Overview
Adobe Flash Player contains a vulnerability in the ActionScript 3 ByteArray class, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.
Description
Adobe Flash Player versions 9.0 through version 18.0.0.194 contain a use-after-free vulnerability in the AS3 ByteArray class. This can allow attacker-controlled memory corruption. Exploit code for this vulnerability is publicly available. |
Impact
An attacker can execute arbitrary code in the context of the user running Flash Player. Attacks typically involve enticing a user to visit a web site containing specially-crafted Flash content, or to open a specially-crafted Microsoft Office document. |
Solution
Apply an update This issue is addressed in Flash Player Desktop 18.0.0.203. Please see Adobe Security Bulletin APSB15-16 for more details and fix versions for other platforms. |
Do not run untrusted Flash content |
Vendor Information
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | 7.5 | AV:N/AC:L/Au:N/C:P/I:P/A:P |
| Temporal | 7.1 | E:H/RL:W/RC:C |
| Environmental | 7.1 | CDP:ND/TD:H/CR:ND/IR:ND/AR:ND |
References
- https://helpx.adobe.com/security/products/flash-player/apsb15-16.html
- https://helpx.adobe.com/security/products/flash-player/apsa15-03.html
- https://twitter.com/w3bd3vil/status/618168863708962816
- http://malware.dontneedcoffee.com/2015/07/hackingteam-flash-0d-cve-2015-xxxx-and.html
- http://help.adobe.com/en_US/FlashPlatform/reference/actionscript/3/flash/utils/ByteArray.html
- http://blog.trendmicro.com/trendlabs-security-intelligence/unpatched-flash-player-flaws-more-pocs-found-in-hacking-team-leak/
- http://www.microsoft.com/emet
Acknowledgements
This vulnerability was discovered by HackingTeam.
This document was written by Will Dormann.
Other Information
| CVE IDs: | CVE-2015-5119 |
| Date Public: | 2015-07-05 |
| Date First Published: | 2015-07-07 |
| Date Last Updated: | 2015-07-11 18:39 UTC |
| Document Revision: | 38 |