flash Player Search vendor "Adobe" for product "Flash Player" | 14.0.0.125 Search vendor "Adobe" for product "Flash Player" and version "14.0.0.125" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | - | - |
Safe
|
| Adobe Search vendor "Adobe" | Flash Player Search vendor "Adobe" for product "Flash Player" | 14.0.0.145 Search vendor "Adobe" for product "Flash Player" and version "14.0.0.145" | - |
Affected
| in | Apple Search vendor "Apple" | Mac Os X Search vendor "Apple" for product "Mac Os X" | - | - |
Safe
|
| Adobe Search vendor "Adobe" | Flash Player Search vendor "Adobe" for product "Flash Player" | 14.0.0.145 Search vendor "Adobe" for product "Flash Player" and version "14.0.0.145" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | - | - |
Safe
|
| Adobe Search vendor "Adobe" | Flash Player Search vendor "Adobe" for product "Flash Player" | 14.0.0.176 Search vendor "Adobe" for product "Flash Player" and version "14.0.0.176" | - |
Affected
| in | Apple Search vendor "Apple" | Mac Os X Search vendor "Apple" for product "Mac Os X" | - | - |
Safe
|
| Adobe Search vendor "Adobe" | Flash Player Search vendor "Adobe" for product "Flash Player" | 14.0.0.176 Search vendor "Adobe" for product "Flash Player" and version "14.0.0.176" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | - | - |
Safe
|
| Adobe Search vendor "Adobe" | Flash Player Search vendor "Adobe" for product "Flash Player" | 14.0.0.179 Search vendor "Adobe" for product "Flash Player" and version "14.0.0.179" | - |
Affected
| in | Apple Search vendor "Apple" | Mac Os X Search vendor "Apple" for product "Mac Os X" | - | - |
Safe
|
| Adobe Search vendor "Adobe" | Flash Player Search vendor "Adobe" for product "Flash Player" | 14.0.0.179 Search vendor "Adobe" for product "Flash Player" and version "14.0.0.179" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | - | - |
Safe
|
| Adobe Search vendor "Adobe" | Flash Player Search vendor "Adobe" for product "Flash Player" | 15.0.0.152 Search vendor "Adobe" for product "Flash Player" and version "15.0.0.152" | - |
Affected
| in | Apple Search vendor "Apple" | Mac Os X Search vendor "Apple" for product "Mac Os X" | - | - |
Safe
|
| Adobe Search vendor "Adobe" | Flash Player Search vendor "Adobe" for product "Flash Player" | 15.0.0.152 Search vendor "Adobe" for product "Flash Player" and version "15.0.0.152" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | - | - |
Safe
|
| Adobe Search vendor "Adobe" | Flash Player Search vendor "Adobe" for product "Flash Player" | 15.0.0.167 Search vendor "Adobe" for product "Flash Player" and version "15.0.0.167" | - |
Affected
| in | Apple Search vendor "Apple" | Mac Os X Search vendor "Apple" for product "Mac Os X" | - | - |
Safe
|
| Adobe Search vendor "Adobe" | Flash Player Search vendor "Adobe" for product "Flash Player" | 15.0.0.167 Search vendor "Adobe" for product "Flash Player" and version "15.0.0.167" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | - | - |
Safe
|
| Adobe Search vendor "Adobe" | Flash Player Search vendor "Adobe" for product "Flash Player" | 15.0.0.189 Search vendor "Adobe" for product "Flash Player" and version "15.0.0.189" | - |
Affected
| in | Apple Search vendor "Apple" | Mac Os X Search vendor "Apple" for product "Mac Os X" | - | - |
Safe
|
| Adobe Search vendor "Adobe" | Flash Player Search vendor "Adobe" for product "Flash Player" | 15.0.0.189 Search vendor "Adobe" for product "Flash Player" and version "15.0.0.189" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | - | - |
Safe
|
| Adobe Search vendor "Adobe" | Flash Player Search vendor "Adobe" for product "Flash Player" | 15.0.0.223 Search vendor "Adobe" for product "Flash Player" and version "15.0.0.223" | - |
Affected
| in | Apple Search vendor "Apple" | Mac Os X Search vendor "Apple" for product "Mac Os X" | - | - |
Safe
|
| Adobe Search vendor "Adobe" | Flash Player Search vendor "Adobe" for product "Flash Player" | 15.0.0.223 Search vendor "Adobe" for product "Flash Player" and version "15.0.0.223" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | - | - |
Safe
|
| Adobe Search vendor "Adobe" | Flash Player Search vendor "Adobe" for product "Flash Player" | 15.0.0.239 Search vendor "Adobe" for product "Flash Player" and version "15.0.0.239" | - |
Affected
| in | Apple Search vendor "Apple" | Mac Os X Search vendor "Apple" for product "Mac Os X" | - | - |
Safe
|
| Adobe Search vendor "Adobe" | Flash Player Search vendor "Adobe" for product "Flash Player" | 15.0.0.239 Search vendor "Adobe" for product "Flash Player" and version "15.0.0.239" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | - | - |
Safe
|
| Adobe Search vendor "Adobe" | Flash Player Search vendor "Adobe" for product "Flash Player" | 15.0.0.246 Search vendor "Adobe" for product "Flash Player" and version "15.0.0.246" | - |
Affected
| in | Apple Search vendor "Apple" | Mac Os X Search vendor "Apple" for product "Mac Os X" | - | - |
Safe
|
| Adobe Search vendor "Adobe" | Flash Player Search vendor "Adobe" for product "Flash Player" | 15.0.0.246 Search vendor "Adobe" for product "Flash Player" and version "15.0.0.246" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | - | - |
Safe
|
| Adobe Search vendor "Adobe" | Flash Player Search vendor "Adobe" for product "Flash Player" | 16.0.0.235 Search vendor "Adobe" for product "Flash Player" and version "16.0.0.235" | - |
Affected
| in | Apple Search vendor "Apple" | Mac Os X Search vendor "Apple" for product "Mac Os X" | - | - |
Safe
|
| Adobe Search vendor "Adobe" | Flash Player Search vendor "Adobe" for product "Flash Player" | 16.0.0.235 Search vendor "Adobe" for product "Flash Player" and version "16.0.0.235" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | - | - |
Safe
|
| Adobe Search vendor "Adobe" | Flash Player Search vendor "Adobe" for product "Flash Player" | 16.0.0.257 Search vendor "Adobe" for product "Flash Player" and version "16.0.0.257" | - |
Affected
| in | Apple Search vendor "Apple" | Mac Os X Search vendor "Apple" for product "Mac Os X" | - | - |
Safe
|
| Adobe Search vendor "Adobe" | Flash Player Search vendor "Adobe" for product "Flash Player" | 16.0.0.257 Search vendor "Adobe" for product "Flash Player" and version "16.0.0.257" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | - | - |
Safe
|
| Adobe Search vendor "Adobe" | Flash Player Search vendor "Adobe" for product "Flash Player" | 16.0.0.287 Search vendor "Adobe" for product "Flash Player" and version "16.0.0.287" | - |
Affected
| in | Apple Search vendor "Apple" | Mac Os X Search vendor "Apple" for product "Mac Os X" | - | - |
Safe
|
| Adobe Search vendor "Adobe" | Flash Player Search vendor "Adobe" for product "Flash Player" | 16.0.0.287 Search vendor "Adobe" for product "Flash Player" and version "16.0.0.287" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | - | - |
Safe
|
| Adobe Search vendor "Adobe" | Flash Player Search vendor "Adobe" for product "Flash Player" | 16.0.0.296 Search vendor "Adobe" for product "Flash Player" and version "16.0.0.296" | - |
Affected
| in | Apple Search vendor "Apple" | Mac Os X Search vendor "Apple" for product "Mac Os X" | - | - |
Safe
|
| Adobe Search vendor "Adobe" | Flash Player Search vendor "Adobe" for product "Flash Player" | 16.0.0.296 Search vendor "Adobe" for product "Flash Player" and version "16.0.0.296" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | - | - |
Safe
|
| Adobe Search vendor "Adobe" | Flash Player Search vendor "Adobe" for product "Flash Player" | 17.0.0.134 Search vendor "Adobe" for product "Flash Player" and version "17.0.0.134" | - |
Affected
| in | Apple Search vendor "Apple" | Mac Os X Search vendor "Apple" for product "Mac Os X" | - | - |
Safe
|
| Adobe Search vendor "Adobe" | Flash Player Search vendor "Adobe" for product "Flash Player" | 17.0.0.134 Search vendor "Adobe" for product "Flash Player" and version "17.0.0.134" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | - | - |
Safe
|
| Adobe Search vendor "Adobe" | Flash Player Search vendor "Adobe" for product "Flash Player" | 17.0.0.169 Search vendor "Adobe" for product "Flash Player" and version "17.0.0.169" | - |
Affected
| in | Apple Search vendor "Apple" | Mac Os X Search vendor "Apple" for product "Mac Os X" | - | - |
Safe
|
| Adobe Search vendor "Adobe" | Flash Player Search vendor "Adobe" for product "Flash Player" | 17.0.0.169 Search vendor "Adobe" for product "Flash Player" and version "17.0.0.169" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | - | - |
Safe
|
| Adobe Search vendor "Adobe" | Flash Player Search vendor "Adobe" for product "Flash Player" | 17.0.0.188 Search vendor "Adobe" for product "Flash Player" and version "17.0.0.188" | - |
Affected
| in | Apple Search vendor "Apple" | Mac Os X Search vendor "Apple" for product "Mac Os X" | - | - |
Safe
|
| Adobe Search vendor "Adobe" | Flash Player Search vendor "Adobe" for product "Flash Player" | 17.0.0.188 Search vendor "Adobe" for product "Flash Player" and version "17.0.0.188" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | - | - |
Safe
|
| Adobe Search vendor "Adobe" | Flash Player Search vendor "Adobe" for product "Flash Player" | 18.0.0.161 Search vendor "Adobe" for product "Flash Player" and version "18.0.0.161" | - |
Affected
| in | Apple Search vendor "Apple" | Mac Os X Search vendor "Apple" for product "Mac Os X" | - | - |
Safe
|
| Adobe Search vendor "Adobe" | Flash Player Search vendor "Adobe" for product "Flash Player" | 18.0.0.161 Search vendor "Adobe" for product "Flash Player" and version "18.0.0.161" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | - | - |
Safe
|
| Adobe Search vendor "Adobe" | Flash Player Search vendor "Adobe" for product "Flash Player" | 18.0.0.194 Search vendor "Adobe" for product "Flash Player" and version "18.0.0.194" | - |
Affected
| in | Apple Search vendor "Apple" | Mac Os X Search vendor "Apple" for product "Mac Os X" | - | - |
Safe
|
| Adobe Search vendor "Adobe" | Flash Player Search vendor "Adobe" for product "Flash Player" | 18.0.0.194 Search vendor "Adobe" for product "Flash Player" and version "18.0.0.194" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | - | - |
Safe
|
| Adobe Search vendor "Adobe" | Flash Player Search vendor "Adobe" for product "Flash Player" | <= 11.2.202.468 Search vendor "Adobe" for product "Flash Player" and version " <= 11.2.202.468" | - |
Affected
| in | Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | - | - |
Safe
|