Lucene search

[email protected]NVD:CVE-2015-5119

HistoryJul 08, 2015 - 2:59 p.m.

CVE-2015-5119

2015-07-0814:59:05

CWE-416

[email protected]

web.nvd.nist.gov

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

7.8

Confidence

High

EPSS

0.973

Percentile

99.9%

JSON

Use-after-free vulnerability in the ByteArray class in the ActionScript 3 (AS3) implementation in Adobe Flash Player 13.x through 13.0.0.296 and 14.x through 18.0.0.194 on Windows and OS X and 11.x through 11.2.202.468 on Linux allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Flash content that overrides a valueOf function, as exploited in the wild in July 2015.

Affected configurations

Nvd

Node

adobeflash_playerRange13.0.0.182–13.0.0296

adobeflash_playerRange14.0.0.125–18.0.0.194

AND

applemac_os_xMatch-

microsoftwindowsMatch-

Node

adobeflash_playerRange≤11.2.202.468

AND

linuxlinux_kernelMatch-

Node

redhatenterprise_linux_desktopMatch5.0

redhatenterprise_linux_desktopMatch6.0

redhatenterprise_linux_eusMatch6.6

redhatenterprise_linux_serverMatch5.0

redhatenterprise_linux_serverMatch6.0

redhatenterprise_linux_server_ausMatch6.6

redhatenterprise_linux_server_from_rhuiMatch5.0

redhatenterprise_linux_server_from_rhuiMatch6.0

redhatenterprise_linux_workstationMatch5.0

redhatenterprise_linux_workstationMatch6.0

Node

opensuseevergreenMatch11.4

opensuseopensuseMatch13.1

opensuseopensuseMatch13.2

suselinux_enterprise_desktopMatch11sp3

suselinux_enterprise_desktopMatch11sp4

suselinux_enterprise_desktopMatch12-

suselinux_enterprise_workstation_extensionMatch12-

VendorProductVersionCPE
adobeflash_player*cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*
applemac_os_x-cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*
microsoftwindows-cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
linuxlinux_kernel-cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
redhatenterprise_linux_desktop5.0cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*
redhatenterprise_linux_desktop6.0cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
redhatenterprise_linux_eus6.6cpe:2.3:o:redhat:enterprise_linux_eus:6.6:*:*:*:*:*:*:*
redhatenterprise_linux_server5.0cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*
redhatenterprise_linux_server6.0cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
redhatenterprise_linux_server_aus6.6cpe:2.3:o:redhat:enterprise_linux_server_aus:6.6:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
adobe	flash_player	*	cpe:2.3:a:adobe:flash_player::::::::
apple	mac_os_x	-	cpe:2.3:o:apple:mac_os_x:-:::::::*
microsoft	windows	-	cpe:2.3:o:microsoft:windows:-:::::::*
linux	linux_kernel	-	cpe:2.3:o:linux:linux_kernel:-:::::::*
redhat	enterprise_linux_desktop	5.0	cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:::::::*
redhat	enterprise_linux_desktop	6.0	cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*
redhat	enterprise_linux_eus	6.6	cpe:2.3:o:redhat:enterprise_linux_eus:6.6:::::::*
redhat	enterprise_linux_server	5.0	cpe:2.3:o:redhat:enterprise_linux_server:5.0:::::::*
redhat	enterprise_linux_server	6.0	cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
redhat	enterprise_linux_server_aus	6.6	cpe:2.3:o:redhat:enterprise_linux_server_aus:6.6:::::::*