CVE-2015-7631

Vulnerability

A use-after-free vulnerability exists in Adobe Flash Player versions before 18.0.0.252, 19.x before 19.0.0.207, and 11.2.202.535 on Linux. The flaw resides in the handling of the TextLine object, specifically its validity property. By manipulating this property, an attacker can trigger a dangling pointer to be reused after the object has been freed, leading to memory corruption. The vulnerability affects Adobe Flash Player on Windows, OS X, and Linux, as well as Adobe AIR, AIR SDK, and AIR SDK & Compiler before version 19.0.0.213 [1][2][3].

Exploitation

Exploitation requires user interaction: the target must visit a malicious web page or open a specially crafted SWF file. The attacker can leverage a crafted TextLine object with a manipulated validity property to force the use of an already-freed memory region. This can be achieved without any special authentication or network position beyond the ability to deliver the malicious SWF content (e.g., via a website or email link) [3].

Impact

Successful exploitation allows an attacker to execute arbitrary code within the context of the current process (the Flash Player plugin). This could lead to full compromise of the affected system, including the ability to install programs, view, change, or delete data, or create new accounts with full user rights. The CVSS base score is 6.8 (medium severity) [3].

Mitigation

Adobe released updates fixing this vulnerability as part of APSB15-25, APSB15-27, and APSB15-28. The fixed versions are: Flash Player 18.0.0.252/19.0.0.207 (Windows/Mac), 11.2.202.535 (Linux), and AIR 19.0.0.213. Red Hat and Gentoo have also provided updated packages [1][2][4]. Users should upgrade to the latest versions immediately. No workaround other than disabling Flash or applying the patch is available [4].