Vulnerabilities > CVE-2015-5119 - Use After Free vulnerability in multiple products

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

critical

nessus

exploit available

metasploit

NVD

Published: 2015-07-08

Updated: 2024-07-16

Summary

Use-after-free vulnerability in the ByteArray class in the ActionScript 3 (AS3) implementation in Adobe Flash Player 13.x through 13.0.0.296 and 14.x through 18.0.0.194 on Windows and OS X and 11.x through 11.2.202.468 on Linux allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Flash content that overrides a valueOf function, as exploited in the wild in July 2015.

Vulnerable Configurations

Part	Description	Count
Application	Adobe Adobe Flash Player 13.0.0.182 Adobe Flash Player 13.0.0.201 Adobe Flash Player 13.0.0.206 Adobe Flash Player 13.0.0.214 Adobe Flash Player 13.0.0.223 Adobe Flash Player 13.0.0.231 Adobe Flash Player 13.0.0.241 Adobe Flash Player 13.0.0.244 Adobe Flash Player 13.0.0.250 Adobe Flash Player 13.0.0.252 Adobe Flash Player 13.0.0.258 Adobe Flash Player 13.0.0.259 Adobe Flash Player 13.0.0.260 Adobe Flash Player 13.0.0.262 Adobe Flash Player 13.0.0.264 Adobe Flash Player 13.0.0.269 Adobe Flash Player 13.0.0.277 Adobe Flash Player 13.0.0.281 Adobe Flash Player 13.0.0.289 Adobe Flash Player 13.0.0.292 Adobe Flash Player 13.0.0.296 Adobe Flash Player 13.0.0.302 Adobe Flash Player 13.0.0.309 Adobe Flash Player 14.0.0.125 Adobe Flash Player 14.0.0.145 Adobe Flash Player 14.0.0.176 Adobe Flash Player 14.0.0.179 Adobe Flash Player 15.0.0.152 Adobe Flash Player 15.0.0.167 Adobe Flash Player 15.0.0.189 Adobe Flash Player 15.0.0.223 Adobe Flash Player 15.0.0.239 Adobe Flash Player 15.0.0.246 Adobe Flash Player 16.0.0.234 Adobe Flash Player 16.0.0.235 Adobe Flash Player 16.0.0.257 Adobe Flash Player 16.0.0.287 Adobe Flash Player 16.0.0.296 Adobe Flash Player 16.0.0.305 Adobe Flash Player 17.0.0.134 Adobe Flash Player 17.0.0.169 Adobe Flash Player 17.0.0.188 Adobe Flash Player 17.0.0.190 Adobe Flash Player 17.0.0.191 Adobe Flash Player 18.0 Adobe Flash Player 18.0.0.160 Adobe Flash Player 18.0.0.161 Adobe Flash Player 18.0.0.194 Adobe Flash Player - Adobe Flash Player 2 Adobe Flash Player 3 Adobe Flash Player 4 Adobe Flash Player 5 Adobe Flash Player 6 Adobe Flash Player 6.0.21.0 Adobe Flash Player 6.0.79 Adobe Flash Player 7 Adobe Flash Player 7.0 Adobe Flash Player 7.0.1 Adobe Flash Player 7.0.14.0 Adobe Flash Player 7.0.19.0 Adobe Flash Player 7.0.24.0 Adobe Flash Player 7.0.25 Adobe Flash Player 7.0.53.0 Adobe Flash Player 7.0.60.0 Adobe Flash Player 7.0.61.0 Adobe Flash Player 7.0.63 Adobe Flash Player 7.0.66.0 Adobe Flash Player 7.0.67.0 Adobe Flash Player 7.0.68.0 Adobe Flash Player 7.0.69.0 Adobe Flash Player 7.0.70.0 Adobe Flash Player 7.0.73.0 Adobe Flash Player 7.1 Adobe Flash Player 7.1.1 Adobe Flash Player 7.2 Adobe Flash Player 8 Adobe Flash Player 8.0 Adobe Flash Player 8.0.22.0 Adobe Flash Player 8.0.24.0 Adobe Flash Player 8.0.33.0 Adobe Flash Player 8.0.34.0 Adobe Flash Player 8.0.35.0 Adobe Flash Player 8.0.39.0 Adobe Flash Player 8.0.42.0 Adobe Flash Player 9 Adobe Flash Player 9.0 Adobe Flash Player 9.0.8.0 Adobe Flash Player 9.0.9.0 Adobe Flash Player 9.0.16 Adobe Flash Player 9.0.16.0 Adobe Flash Player 9.0.18D60 Adobe Flash Player 9.0.20 Adobe Flash Player 9.0.20.0 Adobe Flash Player 9.0.28 Adobe Flash Player 9.0.28.0 Adobe Flash Player 9.0.31 Adobe Flash Player 9.0.31.0 Adobe Flash Player 9.0.45.0 Adobe Flash Player 9.0.47.0 Adobe Flash Player 9.0.48.0 Adobe Flash Player 9.0.112.0 Adobe Flash Player 9.0.114.0 Adobe Flash Player 9.0.115.0 Adobe Flash Player 9.0.124.0 Adobe Flash Player 9.0.125.0 Adobe Flash Player 9.0.151.0 Adobe Flash Player 9.0.152.0 Adobe Flash Player 9.0.155.0 Adobe Flash Player 9.0.159.0 Adobe Flash Player 9.0.246.0 Adobe Flash Player 9.0.260.0 Adobe Flash Player 9.0.262.0 Adobe Flash Player 9.0.277.0 Adobe Flash Player 9.0.280 Adobe Flash Player 9.0.283.0 Adobe Flash Player 9.0.289.0 Adobe Flash Player 9.125.0 Adobe Flash Player 10 Adobe Flash Player 10.0.0.584 Adobe Flash Player 10.0.2.54 Adobe Flash Player 10.0.12.10 Adobe Flash Player 10.0.12.36 Adobe Flash Player 10.0.15.3 Adobe Flash Player 10.0.22.87 Adobe Flash Player 10.0.32.18 Adobe Flash Player 10.0.42.34 Adobe Flash Player 10.0.45.2 Adobe Flash Player 10.1 Adobe Flash Player 10.1.52.14 Adobe Flash Player 10.1.52.14.1 Adobe Flash Player 10.1.52.15 Adobe Flash Player 10.1.53.64 Adobe Flash Player 10.1.82.76 Adobe Flash Player 10.1.85.3 Adobe Flash Player 10.1.92.8 Adobe Flash Player 10.1.92.10 Adobe Flash Player 10.1.95.1 Adobe Flash Player 10.1.95.2 Adobe Flash Player 10.1.102.64 Adobe Flash Player 10.1.105.6 Adobe Flash Player 10.1.106.16 Adobe Flash Player 10.1.106.17 Adobe Flash Player 10.2.152 Adobe Flash Player 10.2.152.26 Adobe Flash Player 10.2.152.32 Adobe Flash Player 10.2.152.33 Adobe Flash Player 10.2.153.1 Adobe Flash Player 10.2.154.13 Adobe Flash Player 10.2.154.25 Adobe Flash Player 10.2.154.27 Adobe Flash Player 10.2.156.12 Adobe Flash Player 10.2.157.51 Adobe Flash Player 10.2.159.1 Adobe Flash Player 10.3 Adobe Flash Player 10.3.181.14 Adobe Flash Player 10.3.181.16 Adobe Flash Player 10.3.181.22 Adobe Flash Player 10.3.181.23 Adobe Flash Player 10.3.181.26 Adobe Flash Player 10.3.181.34 Adobe Flash Player 10.3.183.5 Adobe Flash Player 10.3.183.7 Adobe Flash Player 10.3.183.10 Adobe Flash Player 10.3.183.11 Adobe Flash Player 10.3.183.15 Adobe Flash Player 10.3.183.16 Adobe Flash Player 10.3.183.18 Adobe Flash Player 10.3.183.19 Adobe Flash Player 10.3.183.20 Adobe Flash Player 10.3.183.23 Adobe Flash Player 10.3.183.25 Adobe Flash Player 10.3.183.29 Adobe Flash Player 10.3.183.43 Adobe Flash Player 10.3.183.48 Adobe Flash Player 10.3.183.50 Adobe Flash Player 10.3.183.51 Adobe Flash Player 10.3.183.61 Adobe Flash Player 10.3.183.63 Adobe Flash Player 10.3.183.67 Adobe Flash Player 10.3.183.68 Adobe Flash Player 10.3.183.75 Adobe Flash Player 10.3.183.86 Adobe Flash Player 10.3.183.90 Adobe Flash Player 10.3.185.22 Adobe Flash Player 10.3.185.24 Adobe Flash Player 10.3.186.3 Adobe Flash Player 10.3.186.6 Adobe Flash Player 10.3.186.7 Adobe Flash Player 11.0 Adobe Flash Player 11.0.1.152 Adobe Flash Player 11.0.1.153 Adobe Flash Player 11.1 Adobe Flash Player 11.1.102.55 Adobe Flash Player 11.1.102.59 Adobe Flash Player 11.1.102.62 Adobe Flash Player 11.1.102.63 Adobe Flash Player 11.1.111.8 Adobe Flash Player 11.1.111.9 Adobe Flash Player 11.1.111.13 Adobe Flash Player 11.1.111.44 Adobe Flash Player 11.1.111.50 Adobe Flash Player 11.1.111.54 Adobe Flash Player 11.1.111.64 Adobe Flash Player 11.1.111.73 Adobe Flash Player 11.1.115.7 Adobe Flash Player 11.1.115.8 Adobe Flash Player 11.1.115.34 Adobe Flash Player 11.1.115.48 Adobe Flash Player 11.1.115.54 Adobe Flash Player 11.1.115.58 Adobe Flash Player 11.1.115.59 Adobe Flash Player 11.1.115.63 Adobe Flash Player 11.1.115.69 Adobe Flash Player 11.1.115.81 Adobe Flash Player 11.2.202.223 Adobe Flash Player 11.2.202.228 Adobe Flash Player 11.2.202.229 Adobe Flash Player 11.2.202.233 Adobe Flash Player 11.2.202.235 Adobe Flash Player 11.2.202.236 Adobe Flash Player 11.2.202.238 Adobe Flash Player 11.2.202.243 Adobe Flash Player 11.2.202.251 Adobe Flash Player 11.2.202.258 Adobe Flash Player 11.2.202.261 Adobe Flash Player 11.2.202.262 Adobe Flash Player 11.2.202.270 Adobe Flash Player 11.2.202.273 Adobe Flash Player 11.2.202.275 Adobe Flash Player 11.2.202.280 Adobe Flash Player 11.2.202.285 Adobe Flash Player 11.2.202.291 Adobe Flash Player 11.2.202.297 Adobe Flash Player 11.2.202.310 Adobe Flash Player 11.2.202.327 Adobe Flash Player 11.2.202.332 Adobe Flash Player 11.2.202.335 Adobe Flash Player 11.2.202.336 Adobe Flash Player 11.2.202.341 Adobe Flash Player 11.2.202.346 Adobe Flash Player 11.2.202.350 Adobe Flash Player 11.2.202.356 Adobe Flash Player 11.2.202.359 Adobe Flash Player 11.2.202.378 Adobe Flash Player 11.2.202.394 Adobe Flash Player 11.2.202.400 Adobe Flash Player 11.2.202.406 Adobe Flash Player 11.2.202.411 Adobe Flash Player 11.2.202.418 Adobe Flash Player 11.2.202.424 Adobe Flash Player 11.2.202.425 Adobe Flash Player 11.2.202.429 Adobe Flash Player 11.2.202.438 Adobe Flash Player 11.2.202.440 Adobe Flash Player 11.2.202.442 Adobe Flash Player 11.2.202.451 Adobe Flash Player 11.2.202.457 Adobe Flash Player 11.2.202.460 Adobe Flash Player 11.2.202.466 Adobe Flash Player 11.2.202.468	271
OS	Apple Apple MAC OS X -	1
OS	Microsoft Microsoft Windows -	1
OS	Linux Linux Linux Kernel -	1
OS	Redhat Redhat Enterprise Linux Server 5.0 Redhat Enterprise Linux Server 6.0 Redhat Enterprise Linux Workstation 5.0 Redhat Enterprise Linux Workstation 6.0 Redhat Enterprise Linux Server AUS 6.6 Redhat Enterprise Linux Desktop 6.0 Redhat Enterprise Linux Desktop 5.0 Redhat Enterprise Linux EUS 6.6 Redhat Enterprise Linux Server From Rhui 6.0 Redhat Enterprise Linux Server From Rhui 5.0	10
OS	Suse Suse Linux Enterprise Desktop 11 Suse Linux Enterprise Desktop 12 Suse Linux Enterprise Workstation Extension 12	4
OS	Opensuse Opensuse Evergreen 11.4 Opensuse Opensuse 13.1 Opensuse Opensuse 13.2	3

Common Weakness Enumeration (CWE)

CWE-416 - Use After Free

Exploit-Db

description	Adobe Flash Player ByteArray Use After Free. CVE-2015-5119. Remote exploits for multiple platform
id	EDB-ID:37523
last seen	2016-02-04
modified	2015-07-08
published	2015-07-08
reporter	metasploit
source	https://www.exploit-db.com/download/37523/
title	Adobe Flash Player ByteArray Use After Free

Metasploit

description	This module exploits an use after free on Adobe Flash Player. The vulnerability, discovered by Hacking Team and made public as part of the July 2015 data leak, was described as an Use After Free while handling ByteArray objects. This module has been tested successfully on: Windows 7 SP1 (32-bit), IE11 and Adobe Flash 18.0.0.194, Windows 7 SP1 (32-bit), Firefox 38.0.5 and Adobe Flash 18.0.0.194, Windows 8.1 (32-bit), IE11 and Adobe Flash 18.0.0.194, Windows 8.1 (32-bit), Firefox and Adobe Flash 18.0.0.194, and Linux Mint "Rebecca" (32 bits), Firefox 33.0 and Adobe Flash 11.2.202.468.
id	MSF:EXPLOIT/MULTI/BROWSER/ADOBE_FLASH_HACKING_TEAM_UAF
last seen	2020-06-04
modified	2018-08-27
published	2015-07-07
references	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5119 https://helpx.adobe.com/security/products/flash-player/apsa15-03.html http://blog.trendmicro.com/trendlabs-security-intelligence/unpatched-flash-player-flaws-more-pocs-found-in-hacking-team-leak/ https://twitter.com/w3bd3vil/status/618168863708962816
reporter	Rapid7
source	https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/multi/browser/adobe_flash_hacking_team_uaf.rb
title	Adobe Flash Player ByteArray Use After Free

Nessus

NASL family	Windows
NASL id	GOOGLE_CHROME_43_0_2357_132.NASL
description	The version of Google Chrome installed on the remote Windows host is prior to 43.0.2357.132. It is, therefore, affected by multiple vulnerabilities in the bundled version of Adobe Flash : - An information disclosure vulnerability exists that allows an attacker to guess the address for the Flash heap. (CVE-2015-3097) - Multiple heap-based buffer overflow vulnerabilities exist that allow arbitrary code execution. (CVE-2015-3135, CVE-2015-4432, CVE-2015-5118) - Multiple memory corruption vulnerabilities exist that allow arbitrary code execution. (CVE-2015-3117, CVE-2015-3123, CVE-2015-3130, CVE-2015-3133, CVE-2015-3134, CVE-2015-4431) - Multiple NULL pointer dereference flaws exist. (CVE-2015-3126, CVE-2015-4429) - A security bypass vulnerability exists that results in an information disclosure. (CVE-2015-3114) - Multiple type confusion vulnerabilities exist that allow arbitrary code execution. (CVE-2015-3119, CVE-2015-3120, CVE-2015-3121, CVE-2015-3122, CVE-2015-4433) - Multiple use-after-free errors exist that allow arbitrary code execution. (CVE-2015-3118, CVE-2015-3124, CVE-2015-5117, CVE-2015-3127, CVE-2015-3128, CVE-2015-3129, CVE-2015-3131, CVE-2015-3132, CVE-2015-3136, CVE-2015-3137, CVE-2015-4428, CVE-2015-4430, CVE-2015-5119) - Multiple same-origin policy bypass vulnerabilities exist that allow information disclosure. (CVE-2014-0578, CVE-2015-3115, CVE-2015-3116, CVE-2015-3125, CVE-2015-5116) - A memory corruption issue exists due to improper validation of user-supplied input. An attacker can exploit this to execute arbitrary code. (CVE-2015-5124) Note that Nessus has not tested for these issues but has instead relied only on the application
last seen	2020-06-01
modified	2020-06-02
plugin id	84667
published	2015-07-10
reporter	This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/84667
title	Google Chrome < 43.0.2357.132 Multiple Vulnerabilities
code	# # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(84667); script_version("1.12"); script_cvs_date("Date: 2019/11/22"); script_cve_id( "CVE-2014-0578", "CVE-2015-3097", "CVE-2015-3114", "CVE-2015-3115", "CVE-2015-3116", "CVE-2015-3117", "CVE-2015-3118", "CVE-2015-3119", "CVE-2015-3120", "CVE-2015-3121", "CVE-2015-3122", "CVE-2015-3123", "CVE-2015-3124", "CVE-2015-3125", "CVE-2015-3126", "CVE-2015-3127", "CVE-2015-3128", "CVE-2015-3129", "CVE-2015-3130", "CVE-2015-3131", "CVE-2015-3132", "CVE-2015-3133", "CVE-2015-3134", "CVE-2015-3135", "CVE-2015-3136", "CVE-2015-3137", "CVE-2015-4428", "CVE-2015-4429", "CVE-2015-4430", "CVE-2015-4431", "CVE-2015-4432", "CVE-2015-4433", "CVE-2015-5116", "CVE-2015-5117", "CVE-2015-5118", "CVE-2015-5119", "CVE-2015-5124" ); script_bugtraq_id( 75090, 75568, 75590, 75591, 75592, 75593, 75594, 75595, 75596 ); script_name(english:"Google Chrome < 43.0.2357.132 Multiple Vulnerabilities"); script_summary(english:"Checks the version number of Google Chrome."); script_set_attribute(attribute:"synopsis", value: "The remote Windows host contains a web browser that is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "The version of Google Chrome installed on the remote Windows host is prior to 43.0.2357.132. It is, therefore, affected by multiple vulnerabilities in the bundled version of Adobe Flash : - An information disclosure vulnerability exists that allows an attacker to guess the address for the Flash heap. (CVE-2015-3097) - Multiple heap-based buffer overflow vulnerabilities exist that allow arbitrary code execution. (CVE-2015-3135, CVE-2015-4432, CVE-2015-5118) - Multiple memory corruption vulnerabilities exist that allow arbitrary code execution. (CVE-2015-3117, CVE-2015-3123, CVE-2015-3130, CVE-2015-3133, CVE-2015-3134, CVE-2015-4431) - Multiple NULL pointer dereference flaws exist. (CVE-2015-3126, CVE-2015-4429) - A security bypass vulnerability exists that results in an information disclosure. (CVE-2015-3114) - Multiple type confusion vulnerabilities exist that allow arbitrary code execution. (CVE-2015-3119, CVE-2015-3120, CVE-2015-3121, CVE-2015-3122, CVE-2015-4433) - Multiple use-after-free errors exist that allow arbitrary code execution. (CVE-2015-3118, CVE-2015-3124, CVE-2015-5117, CVE-2015-3127, CVE-2015-3128, CVE-2015-3129, CVE-2015-3131, CVE-2015-3132, CVE-2015-3136, CVE-2015-3137, CVE-2015-4428, CVE-2015-4430, CVE-2015-5119) - Multiple same-origin policy bypass vulnerabilities exist that allow information disclosure. (CVE-2014-0578, CVE-2015-3115, CVE-2015-3116, CVE-2015-3125, CVE-2015-5116) - A memory corruption issue exists due to improper validation of user-supplied input. An attacker can exploit this to execute arbitrary code. (CVE-2015-5124) Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number."); # http://googlechromereleases.blogspot.ca/2015/07/stable-channel-update.html script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?e87f6dbb"); script_set_attribute(attribute:"see_also", value:"https://helpx.adobe.com/security/products/flash-player/apsb15-16.html"); script_set_attribute(attribute:"solution", value: "Upgrade to Google Chrome 43.0.2357.132 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2015-5124"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'Adobe Flash Player ByteArray Use After Free'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"exploit_framework_canvas", value:"true"); script_set_attribute(attribute:"canvas_package", value:'CANVAS'); script_set_attribute(attribute:"vuln_publication_date", value:"2015/07/07"); script_set_attribute(attribute:"patch_publication_date", value:"2015/07/07"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/07/10"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:google:chrome"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Windows"); script_copyright(english:"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("google_chrome_installed.nasl"); script_require_keys("SMB/Google_Chrome/Installed"); exit(0); } include("google_chrome_version.inc"); get_kb_item_or_exit("SMB/Google_Chrome/Installed"); installs = get_kb_list("SMB/Google_Chrome/*"); google_chrome_check_version(installs:installs, fix:'43.0.2357.132', severity:SECURITY_HOLE);

NASL family	FreeBSD Local Security Checks
NASL id	FREEBSD_PKG_348BFA6925A211E5ADE10011D823EEBD.NASL
description	Adobe reports : Adobe has released security updates for Adobe Flash Player. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system. Adobe is aware of a report that an exploit targeting CVE-2015-5119 has been publicly published.
last seen	2020-06-01
modified	2020-06-02
plugin id	84628
published	2015-07-09
reporter	This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/84628
title	FreeBSD : Adobe Flash Player -- critical vulnerabilities (348bfa69-25a2-11e5-ade1-0011d823eebd) (Underminer)
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from the FreeBSD VuXML database : # # Copyright 2003-2018 Jacques Vidrine and contributors # # Redistribution and use in source (VuXML) and 'compiled' forms (SGML, # HTML, PDF, PostScript, RTF and so forth) with or without modification, # are permitted provided that the following conditions are met: # 1. Redistributions of source code (VuXML) must retain the above # copyright notice, this list of conditions and the following # disclaimer as the first lines of this file unmodified. # 2. Redistributions in compiled form (transformed to other DTDs, # published online in any format, converted to PDF, PostScript, # RTF and other formats) must reproduce the above copyright # notice, this list of conditions and the following disclaimer # in the documentation and/or other materials provided with the # distribution. # # THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS "AS IS" # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, # THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR # PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS # BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, # OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT # OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR # BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION, # EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # include("compat.inc"); if (description) { script_id(84628); script_version("2.10"); script_cvs_date("Date: 2018/11/10 11:49:44"); script_cve_id("CVE-2015-5119"); script_name(english:"FreeBSD : Adobe Flash Player -- critical vulnerabilities (348bfa69-25a2-11e5-ade1-0011d823eebd) (Underminer)"); script_summary(english:"Checks for updated packages in pkg_info output"); script_set_attribute( attribute:"synopsis", value: "The remote FreeBSD host is missing one or more security-related updates." ); script_set_attribute( attribute:"description", value: "Adobe reports : Adobe has released security updates for Adobe Flash Player. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system. Adobe is aware of a report that an exploit targeting CVE-2015-5119 has been publicly published." ); script_set_attribute( attribute:"see_also", value:"https://helpx.adobe.com/security/products/flash-player/apsb15-16.html" ); # https://vuxml.freebsd.org/freebsd/348bfa69-25a2-11e5-ade1-0011d823eebd.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?639ba9ec" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'Adobe Flash Player ByteArray Use After Free'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"exploit_framework_canvas", value:"true"); script_set_attribute(attribute:"canvas_package", value:'CANVAS'); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:linux-c6-flashplugin"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:linux-f10-flashplugin"); script_set_attribute(attribute:"cpe", value:"cpe:/o:freebsd:freebsd"); script_set_attribute(attribute:"vuln_publication_date", value:"2015/07/07"); script_set_attribute(attribute:"patch_publication_date", value:"2015/07/08"); script_set_attribute(attribute:"in_the_news", value:"true"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/07/09"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"FreeBSD Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/FreeBSD/release", "Host/FreeBSD/pkg_info"); exit(0); } include("audit.inc"); include("freebsd_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/FreeBSD/release")) audit(AUDIT_OS_NOT, "FreeBSD"); if (!get_kb_item("Host/FreeBSD/pkg_info")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (pkg_test(save_report:TRUE, pkg:"linux-c6-flashplugin<11.2r202.481")) flag++; if (pkg_test(save_report:TRUE, pkg:"linux-f10-flashplugin<11.2r202.481")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");

NASL family	Windows
NASL id	ADOBE_AIR_APSB15-16.NASL
description	According to its version, the installation of Adobe AIR on the remote Windows host is equal or prior to 18.0.0.144. It is, therefore, affected by multiple vulnerabilities : - An information disclosure vulnerability exists that allows an attacker to guess the address for the Flash heap. (CVE-2015-3097) - Multiple heap-based buffer overflow vulnerabilities exist that allow arbitrary code execution. (CVE-2015-3135, CVE-2015-4432, CVE-2015-5118) - Multiple memory corruption vulnerabilities exist that allow arbitrary code execution. (CVE-2015-3117, CVE-2015-3123, CVE-2015-3130, CVE-2015-3133, CVE-2015-3134, CVE-2015-4431) - Multiple NULL pointer dereference flaws exist. (CVE-2015-3126, CVE-2015-4429) - A security bypass vulnerability exists that results in an information disclosure. (CVE-2015-3114) - Multiple type confusion vulnerabilities exist that allow arbitrary code execution. (CVE-2015-3119, CVE-2015-3120, CVE-2015-3121, CVE-2015-3122, CVE-2015-4433) - Multiple use-after-free errors exist that allow arbitrary code execution. (CVE-2015-3118, CVE-2015-3124, CVE-2015-5117, CVE-2015-3127, CVE-2015-3128, CVE-2015-3129, CVE-2015-3131, CVE-2015-3132, CVE-2015-3136, CVE-2015-3137, CVE-2015-4428, CVE-2015-4430, CVE-2015-5119) - Multiple same-origin policy bypass vulnerabilities exist that allow information disclosure. (CVE-2014-0578, CVE-2015-3115, CVE-2015-3116, CVE-2015-3125, CVE-2015-5116) - A memory corruption issue exists due to improper validation of user-supplied input. An attacker can exploit this to execute arbitrary code. (CVE-2015-5124)
last seen	2020-06-01
modified	2020-06-02
plugin id	84641
published	2015-07-09
reporter	This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/84641
title	Adobe AIR <= 18.0.0.144 Multiple Vulnerabilities (APSB15-16)
code	# # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(84641); script_version("1.13"); script_cvs_date("Date: 2019/11/22"); script_cve_id( "CVE-2014-0578", "CVE-2015-3097", "CVE-2015-3114", "CVE-2015-3115", "CVE-2015-3116", "CVE-2015-3117", "CVE-2015-3118", "CVE-2015-3119", "CVE-2015-3120", "CVE-2015-3121", "CVE-2015-3122", "CVE-2015-3123", "CVE-2015-3124", "CVE-2015-3125", "CVE-2015-3126", "CVE-2015-3127", "CVE-2015-3128", "CVE-2015-3129", "CVE-2015-3130", "CVE-2015-3131", "CVE-2015-3132", "CVE-2015-3133", "CVE-2015-3134", "CVE-2015-3135", "CVE-2015-3136", "CVE-2015-3137", "CVE-2015-4428", "CVE-2015-4429", "CVE-2015-4430", "CVE-2015-4431", "CVE-2015-4432", "CVE-2015-4433", "CVE-2015-5116", "CVE-2015-5117", "CVE-2015-5118", "CVE-2015-5119", "CVE-2015-5124" ); script_bugtraq_id( 75090, 75568, 75590, 75591, 75592, 75593, 75594, 75595, 75596 ); script_name(english:"Adobe AIR <= 18.0.0.144 Multiple Vulnerabilities (APSB15-16)"); script_summary(english:"Checks the version gathered by local check."); script_set_attribute(attribute:"synopsis", value: "The remote Windows host has a version of Adobe AIR installed that is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "According to its version, the installation of Adobe AIR on the remote Windows host is equal or prior to 18.0.0.144. It is, therefore, affected by multiple vulnerabilities : - An information disclosure vulnerability exists that allows an attacker to guess the address for the Flash heap. (CVE-2015-3097) - Multiple heap-based buffer overflow vulnerabilities exist that allow arbitrary code execution. (CVE-2015-3135, CVE-2015-4432, CVE-2015-5118) - Multiple memory corruption vulnerabilities exist that allow arbitrary code execution. (CVE-2015-3117, CVE-2015-3123, CVE-2015-3130, CVE-2015-3133, CVE-2015-3134, CVE-2015-4431) - Multiple NULL pointer dereference flaws exist. (CVE-2015-3126, CVE-2015-4429) - A security bypass vulnerability exists that results in an information disclosure. (CVE-2015-3114) - Multiple type confusion vulnerabilities exist that allow arbitrary code execution. (CVE-2015-3119, CVE-2015-3120, CVE-2015-3121, CVE-2015-3122, CVE-2015-4433) - Multiple use-after-free errors exist that allow arbitrary code execution. (CVE-2015-3118, CVE-2015-3124, CVE-2015-5117, CVE-2015-3127, CVE-2015-3128, CVE-2015-3129, CVE-2015-3131, CVE-2015-3132, CVE-2015-3136, CVE-2015-3137, CVE-2015-4428, CVE-2015-4430, CVE-2015-5119) - Multiple same-origin policy bypass vulnerabilities exist that allow information disclosure. (CVE-2014-0578, CVE-2015-3115, CVE-2015-3116, CVE-2015-3125, CVE-2015-5116) - A memory corruption issue exists due to improper validation of user-supplied input. An attacker can exploit this to execute arbitrary code. (CVE-2015-5124)"); script_set_attribute(attribute:"see_also", value:"https://helpx.adobe.com/security/products/flash-player/apsb15-16.html"); # http://helpx.adobe.com/flash-player/kb/archived-flash-player-versions.html script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?0cb17c10"); script_set_attribute(attribute:"solution", value: "Upgrade to Adobe AIR 18.0.0.180 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2015-5124"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'Adobe Flash Player ByteArray Use After Free'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"exploit_framework_canvas", value:"true"); script_set_attribute(attribute:"canvas_package", value:'CANVAS'); script_set_attribute(attribute:"vuln_publication_date", value:"2015/07/08"); script_set_attribute(attribute:"patch_publication_date", value:"2015/07/08"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/07/09"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:adobe:air"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Windows"); script_copyright(english:"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("adobe_air_installed.nasl"); script_require_keys("SMB/Adobe_AIR/Version", "SMB/Adobe_AIR/Path"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); version = get_kb_item_or_exit("SMB/Adobe_AIR/Version"); path = get_kb_item_or_exit("SMB/Adobe_AIR/Path"); version_ui = get_kb_item("SMB/Adobe_AIR/Version_UI"); if (isnull(version_ui)) version_report = version; else version_report = version_ui + ' (' + version + ')'; cutoff_version = '18.0.0.144'; fix = '18.0.0.180'; fix_ui = '18.0'; if (ver_compare(ver:version, fix:cutoff_version) <= 0) { port = get_kb_item("SMB/transport"); if (!port) port = 445; if (report_verbosity > 0) { report = '\n Path : ' + path + '\n Installed version : ' + version_report + '\n Fixed version : ' + fix_ui + " (" + fix + ')' + '\n'; security_hole(port:port, extra:report); } else security_hole(port); exit(0); } else audit(AUDIT_INST_PATH_NOT_VULN, "Adobe AIR", version_report, path);

NASL family	MacOS X Local Security Checks
NASL id	MACOSX_ADOBE_AIR_APSB15-16.NASL
description	According to its version, the installation of Adobe AIR on the remote Mac OS X host is equal or prior to 18.0.0.144. It is, therefore, affected by multiple vulnerabilities : - An information disclosure vulnerability exists that allows an attacker to guess the address for the Flash heap. (CVE-2015-3097) - Multiple heap-based buffer overflow vulnerabilities exist that allow arbitrary code execution. (CVE-2015-3135, CVE-2015-4432, CVE-2015-5118) - Multiple memory corruption vulnerabilities exist that allow arbitrary code execution. (CVE-2015-3117, CVE-2015-3123, CVE-2015-3130, CVE-2015-3133, CVE-2015-3134, CVE-2015-4431) - Multiple NULL pointer dereference flaws exist. (CVE-2015-3126, CVE-2015-4429) - A security bypass vulnerability exists that results in an information disclosure. (CVE-2015-3114) - Multiple type confusion vulnerabilities exist that allow arbitrary code execution. (CVE-2015-3119, CVE-2015-3120, CVE-2015-3121, CVE-2015-3122, CVE-2015-4433) - Multiple use-after-free errors exist that allow arbitrary code execution. (CVE-2015-3118, CVE-2015-3124, CVE-2015-5117, CVE-2015-3127, CVE-2015-3128, CVE-2015-3129, CVE-2015-3131, CVE-2015-3132, CVE-2015-3136, CVE-2015-3137, CVE-2015-4428, CVE-2015-4430, CVE-2015-5119) - Multiple same-origin policy bypass vulnerabilities exist that allow information disclosure. (CVE-2014-0578, CVE-2015-3115, CVE-2015-3116, CVE-2015-3125, CVE-2015-5116) - A memory corruption issue exists due to improper validation of user-supplied input. An attacker can exploit this to execute arbitrary code. (CVE-2015-5124)
last seen	2020-06-01
modified	2020-06-02
plugin id	84643
published	2015-07-09
reporter	This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/84643
title	Adobe AIR for Mac <= 18.0.0.144 Multiple Vulnerabilities (APSB15-16)

NASL family	Windows
NASL id	FLASH_PLAYER_APSB15-16.NASL
description	The version of Adobe Flash Player installed on the remote Windows host is equal or prior to version 18.0.0.194. It is, therefore, affected by multiple vulnerabilities : - An information disclosure vulnerability exists that allows an attacker to guess the address for the Flash heap. (CVE-2015-3097) - Multiple heap-based buffer overflow vulnerabilities exist that allow arbitrary code execution. (CVE-2015-3135, CVE-2015-4432, CVE-2015-5118) - Multiple memory corruption vulnerabilities exist that allow arbitrary code execution. (CVE-2015-3117, CVE-2015-3123, CVE-2015-3130, CVE-2015-3133, CVE-2015-3134, CVE-2015-4431) - Multiple NULL pointer dereference flaws exist. (CVE-2015-3126, CVE-2015-4429) - A security bypass vulnerability exists that results in an information disclosure. (CVE-2015-3114) - Multiple type confusion vulnerabilities exist that allow arbitrary code execution. (CVE-2015-3119, CVE-2015-3120, CVE-2015-3121, CVE-2015-3122, CVE-2015-4433) - Multiple use-after-free errors exist that allow arbitrary code execution. (CVE-2015-3118, CVE-2015-3124, CVE-2015-5117, CVE-2015-3127, CVE-2015-3128, CVE-2015-3129, CVE-2015-3131, CVE-2015-3132, CVE-2015-3136, CVE-2015-3137, CVE-2015-4428, CVE-2015-4430, CVE-2015-5119) - Multiple same-origin policy bypass vulnerabilities exist that allow information disclosure. (CVE-2014-0578, CVE-2015-3115, CVE-2015-3116, CVE-2015-3125, CVE-2015-5116) - A memory corruption issue exists due to improper validation of user-supplied input. An attacker can exploit this to execute arbitrary code. (CVE-2015-5124)
last seen	2020-06-01
modified	2020-06-02
plugin id	84642
published	2015-07-09
reporter	This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/84642
title	Adobe Flash Player <= 18.0.0.194 Multiple Vulnerabilities (APSB15-16)

NASL family	MacOS X Local Security Checks
NASL id	MACOSX_FLASH_PLAYER_APSB15-16.NASL
description	The version of Adobe Flash Player installed on the remote Mac OS X host is equal or prior to version 18.0.0.194. It is, therefore, affected by multiple vulnerabilities : - An information disclosure vulnerability exists that allows an attacker to guess the address for the Flash heap. (CVE-2015-3097) - Multiple heap-based buffer overflow vulnerabilities exist that allow arbitrary code execution. (CVE-2015-3135, CVE-2015-4432, CVE-2015-5118) - Multiple memory corruption vulnerabilities exist that allow arbitrary code execution. (CVE-2015-3117, CVE-2015-3123, CVE-2015-3130, CVE-2015-3133, CVE-2015-3134, CVE-2015-4431) - Multiple NULL pointer dereference flaws exist. (CVE-2015-3126, CVE-2015-4429) - A security bypass vulnerability exists that results in an information disclosure. (CVE-2015-3114) - Multiple type confusion vulnerabilities exist that allow arbitrary code execution. (CVE-2015-3119, CVE-2015-3120, CVE-2015-3121, CVE-2015-3122, CVE-2015-4433) - Multiple use-after-free errors exist that allow arbitrary code execution. (CVE-2015-3118, CVE-2015-3124, CVE-2015-5117, CVE-2015-3127, CVE-2015-3128, CVE-2015-3129, CVE-2015-3131, CVE-2015-3132, CVE-2015-3136, CVE-2015-3137, CVE-2015-4428, CVE-2015-4430, CVE-2015-5119) - Multiple same-origin policy bypass vulnerabilities exist that allow information disclosure. (CVE-2014-0578, CVE-2015-3115, CVE-2015-3116, CVE-2015-3125, CVE-2015-5116) - A memory corruption issue exists due to improper validation of user-supplied input. An attacker can exploit this to execute arbitrary code. (CVE-2015-5124)
last seen	2020-06-01
modified	2020-06-02
plugin id	84644
published	2015-07-09
reporter	This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/84644
title	Adobe Flash Player <= 18.0.0.194 Multiple Vulnerabilities (APSB15-16) (Mac OS X)

NASL family	MacOS X Local Security Checks
NASL id	MACOSX_GOOGLE_CHROME_43_0_2357_132.NASL
description	The version of Google Chrome installed on the remote Mac OS X host is prior to 43.0.2357.132. It is, therefore, affected by multiple vulnerabilities in the bundled version of Adobe Flash : - An information disclosure vulnerability exists that allows an attacker to guess the address for the Flash heap. (CVE-2015-3097) - Multiple heap-based buffer overflow vulnerabilities exist that allow arbitrary code execution. (CVE-2015-3135, CVE-2015-4432, CVE-2015-5118) - Multiple memory corruption vulnerabilities exist that allow arbitrary code execution. (CVE-2015-3117, CVE-2015-3123, CVE-2015-3130, CVE-2015-3133, CVE-2015-3134, CVE-2015-4431) - Multiple NULL pointer dereference flaws exist. (CVE-2015-3126, CVE-2015-4429) - A security bypass vulnerability exists that results in an information disclosure. (CVE-2015-3114) - Multiple type confusion vulnerabilities exist that allow arbitrary code execution. (CVE-2015-3119, CVE-2015-3120, CVE-2015-3121, CVE-2015-3122, CVE-2015-4433) - Multiple use-after-free errors exist that allow arbitrary code execution. (CVE-2015-3118, CVE-2015-3124, CVE-2015-5117, CVE-2015-3127, CVE-2015-3128, CVE-2015-3129, CVE-2015-3131, CVE-2015-3132, CVE-2015-3136, CVE-2015-3137, CVE-2015-4428, CVE-2015-4430, CVE-2015-5119) - Multiple same-origin policy bypass vulnerabilities exist that allow information disclosure. (CVE-2014-0578, CVE-2015-3115, CVE-2015-3116, CVE-2015-3125, CVE-2015-5116) - A memory corruption issue exists due to improper validation of user-supplied input. An attacker can exploit this to execute arbitrary code. (CVE-2015-5124) Note that Nessus has not tested for these issues but has instead relied only on the application
last seen	2020-06-01
modified	2020-06-02
plugin id	84668
published	2015-07-10
reporter	This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/84668
title	Google Chrome < 43.0.2357.132 Multiple Vulnerabilities (Mac OS X)

NASL family	Windows
NASL id	SMB_KB3065823.NASL
description	The remote Windows host is missing KB3065823. It is, therefore, affected by multiple vulnerabilities : - An information disclosure vulnerability exists that allows an attacker to guess the address for the Flash heap. (CVE-2015-3097) - Multiple heap-based buffer overflow vulnerabilities exist that allow arbitrary code execution. (CVE-2015-3135, CVE-2015-4432, CVE-2015-5118) - Multiple memory corruption vulnerabilities exist that allow arbitrary code execution. (CVE-2015-3117, CVE-2015-3123, CVE-2015-3130, CVE-2015-3133, CVE-2015-3134, CVE-2015-4431) - Multiple NULL pointer dereference flaws exist. (CVE-2015-3126, CVE-2015-4429) - A security bypass vulnerability exists that results in an information disclosure. (CVE-2015-3114) - Multiple type confusion vulnerabilities exist that allow arbitrary code execution. (CVE-2015-3119, CVE-2015-3120, CVE-2015-3121, CVE-2015-3122, CVE-2015-4433) - Multiple use-after-free errors exist that allow arbitrary code execution. (CVE-2015-3118, CVE-2015-3124, CVE-2015-5117, CVE-2015-3127, CVE-2015-3128, CVE-2015-3129, CVE-2015-3131, CVE-2015-3132, CVE-2015-3136, CVE-2015-3137, CVE-2015-4428, CVE-2015-4430, CVE-2015-5119) - Multiple same-origin policy bypass vulnerabilities exist that allow information disclosure. (CVE-2014-0578, CVE-2015-3115, CVE-2015-3116, CVE-2015-3125, CVE-2015-5116) - A memory corruption issue exists due to improper validation of user-supplied input. An attacker can exploit this to execute arbitrary code. (CVE-2015-5124)
last seen	2020-06-01
modified	2020-06-02
plugin id	84645
published	2015-07-09
reporter	This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/84645
title	MS KB3065823: Update for Vulnerabilities in Adobe Flash Player in Internet Explorer

NASL family	Red Hat Local Security Checks
NASL id	REDHAT-RHSA-2015-1214.NASL
description	An updated Adobe Flash Player package that fixes multiple security issues is now available for Red Hat Enterprise Linux 5 and 6 Supplementary. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes multiple vulnerabilities in Adobe Flash Player. These vulnerabilities are detailed in the Adobe Security Bulletin APSB15-16 listed in the References section. Multiple flaws were found in the way flash-plugin displayed certain SWF content. An attacker could use these flaws to create a specially crafted SWF file that would cause flash-plugin to crash or, potentially, execute arbitrary code when the victim loaded a page containing the malicious SWF content. (CVE-2015-3117, CVE-2015-3118, CVE-2015-3119, CVE-2015-3120, CVE-2015-3121, CVE-2015-3122, CVE-2015-3123, CVE-2015-3124, CVE-2015-3126, CVE-2015-3127, CVE-2015-3128, CVE-2015-3129, CVE-2015-3130, CVE-2015-3131, CVE-2015-3132, CVE-2015-3133, CVE-2015-3134, CVE-2015-3135, CVE-2015-3136, CVE-2015-3137, CVE-2015-4428, CVE-2015-4429, CVE-2015-4430, CVE-2015-4431, CVE-2015-4432, CVE-2015-4433, CVE-2015-5117, CVE-2015-5118, CVE-2015-5119) Multiple security bypass flaws were found in flash-plugin that could lead to the disclosure of sensitive information. (CVE-2014-0578, CVE-2015-3114, CVE-2015-3115, CVE-2015-3116, CVE-2015-3125, CVE-2015-5116) All users of Adobe Flash Player should install this updated package, which upgrades Flash Player to version 11.2.202.481.
last seen	2020-06-01
modified	2020-06-02
plugin id	84631
published	2015-07-09
reporter	This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/84631
title	RHEL 5 / 6 : flash-plugin (RHSA-2015:1214) (Underminer)

NASL family	SuSE Local Security Checks
NASL id	SUSE_SU-2015-1214-1.NASL
description	flash-player was updated to fix 35 security issues. These security issues were fixed : - CVE-2015-3135, CVE-2015-4432, CVE-2015-5118: Heap buffer overflow vulnerabilities that could lead to code execution (bsc#937339). - CVE-2015-3117, CVE-2015-3123, CVE-2015-3130, CVE-2015-3133, CVE-2015-3134, CVE-2015-4431: Memory corruption vulnerabilities that could lead to code execution (bsc#937339). - CVE-2015-3126, CVE-2015-4429: NULL pointer dereference issues (bsc#937339). - CVE-2015-3114: A security bypass vulnerability that could lead to information disclosure (bsc#937339). - CVE-2015-3119, CVE-2015-3120, CVE-2015-3121, CVE-2015-3122, CVE-2015-4433: Type confusion vulnerabilities that could lead to code execution (bsc#937339). - CVE-2015-3118, CVE-2015-3124, CVE-2015-5117, CVE-2015-3127, CVE-2015-3128, CVE-2015-3129, CVE-2015-3131, CVE-2015-3132, CVE-2015-3136, CVE-2015-3137, CVE-2015-4428, CVE-2015-4430, CVE-2015-5119: Use-after-free vulnerabilities that could lead to code execution (bsc#937339). - CVE-2014-0578, CVE-2015-3115, CVE-2015-3116, CVE-2015-3125, CVE-2015-5116: Vulnerabilities that could be exploited to bypass the same-origin-policy and lead to information disclosure (bsc#937339). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	84663
published	2015-07-13
reporter	This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/84663
title	SUSE SLED11 Security Update : flash-player (SUSE-SU-2015:1214-1) (Underminer)

NASL family	SuSE Local Security Checks
NASL id	SUSE_SU-2015-1211-1.NASL
description	flash-player was updated to fix 35 security issues. These security issues were fixed : - CVE-2015-3135, CVE-2015-4432, CVE-2015-5118: Heap buffer overflow vulnerabilities that could lead to code execution (bsc#937339). - CVE-2015-3117, CVE-2015-3123, CVE-2015-3130, CVE-2015-3133, CVE-2015-3134, CVE-2015-4431: Memory corruption vulnerabilities that could lead to code execution (bsc#937339). - CVE-2015-3126, CVE-2015-4429: NULL pointer dereference issues (bsc#937339). - CVE-2015-3114: A security bypass vulnerability that could lead to information disclosure (bsc#937339). - CVE-2015-3119, CVE-2015-3120, CVE-2015-3121, CVE-2015-3122, CVE-2015-4433: Type confusion vulnerabilities that could lead to code execution (bsc#937339). - CVE-2015-3118, CVE-2015-3124, CVE-2015-5117, CVE-2015-3127, CVE-2015-3128, CVE-2015-3129, CVE-2015-3131, CVE-2015-3132, CVE-2015-3136, CVE-2015-3137, CVE-2015-4428, CVE-2015-4430, CVE-2015-5119: Use-after-free vulnerabilities that could lead to code execution (bsc#937339). - CVE-2014-0578, CVE-2015-3115, CVE-2015-3116, CVE-2015-3125, CVE-2015-5116: Vulnerabilities that could be exploited to bypass the same-origin-policy and lead to information disclosure (bsc#937339). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	84662
published	2015-07-13
reporter	This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/84662
title	SUSE SLED12 Security Update : flash-player (SUSE-SU-2015:1211-1) (Underminer)

NASL family	Gentoo Local Security Checks
NASL id	GENTOO_GLSA-201507-13.NASL
description	The remote host is affected by the vulnerability described in GLSA-201507-13 (Adobe Flash Player: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Adobe Flash Player. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could possibly execute arbitrary code with the privileges of the process, cause a Denial of Service condition, obtain sensitive information, or bypass security restrictions. Workaround : There is no known workaround at this time.
last seen	2020-06-01
modified	2020-06-02
plugin id	86083
published	2015-09-23
reporter	This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/86083
title	GLSA-201507-13 : Adobe Flash Player: Multiple vulnerabilities (Underminer)

NASL family	SuSE Local Security Checks
NASL id	OPENSUSE-2015-473.NASL
description	flash-player was updated to fix one security issue. This security issue was fixed : - CVE-2015-5119: Unspecified vulnerability allowing remote attackers to take over the system (bsc#937339).
last seen	2020-06-05
modified	2015-07-09
plugin id	84629
published	2015-07-09
reporter	This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/84629
title	openSUSE Security Update : flash-player (openSUSE-2015-473) (Underminer)

Packetstorm

data source	https://packetstormsecurity.com/files/download/132600/adobe_flash_hacking_team_uaf.rb.txt
id	PACKETSTORM:132600
last seen	2016-12-05
published	2015-07-08
reporter	sinn3r
source	https://packetstormsecurity.com/files/132600/Adobe-Flash-Player-ByteArray-Use-After-Free.html
title	Adobe Flash Player ByteArray Use After Free

Redhat

advisories

rhsa

id	RHSA-2015:1214

rpms

flash-plugin-0:11.2.202.481-1.el5
flash-plugin-0:11.2.202.481-1.el6_6

The Hacker News

id	THN:81AF218D527E626B7FE15454B68E5FF0
last seen	2018-01-27
modified	2015-07-12
published	2015-07-11
reporter	Swati Khandelwal
source	https://thehackernews.com/2015/07/hacking-flash-player-exploit.html
title	Second Flash Player Zero-day Exploit found in 'Hacking Team' Dump

id	THN:F6B79957FA6EFD8F9C60F4A8646CCE04
last seen	2018-01-27
modified	2015-07-09
published	2015-07-09
reporter	Wang Wei
source	https://thehackernews.com/2015/07/Hacking-Team-Flash-Zero-Day.html
title	Hacking Team Flash Zero-Day Linked to Cyber Attacks on South Korea and Japan

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Exploit-Db

Metasploit

Nessus

Packetstorm

Redhat

The Hacker News

Related news

References