Vulnerability Note VU#918568
Adobe Flash ActionScript 3 BitmapData memory corruption vulnerability
Adobe Flash Player contains a vulnerability in the ActionScript 3 BitmapData object, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.
Adobe Flash Player versions 9.0 through version 18.104.22.168 contain amemory corruption vulnerability in the AS3 BitmapData class. Proof-of-concept exploit code for this vulnerability is publicly available.
Please see Adobe Security Bulletin APSA15-04 for more details about affected Flash versions.
An attacker may be able to execute arbitrary code in the context of the user running Flash Player. Attacks typically involve enticing a user to visit a web site containing specially-crafted Flash content, or to open a specially-crafted Microsoft Office document.
Apply an update
Do not run untrusted Flash content
Vendor Information (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Adobe||Affected||-||12 Jul 2015|
CVSS Metrics (Learn More)
This vulnerability was reported by TrendMicro, based on the HackingTeam leak.
This document was written by Will Dormann.
- CVE IDs: CVE-2015-5123
- Date Public: 05 Jul 2015
- Date First Published: 12 Jul 2015
- Date Last Updated: 14 Jul 2015
- Document Revision: 19
If you have feedback, comments, or additional information about this vulnerability, please send us email.