CVE-2015-5123
CRITICAL KEVRedhat Enterprise Linux Desktop < 11.2.202.481 - Use After Free
Title source: ruleExploitation Summary
CVE-2015-5123 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added April 13, 2022.
Description
Use-after-free vulnerability in the BitmapData class in the ActionScript 3 (AS3) implementation in Adobe Flash Player 13.x through 13.0.0.302 on Windows and OS X, 14.x through 18.0.0.203 on Windows and OS X, 11.x through 11.2.202.481 on Linux, and 12.x through 18.0.0.204 on Linux Chrome installations allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Flash content that overrides a valueOf function, as exploited in the wild in July 2015.
References (16)
Core 16
Core References
Broken Link, Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1032890
Mailing List, Third Party Advisory vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00028.html
Broken Link, Third Party Advisory x_refsource_misc
http://blog.trendmicro.com/trendlabs-security-intelligence/new-zero-day-vulnerability-cve-2015-5123-in-adobe-flash-emerges-from-hacking-team-leak/
Mailing List, Third Party Advisory vendor-advisory
x_refsource_hp
http://marc.info/?l=bugtraq&m=144050155601375&w=2
Third Party Advisory, US Government Resource third-party-advisory
x_refsource_cert
http://www.us-cert.gov/ncas/alerts/TA15-195A
Broken Link, Vendor Advisory x_refsource_confirm
https://helpx.adobe.com/security/products/flash-player/apsb15-18.html
Third Party Advisory, US Government Resource third-party-advisory
x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/918568
Mailing List, Third Party Advisory vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00029.html
Third Party Advisory vendor-advisory
x_refsource_gentoo
https://security.gentoo.org/glsa/201508-01
Broken Link, Third Party Advisory vendor-advisory
x_refsource_hp
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04796784
Third Party Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2015-1235.html
Broken Link, Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/75710
Mailing List, Third Party Advisory vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00032.html
Broken Link, Vendor Advisory x_refsource_confirm
https://helpx.adobe.com/security/products/flash-player/apsa15-04.html
Third Party Advisory, US Government Resource
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2015-5123
Issue Tracking
https://github.com/cisagov/vulnrichment/issues/196
Scores
CVSS v3
9.8
EPSS
0.4100
EPSS Percentile
97.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
active
Automatable
no
Technical Impact
total
Details
CISA KEV
2022-04-13
VulnCheck KEV
2015-07-05
InTheWild.io
2015-07-05
ENISA EUVD
EUVD-2015-5138
CWE
CWE-416
Status
published
Products (15)
adobe/flash_player
11.0 - 11.2.202.481
adobe/flash_player
13.0 - 13.0.0.302
adobe/flash_player
18.0 - 18.0.0.203
adobe/flash_player_desktop_runtime
18.0 - 18.0.0.203
opensuse/evergreen
11.4
redhat/enterprise_linux_desktop
5.0
redhat/enterprise_linux_desktop
6.0
redhat/enterprise_linux_server
5.0
redhat/enterprise_linux_server
6.0
redhat/enterprise_linux_server_eus
6.6
... and 5 more
Published
Jul 14, 2015
KEV Added
Apr 13, 2022
Tracked Since
Feb 18, 2026