Vulnerability Change Records for CVE-2015-5119

Change History

Modified Analysis 9/10/2015 12:11:56 PM

Action Type Old Value New Value
Changed Reference Type
http://www.us-cert.gov/ncas/alerts/TA15-195A US Govt Resource
http://www.us-cert.gov/ncas/alerts/TA15-195A Advisory, US Govt Resource

Initial CVE Analysis 7/09/2015 10:39:10 AM

Action Type Old Value New Value

Modified Analysis 7/13/2015 3:38:55 PM

Action Type Old Value New Value
Changed CPE Configuration
Configuration 1
     AND
          OR
               *cpe:2.3:a:adobe:flash_player:11.2.202.468:*:*:*:*:*:*:* (and previous)
          OR
               cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
Configuration 2
     AND
          OR
               *cpe:2.3:a:adobe:flash_player:13.0.0.292:*:*:*:*:*:*:* (and previous)
               *cpe:2.3:a:adobe:flash_player:14.0.0.125:*:*:*:*:*:*:*
               *cpe:2.3:a:adobe:flash_player:14.0.0.145:*:*:*:*:*:*:*
               *cpe:2.3:a:adobe:flash_player:14.0.0.176:*:*:*:*:*:*:*
               *cpe:2.3:a:adobe:flash_player:14.0.0.179:*:*:*:*:*:*:*
               *cpe:2.3:a:adobe:flash_player:15.0.0.152:*:*:*:*:*:*:*
               *cpe:2.3:a:adobe:flash_player:15.0.0.167:*:*:*:*:*:*:*
               *cpe:2.3:a:adobe:flash_player:15.0.0.189:*:*:*:*:*:*:*
               *cpe:2.3:a:adobe:flash_player:15.0.0.223:*:*:*:*:*:*:*
               *cpe:2.3:a:adobe:flash_player:15.0.0.239:*:*:*:*:*:*:*
               *cpe:2.3:a:adobe:flash_player:15.0.0.246:*:*:*:*:*:*:*
               *cpe:2.3:a:adobe:flash_player:16.0.0.235:*:*:*:*:*:*:*
               *cpe:2.3:a:adobe:flash_player:16.0.0.257:*:*:*:*:*:*:*
               *cpe:2.3:a:adobe:flash_player:16.0.0.287:*:*:*:*:*:*:*
               *cpe:2.3:a:adobe:flash_player:16.0.0.296:*:*:*:*:*:*:*
               *cpe:2.3:a:adobe:flash_player:17.0.0.134:*:*:*:*:*:*:*
               *cpe:2.3:a:adobe:flash_player:17.0.0.169:*:*:*:*:*:*:*
               *cpe:2.3:a:adobe:flash_player:17.0.0.188:*:*:*:*:*:*:*
               *cpe:2.3:a:adobe:flash_player:18.0.0.161:*:*:*:*:*:*:*
               *cpe:2.3:a:adobe:flash_player:18.0.0.194:*:*:*:*:*:*:*
          OR
               cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
               cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*
Configuration 1
     AND
          OR
               *cpe:2.3:a:adobe:flash_player:13.0.0.292:*:*:*:*:*:*:* (and previous)
               *cpe:2.3:a:adobe:flash_player:14.0.0.125:*:*:*:*:*:*:*
               *cpe:2.3:a:adobe:flash_player:14.0.0.145:*:*:*:*:*:*:*
               *cpe:2.3:a:adobe:flash_player:14.0.0.176:*:*:*:*:*:*:*
               *cpe:2.3:a:adobe:flash_player:14.0.0.179:*:*:*:*:*:*:*
               *cpe:2.3:a:adobe:flash_player:15.0.0.152:*:*:*:*:*:*:*
               *cpe:2.3:a:adobe:flash_player:15.0.0.167:*:*:*:*:*:*:*
               *cpe:2.3:a:adobe:flash_player:15.0.0.189:*:*:*:*:*:*:*
               *cpe:2.3:a:adobe:flash_player:15.0.0.223:*:*:*:*:*:*:*
               *cpe:2.3:a:adobe:flash_player:15.0.0.239:*:*:*:*:*:*:*
               *cpe:2.3:a:adobe:flash_player:15.0.0.246:*:*:*:*:*:*:*
               *cpe:2.3:a:adobe:flash_player:16.0.0.235:*:*:*:*:*:*:*
               *cpe:2.3:a:adobe:flash_player:16.0.0.257:*:*:*:*:*:*:*
               *cpe:2.3:a:adobe:flash_player:16.0.0.287:*:*:*:*:*:*:*
               *cpe:2.3:a:adobe:flash_player:16.0.0.296:*:*:*:*:*:*:*
               *cpe:2.3:a:adobe:flash_player:17.0.0.134:*:*:*:*:*:*:*
               *cpe:2.3:a:adobe:flash_player:17.0.0.169:*:*:*:*:*:*:*
               *cpe:2.3:a:adobe:flash_player:17.0.0.188:*:*:*:*:*:*:*
               *cpe:2.3:a:adobe:flash_player:18.0.0.161:*:*:*:*:*:*:*
               *cpe:2.3:a:adobe:flash_player:18.0.0.194:*:*:*:*:*:*:*
          OR
               cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
               cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*
Configuration 2
     AND
          OR
               *cpe:2.3:a:adobe:flash_player:11.2.202.468:*:*:*:*:*:*:* (and previous)
          OR
               cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
Changed Reference Type
https://helpx.adobe.com/security/products/flash-player/apsb15-16.html No Types Assigned
https://helpx.adobe.com/security/products/flash-player/apsb15-16.html Advisory, Patch

CVE Modified by Adobe Systems Incorporated 11/28/2016 2:32:03 PM

Action Type Old Value New Value
Added Reference

								
							
							
						
http://www.securityfocus.com/bid/75568 [No Types Assigned]

CVE Modified by Source 7/10/2015 9:59:02 PM

Action Type Old Value New Value
Added Reference

								
							
							
						
https://helpx.adobe.com/security/products/flash-player/apsb15-16.html

CVE Modified by Source 8/25/2015 10:2:48 PM

Action Type Old Value New Value
Added Reference

								
							
							
						
http://www.us-cert.gov/ncas/alerts/TA15-195A

CVE Modified by Adobe Systems Incorporated 1/19/2017 9:59:03 PM

Action Type Old Value New Value
Changed Description
Use-after-free vulnerability in the ByteArray class in the ActionScript 3 (AS3) implementation in Adobe Flash Player 13.x through 13.0.0.296 and 14.x through 18.0.0.194 on Windows and OS X and 11.x through 11.2.202.468 on Linux allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Flash content that overrides a ValueOf function, as exploited in the wild in July 2015.
Use-after-free vulnerability in the ByteArray class in the ActionScript 3 (AS3) implementation in Adobe Flash Player 13.x through 13.0.0.296 and 14.x through 18.0.0.194 on Windows and OS X and 11.x through 11.2.202.468 on Linux allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Flash content that overrides a valueOf function, as exploited in the wild in July 2015.

CVE Modified by Adobe Systems Incorporated 12/21/2016 9:59:58 PM

Action Type Old Value New Value
Added Reference

								
							
							
						
http://www.rapid7.com/db/modules/exploit/multi/browser/adobe_flash_hacking_team_uaf [No Types Assigned]
Added Reference

								
							
							
						
https://security.gentoo.org/glsa/201507-13 [No Types Assigned]

CVE Modified by Adobe Systems Incorporated 12/15/2016 9:59:03 PM

Action Type Old Value New Value
Changed Description
Use-after-free vulnerability in the ByteArray class in the ActionScript 3 (AS3) implementation in Adobe Flash Player 13.x through 13.0.0.296 and 14.x through 18.0.0.194 on Windows and OS X and 11.x through 11.2.202.468 on Linux allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Flash content that overrides a ValueOf function, as exploited in the wild in July 2015.
Use-after-free vulnerability in the ByteArray class in the ActionScript 3 (AS3) implementation in Adobe Flash Player 13.x through 13.0.0.296 and 14.x through 18.0.0.194 on Windows and OS X and 11.x through 11.2.202.468 on Linux allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Flash content that overrides a valueOf function, as exploited in the wild in July 2015.

CVE Modified by Adobe Systems Incorporated 12/27/2016 9:59:22 PM

Action Type Old Value New Value
Added Reference

								
							
							
						
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00015.html [No Types Assigned]
Added Reference

								
							
							
						
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00016.html [No Types Assigned]
Added Reference

								
							
							
						
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00017.html [No Types Assigned]
Added Reference

								
							
							
						
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00018.html [No Types Assigned]
Added Reference

								
							
							
						
http://rhn.redhat.com/errata/RHSA-2015-1214.html [No Types Assigned]
Added Reference

								
							
							
						
http://www.securitytracker.com/id/1032809 [No Types Assigned]