CVE-2015-0359

Vulnerability

A double-free vulnerability exists in Adobe Flash Player versions before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X, and before 11.2.202.457 on Linux [1][2]. The flaw is triggered via unspecified vectors, indicating that processing a specially crafted SWF file can cause the player to free the same memory region twice [1]. This vulnerability is distinct from CVE-2015-0346.

Exploitation

An attacker would need to deliver a malicious SWF file to the victim, for example through a compromised website or via a crafted advertisement. No special authentication or network position beyond the ability to serve the SWF is required. The victim must visit the malicious page or open the file in a browser or application that uses the vulnerable Flash Player. The exploit sequence involves triggering the double-free condition during Flash Player's handling of the SWF content.

Impact

Successful exploitation allows arbitrary code execution in the context of the affected Flash Player process [1][2]. An attacker could potentially install programs, view, change, or delete data, or create new accounts with full user rights. The impact is limited only by the privileges of the account under which the Flash Player runs.

Mitigation

Adobe released fixed versions: Flash Player 13.0.0.281 and 17.0.0.169 for Windows and OS X, and 11.2.202.457 for Linux [1]. Users should upgrade to these versions or later. Red Hat and Gentoo have released updated packages (e.g., RHSA-2015:0813 and GLSA 201504-07) [2]. If upgrading is not immediately possible, the only known workaround is to disable or remove the Flash Player plugin.