CVE-2015-7656

Vulnerability

A use-after-free vulnerability exists in Adobe Flash Player's actionImplementsOp method. By manipulating the arguments passed to this method, an attacker can cause a dangling pointer to be reused after it has been freed. This issue affects Flash Player versions before 18.0.0.261 and 19.x before 19.0.0.245 on Windows and OS X, versions before 11.2.202.548 on Linux, Adobe AIR before 19.0.0.241, and Adobe AIR SDK and SDK & Compiler before 19.0.0.241 [2]. The vulnerability is reachable when processing crafted SWF content.

Exploitation

An attacker must convince a victim to visit a malicious web page or open a specially crafted SWF file, requiring user interaction [3]. No authentication or special network position is needed; the attack can be launched remotely. The exploit leverages crafted actionImplementsOp arguments to trigger the use-after-free, leading to control of the dangling pointer.

Impact

Successful exploitation allows an attacker to execute arbitrary code within the context of the current process (typically the user's browser or a Flash-enabled application) [3]. This can result in full compromise of the affected system, including data theft, installation of malware, or further privilege escalation.

Mitigation

Adobe released fixed versions on November 10, 2015: Flash Player 18.0.0.261, 19.0.0.245, 11.2.202.548, and AIR 19.0.0.241 [2]. Linux users should upgrade to >=www-plugins/adobe-flash-11.2.202.548 [4]. No workaround is available [4]. This vulnerability is not listed on the CISA Known Exploited Vulnerabilities (KEV) catalog as of the publication date.