Use-after-free vulnerability in the DisplayObject class in the ActionScript 3 (AS3) implementation in Adobe Flash Player 13.x through 13.0.0.302 on Windows and OS X, 14.x through 18.0.0.203 on Windows and OS X, 11.x through 11.2.202.481 on Linux, and 12.x through 18.0.0.204 on Linux Chrome installations allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Flash content that leverages improper handling of the opaqueBackground property, as exploited in the wild in July 2015.
Published 2015-07-14 10:59:00
Updated 2023-05-08 13:29:02
View at NVD,   CVE.org
Vulnerability category: Memory CorruptionExecute codeDenial of service

CVE-2015-5122 is in the CISA Known Exploited Vulnerabilities Catalog

CISA vulnerability name:
Adobe Flash Player Use-After-Free Vulnerability
CISA required action:
The impacted product is end-of-life and should be disconnected if still in use.
CISA description:
Use-after-free vulnerability in the DisplayObject class in the ActionScript 3 (AS3) implementation in Adobe Flash Player allows remote attackers to execute code or cause a denial-of-service (DoS).
Added on 2022-04-13 Action due date 2022-05-04

Exploit prediction scoring system (EPSS) score for CVE-2015-5122

Probability of exploitation activity in the next 30 days: 97.31%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 100 % EPSS Score History EPSS FAQ

Metasploit modules for CVE-2015-5122

  • Adobe Flash opaqueBackground Use After Free
    Disclosure Date: 2015-07-06
    First seen: 2020-04-26
    exploit/multi/browser/adobe_flash_opaque_background_uaf
    This module exploits an use after free on Adobe Flash Player. The vulnerability, discovered by Hacking Team and made public as part of the July 2015 data leak, was described as an Use After Free while handling the opaqueBackground property 7 setter of the flash.displ

CVSS scores for CVE-2015-5122

Base Score Base Severity CVSS Vector Exploitability Score Impact Score Score Source
10.0
HIGH AV:N/AC:L/Au:N/C:C/I:C/A:C
10.0
10.0
NIST

References for CVE-2015-5122

Products affected by CVE-2015-5122

This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!