CVE-2015-7657

Vulnerability

A use-after-free vulnerability exists in Adobe Flash Player's actionCallMethod opcode. Affected versions include Flash Player before 18.0.0.261 and 19.x before 19.0.0.245 on Windows and OS X, and before 11.2.202.548 on Linux, as well as Adobe AIR before 19.0.0.241, AIR SDK before 19.0.0.241, and AIR SDK & Compiler before 19.0.0.241 [1][2][3][4]. This CVE is one of several similar use-after-free issues disclosed at the same time.

Exploitation

An attacker can exploit this vulnerability by crafting a malicious SWF file that passes specially manipulated arguments to the actionCallMethod opcode. The attacker must convince a user to visit a malicious webpage or open a malicious file; no additional authentication or network privileges are required [3]. The flaw lies in the improper handling of object references, causing a dangling pointer to be reused after it has been freed.

Impact

Successful exploitation allows an attacker to execute arbitrary code within the context of the current user's browser or application process [3]. This can lead to full control of the affected system, including the ability to install programs, view, change, or delete data, or create new accounts with full user rights.

Mitigation

Adobe released fixed versions: Flash Player 18.0.0.261 and 19.0.0.245 for Windows/OS X, 11.2.202.548 for Linux, and AIR 19.0.0.241 [1][2][4]. Red Hat and Gentoo advisories recommend updating to these versions [1][2][4]. No workaround exists; users should apply updates immediately.