Vulnerability Description
Use-after-free vulnerability in the BitmapData class in the ActionScript 3 (AS3) implementation in Adobe Flash Player 13.x through 13.0.0.302 on Windows and OS X, 14.x through 18.0.0.203 on Windows and OS X, 11.x through 11.2.202.481 on Linux, and 12.x through 18.0.0.204 on Linux Chrome installations allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Flash content that overrides a valueOf function, as exploited in the wild in July 2015.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Redhat | Enterprise Linux Desktop | 5.0 |
| Redhat | Enterprise Linux Server | 5.0 |
| Redhat | Enterprise Linux Server Eus | 6.6 |
| Redhat | Enterprise Linux Workstation | 5.0 |
| Opensuse | Evergreen | 11.4 |
| Suse | Linux Enterprise Desktop | 11 |
| Suse | Linux Enterprise Workstation Extension | 12 |
| Adobe | Flash Player | >= 11.0, <= 11.2.202.481 |
| Linux | Linux Kernel | - |
| Adobe | Flash Player Desktop Runtime | >= 18.0, <= 18.0.0.203 |
| Apple | Macos | - |
| Microsoft | Windows | - |
Related Weaknesses (CWE)
References
- http://blog.trendmicro.com/trendlabs-security-intelligence/new-zero-day-vulnerabBroken LinkThird Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00028.htmlMailing ListThird Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00029.htmlMailing ListThird Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00032.htmlMailing ListThird Party Advisory
- http://marc.info/?l=bugtraq&m=144050155601375&w=2Mailing ListThird Party Advisory
- http://rhn.redhat.com/errata/RHSA-2015-1235.htmlThird Party Advisory
- http://www.kb.cert.org/vuls/id/918568Third Party AdvisoryUS Government Resource
- http://www.securityfocus.com/bid/75710Broken LinkThird Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1032890Broken LinkThird Party AdvisoryVDB Entry
- http://www.us-cert.gov/ncas/alerts/TA15-195AThird Party AdvisoryUS Government Resource
- https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c0Broken LinkThird Party Advisory
- https://helpx.adobe.com/security/products/flash-player/apsa15-04.htmlBroken LinkVendor Advisory
- https://helpx.adobe.com/security/products/flash-player/apsb15-18.htmlBroken LinkVendor Advisory
- https://security.gentoo.org/glsa/201508-01Third Party Advisory
- http://blog.trendmicro.com/trendlabs-security-intelligence/new-zero-day-vulnerabBroken LinkThird Party Advisory
FAQ
What is CVE-2015-5123?
CVE-2015-5123 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Use-after-free vulnerability in the BitmapData class in the ActionScript 3 (AS3) implementation in Adobe Flash Player 13.x through 13.0.0.302 on Windows and OS X, 14.x through 18.0.0.203 on Windows an...
How severe is CVE-2015-5123?
CVE-2015-5123 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2015-5123?
Check the references section above for vendor advisories and patch information. Affected products include: Redhat Enterprise Linux Desktop, Redhat Enterprise Linux Server, Redhat Enterprise Linux Server Eus, Redhat Enterprise Linux Workstation, Opensuse Evergreen.