Critical severity9.8CISA KEVNVD Advisory· Published Jul 14, 2015· Updated Apr 21, 2026
CVE-2015-5123
CVE-2015-5123
Description
Use-after-free vulnerability in the BitmapData class in the ActionScript 3 (AS3) implementation in Adobe Flash Player 13.x through 13.0.0.302 on Windows and OS X, 14.x through 18.0.0.203 on Windows and OS X, 11.x through 11.2.202.481 on Linux, and 12.x through 18.0.0.204 on Linux Chrome installations allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Flash content that overrides a valueOf function, as exploited in the wild in July 2015.
Affected products
16cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*range: >=11.0,<=11.2.202.481
- cpe:2.3:a:adobe:flash_player:*:*:*:*:chrome:*:*:*range: >=18.0,<=18.0.0.203
- cpe:2.3:a:adobe:flash_player:*:*:*:*:esr:*:*:*range: >=13.0,<=13.0.0.302
- cpe:2.3:a:adobe:flash_player_desktop_runtime:*:*:*:*:*:*:*:*Range: >=18.0,<=18.0.0.203
cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_eus:6.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_desktop:11:sp3:*:*:*:*:*:*+ 2 more
- cpe:2.3:o:suse:linux_enterprise_desktop:11:sp3:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_desktop:11:sp4:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_desktop:12:*:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_workstation_extension:12:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
16- blog.trendmicro.com/trendlabs-security-intelligence/new-zero-day-vulnerability-cve-2015-5123-in-adobe-flash-emerges-from-hacking-team-leak/nvdBroken LinkThird Party Advisory
- lists.opensuse.org/opensuse-security-announce/2015-07/msg00028.htmlnvdMailing ListThird Party Advisory
- lists.opensuse.org/opensuse-security-announce/2015-07/msg00029.htmlnvdMailing ListThird Party Advisory
- lists.opensuse.org/opensuse-security-announce/2015-07/msg00032.htmlnvdMailing ListThird Party Advisory
- marc.infonvdMailing ListThird Party Advisory
- rhn.redhat.com/errata/RHSA-2015-1235.htmlnvdThird Party Advisory
- www.kb.cert.org/vuls/id/918568nvdThird Party AdvisoryUS Government Resource
- www.securityfocus.com/bid/75710nvdBroken LinkThird Party AdvisoryVDB Entry
- www.securitytracker.com/id/1032890nvdBroken LinkThird Party AdvisoryVDB Entry
- www.us-cert.gov/ncas/alerts/TA15-195AnvdThird Party AdvisoryUS Government Resource
- h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplaynvdBroken LinkThird Party Advisory
- helpx.adobe.com/security/products/flash-player/apsa15-04.htmlnvdBroken LinkVendor Advisory
- helpx.adobe.com/security/products/flash-player/apsb15-18.htmlnvdBroken LinkVendor Advisory
- security.gentoo.org/glsa/201508-01nvdThird Party Advisory
- github.com/cisagov/vulnrichment/issues/196nvdIssue Tracking
- www.cisa.gov/known-exploited-vulnerabilities-catalognvdUS Government Resource
News mentions
0No linked articles in our index yet.