CVE-2015-5119
Known Exploited (CISA KEV)CRITICAL
9.8
CVSS Severity Score
Vulnerability Description
Use-after-free vulnerability in the ByteArray class in the ActionScript 3 (AS3) implementation in Adobe Flash Player 13.x through 13.0.0.296 and 14.x through 18.0.0.194 on Windows and OS X and 11.x through 11.2.202.468 on Linux allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Flash content that overrides a valueOf function, as exploited in the wild in July 2015.
Affected Platforms (CPE)
📦
Adobe
Flash Player
>= 13.0.0.182 and <= 13.0.0296📦
Adobe
Flash Player
>= 14.0.0.125 and <= 18.0.0.194📦
Adobe
Flash Player
<= 11.2.202.468💻
Redhat
Enterprise Linux Desktop
= 5.0💻
Redhat
Enterprise Linux Desktop
= 6.0💻
Redhat
Enterprise Linux Eus
= 6.6💻
Redhat
Enterprise Linux Server
= 5.0💻
Redhat
Enterprise Linux Server
= 6.0💻
Redhat
Enterprise Linux Server Aus
= 6.6💻
Redhat
Enterprise Linux Server From Rhui
= 5.0💻
Redhat
Enterprise Linux Server From Rhui
= 6.0💻
Redhat
Enterprise Linux Workstation
= 5.0💻
Redhat
Enterprise Linux Workstation
= 6.0💻
Opensuse
Evergreen
= 11.4💻
Opensuse
Opensuse
= 13.1💻
Opensuse
Opensuse
= 13.2💻
Suse
Linux Enterprise Desktop
= 11💻
Suse
Linux Enterprise Desktop
= 11💻
Suse
Linux Enterprise Desktop
= 12💻
Suse