CVE-2015-7661

Vulnerability

CVE-2015-7661 is a use-after-free vulnerability in Adobe Flash Player affecting versions before 18.0.0.261 and 19.x before 19.0.0.245 on Windows and OS X, and before 11.2.202.548 on Linux. It also impacts Adobe AIR before 19.0.0.241 and related SDK versions [1]. The vulnerability resides in the getBounds method of ActionScript 2 (AS2) movies, where improper memory management can lead to a dangling pointer being reused after being freed [3].

Exploitation

To exploit this vulnerability, an attacker must craft a malicious SWF file that manipulates the AS2 stack and then calls the getBounds method, triggering a use-after-free condition. User interaction is required, as the target must visit a malicious web page or open the malicious file in a vulnerable Flash Player instance [3]. No additional authentication or network privileges are needed beyond enticing the user to load the content.

Impact

Successful exploitation allows an attacker to execute arbitrary code in the context of the current process, typically the web browser or Flash Player plugin. This can lead to full system compromise, including data theft, installation of malware, or further escalation of privileges [2][3]. The CVSS score is 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) [3].

Mitigation

Adobe released fixed versions: Flash Player 18.0.0.261 and 19.0.0.245 for Windows/OS X, and 11.2.202.548 for Linux; AIR 19.0.0.241 and corresponding SDK updates. Red Hat and Gentoo published security advisories urging immediate updates [1][2][4]. No known workaround exists; users should apply patches promptly.