Vulnerability Note VU#561288
Adobe Flash ActionScript 3 ByteArray use-after-free vulnerability
Adobe Flash Player contains a vulnerability in the ActionScript 3 ByteArray class, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.
Adobe Flash Player versions 9.0 through version 18.104.22.168 contain a use-after-free vulnerability in the AS3 ByteArray class. This can allow attacker-controlled memory corruption. Exploit code for this vulnerability is publicly available.
An attacker can execute arbitrary code in the context of the user running Flash Player. Attacks typically involve enticing a user to visit a web site containing specially-crafted Flash content, or to open a specially-crafted Microsoft Office document.
Apply an update
This issue is addressed in Flash Player Desktop 22.214.171.124. Please see Adobe Security Bulletin APSB15-16 for more details and fix versions for other platforms.
Do not run untrusted Flash content
Vendor Information (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Adobe||Affected||06 Jul 2015||08 Jul 2015|
CVSS Metrics (Learn More)
This vulnerability was discovered by HackingTeam.
This document was written by Will Dormann.
- CVE IDs: CVE-2015-5119
- Date Public: 05 Jul 2015
- Date First Published: 07 Jul 2015
- Date Last Updated: 11 Jul 2015
- Document Revision: 37
If you have feedback, comments, or additional information about this vulnerability, please send us email.