CVE-2015-5122

Use-after-free vulnerability in the DisplayObject class in the ActionScript 3 (AS3) implementation in Adobe Flash Player 13.x through 13.0.0.302 on Windows and OS X, 14.x through 18.0.0.203 on Windows and OS X, 11.x through 11.2.202.481 on Linux, and 12.x through 18.0.0.204 on Linux Chrome installations allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Flash content that leverages improper handling of the opaqueBackground property, as exploited in the wild in July 2015.
References
Link Resource
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00028.html Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00029.html Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00032.html Mailing List Third Party Advisory
http://marc.info/?l=bugtraq&m=144050155601375&w=2 Mailing List Third Party Advisory
http://packetstormsecurity.com/files/132663/Adobe-Flash-opaqueBackground-Use-After-Free.html Third Party Advisory VDB Entry
http://rhn.redhat.com/errata/RHSA-2015-1235.html Third Party Advisory
http://www.kb.cert.org/vuls/id/338736 Third Party Advisory US Government Resource
http://www.rapid7.com/db/modules/exploit/multi/browser/adobe_flash_opaque_background_uaf Third Party Advisory
http://www.securityfocus.com/bid/75712 Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1032890 Third Party Advisory VDB Entry
http://www.us-cert.gov/ncas/alerts/TA15-195A Third Party Advisory US Government Resource
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04796784 Third Party Advisory
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04952467 Third Party Advisory
https://helpx.adobe.com/security/products/flash-player/apsa15-04.html Vendor Advisory
https://helpx.adobe.com/security/products/flash-player/apsb15-18.html Vendor Advisory
https://perception-point.io/2018/04/11/breaking-cfi-cve-2015-5122-coop/ Third Party Advisory
https://perception-point.io/new/breaking-cfi.php Third Party Advisory
https://security.gentoo.org/glsa/201508-01 Third Party Advisory
https://www.exploit-db.com/exploits/37599/ Third Party Advisory VDB Entry
https://www.fireeye.com/blog/threat-research/2015/07/cve-2015-5122_-_seco.html Third Party Advisory
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:a:adobe:flash_player:*:*:*:*:esr:*:*:*
cpe:2.3:a:adobe:flash_player:*:*:*:*:*:chrome:*:*
cpe:2.3:a:adobe:flash_player_desktop_runtime:*:*:*:*:*:*:*:*
OR cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:a:adobe:flash_player:*:*:*:*:*:chrome:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
OR cpe:2.3:a:adobe:flash_player:*:*:*:*:*:internet_explorer_10:*:*
cpe:2.3:a:adobe:flash_player:*:*:*:*:*:internet_explorer_11:*:*
OR cpe:2.3:o:microsoft:windows_8:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*

Configuration 5 (hide)

OR cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_eus:6.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*

Configuration 6 (hide)

OR cpe:2.3:o:opensuse:evergreen:11.4:*:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_desktop:11:sp3:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_desktop:11:sp4:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_desktop:12:*:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_workstation_extension:12:*:*:*:*:*:*:*

History

08 May 2023, 13:29

Type Values Removed Values Added
First Time Microsoft windows 8
CPE cpe:2.3:o:microsoft:windows_8.0:-:*:*:*:*:*:*:* cpe:2.3:o:microsoft:windows_8:-:*:*:*:*:*:*:*

08 Sep 2021, 17:19

Type Values Removed Values Added
CPE cpe:2.3:o:apple:mac_os:-:*:*:*:*:*:*:* cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*

Information

Published : 2015-07-14 10:59

Updated : 2023-12-10 11:46


NVD link : CVE-2015-5122

Mitre link : CVE-2015-5122

CVE.ORG link : CVE-2015-5122


JSON object : View

Products Affected

adobe

  • flash_player
  • flash_player_desktop_runtime

redhat

  • enterprise_linux_desktop
  • enterprise_linux_server_eus
  • enterprise_linux_workstation
  • enterprise_linux_server

opensuse

  • evergreen

suse

  • linux_enterprise_workstation_extension
  • linux_enterprise_desktop

microsoft

  • windows_8
  • windows
  • windows_8.1

linux

  • linux_kernel

apple

  • macos