Attacker Value

Unknown

(1 user assessed)

Exploitability

Unknown

(1 user assessed)

User Interaction

CVE-2015-5123

Disclosure Date: July 14, 2015 •

CVE-2015-5123 CVSS v3 Base Score: 9.8

Exploited in the Wild

Reported by gwillcox-r7 and 1 more...
View Source Details

Description

Use-after-free vulnerability in the BitmapData class in the ActionScript 3 (AS3) implementation in Adobe Flash Player 13.x through 13.0.0.302 on Windows and OS X, 14.x through 18.0.0.203 on Windows and OS X, 11.x through 11.2.202.481 on Linux, and 12.x through 18.0.0.204 on Linux Chrome installations allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Flash content that overrides a valueOf function, as exploited in the wild in July 2015.

Add Assessment

gwillcox-r7 (579)

November 23, 2020 6:08pm UTC (4 years ago)

Technical Analysis

Reported as exploited in the wild as part of Google’s 2020 0day vulnerability spreadsheet they made available at https://docs.google.com/spreadsheets/d/1lkNJ0uQwbeC1ZTRrxdtuPLCIl7mlUreoKfSIgajnSyY/edit#gid=1869060786. Original tweet announcing this spreadsheet with the 2020 findings can be found at https://twitter.com/maddiestone/status/1329837665378725888

CVSS V3 Severity and Metrics

Data provided by the National Vulnerability Database (NVD)

Base Score:

9.8 Critical

Impact Score:

5.9

Exploitability Score:

3.9

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector (AV):

Network

Attack Complexity (AC):

Low

Privileges Required (PR):

None

User Interaction (UI):

None

Scope (S):

Unchanged

Confidentiality (C):

High

Integrity (I):

High

Availability (A):

High

Vendors

adobe,
opensuse,
redhat,
suse

Products

enterprise linux desktop 5.0,
enterprise linux desktop 6.0,
enterprise linux server 5.0,
enterprise linux server 6.0,
enterprise linux server eus 6.6,
enterprise linux workstation 5.0,
enterprise linux workstation 6.0,
evergreen 11.4,
flash player,
flash player desktop runtime,
linux enterprise desktop 11,
linux enterprise desktop 12,
linux enterprise workstation extension 12

Exploited in the Wild

Reported by:

gwillcox-r7 indicated source as Government or Industry Alert (https://www.cisa.gov/known-exploited-vulnerabilities-catalog)

Reported: November 23, 2020 6:07pm UTC (4 years ago) • Edited 2 years ago

AttackerKB Worker indicated source as Government or Industry Alert (https://www.cisa.gov/news-events/alerts/2022/04/13/cisa-adds-10-known-exploited-vulnerabilities-catalog)

Reported: November 08, 2024 8:29am UTC (2 months ago)

References

Rapid7

Unknown

CVE-2015-5123

Unknown

Unknown

None

None

Network

CVE-2015-5123

Description

Add Assessment

Technical Analysis

CVSS V3 Severity and Metrics

General Information

Vendors

Products

Exploited in the Wild

References

Canonical

Advisory

Miscellaneous

Additional Info

Technical Analysis

Unknown

CVE-2015-5123

Unknown

Unknown

None

None

Network

CVE-2015-5123

Description

Add Assessment

Technical Analysis

CVSS V3 Severity and Metrics

General Information

Vendors

Products

Exploited in the Wild

References

Canonical

Advisory

Miscellaneous

Additional Info

Technical Analysis

Quick Cookie Notification