CVE-2015-5123
critical-risk
Published 2015-07-14
Use-after-free vulnerability in the BitmapData class in the ActionScript 3 (AS3) implementation in Adobe Flash Player 13.x through 13.0.0.302 on Windows and OS X, 14.x through 18.0.0.203 on Windows and OS X, 11.x through 11.2.202.481 on Linux, and 12.x through 18.0.0.204 on Linux Chrome installations allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Flash content that overrides a valueOf function, as exploited in the wild in July 2015.
Do I need to act?
!
47.6% chance of exploitation in next 30 days
EPSS score — higher than 52% of all CVEs
!
CISA KEV: actively exploited in the wild
On the Known Exploited Vulnerabilities catalog — federal agencies must patch
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.8/10
Critical
NETWORK
/ LOW complexity
Affected Products (16)
References (30)
Mailing List
http://marc.info/?l=bugtraq&m=144050155601375&w=2
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2015-1235.html
Third Party Advisory
http://www.kb.cert.org/vuls/id/918568
Broken Link
http://www.securityfocus.com/bid/75710
Broken Link
http://www.securitytracker.com/id/1032890
Third Party Advisory
http://www.us-cert.gov/ncas/alerts/TA15-195A
Third Party Advisory
https://security.gentoo.org/glsa/201508-01
Mailing List
http://marc.info/?l=bugtraq&m=144050155601375&w=2
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2015-1235.html
and 10 more references
74
/ 100
critical-risk
Severity
32/34 · Critical
Exploitability
24/34 · High
Exposure
18/34 · Moderate