CVE-2015-5123

CVSS V2 High 10 CVSS V3 None
Description
Use-after-free vulnerability in the BitmapData class in the ActionScript 3 (AS3) implementation in Adobe Flash Player 13.x through 13.0.0.302 on Windows and OS X, 14.x through 18.0.0.203 on Windows and OS X, 11.x through 11.2.202.481 on Linux, and 12.x through 18.0.0.204 on Linux Chrome installations allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Flash content that overrides a valueOf function, as exploited in the wild in July 2015.
Overview
  • CVE ID
  • CVE-2015-5123
  • Assigner
  • psirt@adobe.com
  • Vulnerability Status
  • Modified
  • Published Version
  • 2015-07-14T10:59:01
  • Last Modified Date
  • 2021-09-08T17:19:26
Weakness Enumerations
CWE URL
CWE-416 http://cwe.mitre.org/data/definitions/416.html
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
AND
cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:redhat:enterprise_linux_server_eus:6.6:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:* 1 OR
AND
cpe:2.3:o:opensuse:evergreen:11.4:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:suse:linux_enterprise_desktop:11:sp3:*:*:*:*:*:* 1 OR
cpe:2.3:o:suse:linux_enterprise_desktop:11:sp4:*:*:*:*:*:* 1 OR
cpe:2.3:o:suse:linux_enterprise_desktop:12:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:suse:linux_enterprise_workstation_extension:12:*:*:*:*:*:*:* 1 OR
AND
cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:* 1 OR 11.0 11.2.202.481
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:a:adobe:flash_player:*:*:*:*:esr:*:*:* 1 OR 13.0 13.0.0.302
cpe:2.3:a:adobe:flash_player:*:*:*:*:chrome:*:*:* 1 OR 18.0 18.0.0.203
cpe:2.3:a:adobe:flash_player_desktop_runtime:*:*:*:*:*:*:*:* 1 OR 18.0 18.0.0.203
cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:* 0 OR
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:* 0 OR
CVSS Version 2
  • Version
  • 2.0
  • Vector String
  • AV:N/AC:L/Au:N/C:C/I:C/A:C
  • Access Vector
  • NETWORK
  • Access Compatibility
  • LOW
  • Authentication
  • NONE
  • Confidentiality Impact
  • COMPLETE
  • Integrity Impact
  • COMPLETE
  • Availability Impact
  • COMPLETE
  • Base Score
  • 10
  • Severity
  • HIGH
  • Exploitability Score
  • 10
  • Impact Score
  • 10
References
Reference URL Reference Tags
http://www.kb.cert.org/vuls/id/918568 Third Party Advisory US Government Resource
https://helpx.adobe.com/security/products/flash-player/apsa15-04.html Vendor Advisory
http://blog.trendmicro.com/trendlabs-security-intelligence/new-zero-day-vulnerability-cve-2015-5123-in-adobe-flash-emerges-from-hacking-team-leak/ Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2015-1235.html Third Party Advisory
https://helpx.adobe.com/security/products/flash-player/apsb15-18.html Vendor Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00032.html Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00029.html Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00028.html Mailing List Third Party Advisory
http://www.us-cert.gov/ncas/alerts/TA15-195A Third Party Advisory US Government Resource
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04796784 Third Party Advisory
http://marc.info/?l=bugtraq&m=144050155601375&w=2 Mailing List Third Party Advisory
http://www.securityfocus.com/bid/75710 Third Party Advisory VDB Entry
https://security.gentoo.org/glsa/201508-01 Third Party Advisory
http://www.securitytracker.com/id/1032890 Third Party Advisory VDB Entry
Sources
Source Name Source URL
NIST https://nvd.nist.gov/vuln/detail/CVE-2015-5123
MITRE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5123
History
Created Old Value New Value Data Type Notes
2022-05-10 16:07:36 Added to TrackCVE
2022-12-02 05:26:40 2015-07-14T10:59Z 2015-07-14T10:59:01 CVE Published Date updated
2022-12-02 05:26:40 2021-09-08T17:19:26 CVE Modified Date updated
2022-12-02 05:26:40 Modified Vulnerability Status updated