CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
99.9%
Adobe Flash Player contains a vulnerability in the ActionScript 3 ByteArray class, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.
Do not run untrusted Flash content
To defend against this and other, as yet unknown vulnerabilities, disable Flash in your browser or enable Click-to-Play features. Adobe has also provided instructions for how to uninstall Flash on Windows and Mac platforms.
Use the Microsoft Enhanced Mitigation Experience Toolkit
561288
Filter by status: All Affected Not Affected Unknown
Filter by content: __Additional information available
__Sort by: Status Alphabetical
Expand all
Javascript is disabled. Clickhere to view vendors.
Notified: July 06, 2015 Updated: July 08, 2015
Affected
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Group | Score | Vector |
---|---|---|
Base | 7.5 | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Temporal | 7.1 | E:H/RL:W/RC:C |
Environmental | 7.1 | CDP:ND/TD:H/CR:ND/IR:ND/AR:ND |
This vulnerability was discovered by HackingTeam.
This document was written by Will Dormann.
CVE IDs: | CVE-2015-5119 |
---|---|
Date Public: | 2015-07-05 Date First Published: |
blog.trendmicro.com/trendlabs-security-intelligence/unpatched-flash-player-flaws-more-pocs-found-in-hacking-team-leak/
help.adobe.com/en_US/FlashPlatform/reference/actionscript/3/flash/utils/ByteArray.html
malware.dontneedcoffee.com/2015/07/hackingteam-flash-0d-cve-2015-xxxx-and.html
www.microsoft.com/emet
helpx.adobe.com/security/products/flash-player/apsa15-03.html
helpx.adobe.com/security/products/flash-player/apsb15-16.html
twitter.com/w3bd3vil/status/618168863708962816
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
99.9%