CISA KEV 정보
| 취약점명 | Adobe Flash Player Use-After-Free Vulnerability |
|---|---|
| 설명 | Use-after-free vulnerability in the DisplayObject class in the ActionScript 3 (AS3) implementation in Adobe Flash Player allows remote attackers to execute code or cause a denial-of-service (DoS). |
| 조치사항 | The impacted product is end-of-life and should be disconnected if still in use. |
| 랜섬웨어 캠페인 악용 | Unknown |
| CWE | CWE-416 |
| 등록일 (KEV) | 2022-04-13 |
| 조치 기한 | 2022-05-04 |
| 추가 참고 | https://nvd.nist.gov/vuln/detail/CVE-2015-5122 |
NVD 상세 정보
CVSS v3.1: 9.8 CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HCVSS v2.0: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C설명: Use-after-free vulnerability in the DisplayObject class in the ActionScript 3 (AS3) implementation in Adobe Flash Player 13.x through 13.0.0.302 on Windows and OS X, 14.x through 18.0.0.203 on Windows and OS X, 11.x through 11.2.202.481 on Linux, and 12.x through 18.0.0.204 on Linux Chrome installations allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Flash content that leverages improper handling of the opaqueBackground property, as exploited in the wild in July 2015.
CWE: CWE-416 | CWE-416
참조
- http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00028.html [Mailing List, Third Party Advisory]
- http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00029.html [Mailing List, Third Party Advisory]
- http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00032.html [Mailing List, Third Party Advisory]
- http://marc.info/?l=bugtraq&m=144050155601375&w=2 [Mailing List, Third Party Advisory]
- http://packetstormsecurity.com/files/132663/Adobe-Flash-opaqueBackground-Use-After-Free.html [Exploit, Third Party Advisory, VDB Entry]
- http://rhn.redhat.com/errata/RHSA-2015-1235.html [Third Party Advisory]
- http://www.kb.cert.org/vuls/id/338736 [Third Party Advisory, US Government Resource]
- http://www.rapid7.com/db/modules/exploit/multi/browser/adobe_flash_opaque_background_uaf [Third Party Advisory]
- http://www.securityfocus.com/bid/75712 [Broken Link, Third Party Advisory, VDB Entry]
- http://www.securitytracker.com/id/1032890 [Broken Link, Third Party Advisory, VDB Entry]
- http://www.us-cert.gov/ncas/alerts/TA15-195A [Third Party Advisory, US Government Resource]
- https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04796784 [Broken Link, Third Party Advisory]
- https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04952467 [Third Party Advisory]
- https://helpx.adobe.com/security/products/flash-player/apsa15-04.html [Broken Link, Vendor Advisory]
- https://helpx.adobe.com/security/products/flash-player/apsb15-18.html [Broken Link, Vendor Advisory]
- ... 외 27건
This product uses the NVD API but is not endorsed or certified by the NVD.