Vulnerability Change Records for CVE-2015-5122

Change History

CVE Modified by Source 7/13/2016 9:59:04 PM

Action Type Old Value New Value
Added Reference

								
							
							
						
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04796784

CVE Modified by Source 8/25/2015 10:2:50 PM

Action Type Old Value New Value
Added Reference

								
							
							
						
http://www.us-cert.gov/ncas/alerts/TA15-195A

CVE Modified by MITRE 11/23/2018 12:29:01 AM

Action Type Old Value New Value
Added Reference

								
							
							
						
https://perception-point.io/new/breaking-cfi.php [No Types Assigned]

CVE Modified by MITRE 12/21/2016 9:59:58 PM

Action Type Old Value New Value
Added Reference

								
							
							
						
http://www.rapid7.com/db/modules/exploit/multi/browser/adobe_flash_opaque_background_uaf [No Types Assigned]
Added Reference

								
							
							
						
https://security.gentoo.org/glsa/201508-01 [No Types Assigned]

CVE Modified by Source 8/22/2016 10:9:50 PM

Action Type Old Value New Value
Added Reference

								
							
							
						
http://marc.info/?l=bugtraq&m=144050155601375&w=2

CVE Translated 7/17/2015 7:45:30 AM

Action Type Old Value New Value
Changed Translation
Vulnerabilidad en la implementación ActionScript 3 en Adobe Flash Player (CVE-2015-5122)
la implementación ActionScript 3 en Adobe Flash Player

CVE Modified by MITRE 4/16/2018 5:58:04 AM

Action Type Old Value New Value
Added Reference

								
							
							
						
https://perception-point.io/2018/04/11/breaking-cfi-cve-2015-5122-coop/ [No Types Assigned]

Initial CVE Analysis 7/14/2015 10:29:59 AM

Action Type Old Value New Value

CVE Modified by MITRE 12/27/2016 9:59:22 PM

Action Type Old Value New Value
Added Reference

								
							
							
						
http://packetstormsecurity.com/files/132663/Adobe-Flash-opaqueBackground-Use-After-Free.html [No Types Assigned]
Added Reference

								
							
							
						
http://www.securitytracker.com/id/1032890 [No Types Assigned]
Added Reference

								
							
							
						
https://www.exploit-db.com/exploits/37599/ [No Types Assigned]

CVE Translated 7/16/2015 5:45:01 AM

Action Type Old Value New Value
Added Translation

								
							
							
						
Vulnerabilidad de uso después de liberación descubierta en la implementación de la clase DisplayObject en el ActionScript (AS3) en Adobe Flash Player 13.x hasta 13.0.0.302 en Windows y en OS X, 14.x hasta 18.0.0.203 en Windows y en OS X, 11.x hasta 11.2.202.481 en Linux, y en 12.x hasta 18.0.0.204 en las intalaciones de Google Chorme en Linux permite a atacantes remotos ejecutar código arbitrario o causar denegación de servicio (corrupción de memoria) hasta contenido Flash manipulado que aprovecha el manejo inadecuado de la propiedad opaqueBackground, tal y como fue utilizado activamente en julio de 2015.
Removed Translation
Vulnerabilidad de uso despues de liberacion descubierta en la implementación de la clase DisplayObject en el ActionScript (AS3) en Adobe Flash Player 13.x a traves de 13.0.0.302 en Windows y en OS X, 14.x a traves de 18.0.0.203 en Windows y en OS X, 11.x a traves de 11.2.202.481 en Linux, y en 12.x a traves de 18.0.0.204 en las intalaciones de Google Chorme en Linux permite a atacantes remotos ejecutar codigo arbitrario o causar denegacion de servicio (corrupcion de memoria) a traves de contenido Flash manipulado que aprovecha el manejo inadecuado de la propiedad opaqueBackground, tal y como fue utilizado activamente en julio de 2015.

								
						

Modified Analysis 8/19/2019 11:51:26 AM

Action Type Old Value New Value
Added CPE Configuration

								
							
							
						
AND
     OR
          *cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:* versions from (including) 11.0 up to (including) 11.2.202.481
     OR
          cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
Added CPE Configuration

								
							
							
						
AND
     OR
          *cpe:2.3:a:adobe:flash_player:*:*:*:*:esr:*:*:* versions from (including) 13.0 up to (including) 13.0.0.302
          *cpe:2.3:a:adobe:flash_player:*:*:*:*:*:chrome:*:* versions from (including) 18.0 up to (including) 18.0.0.203
          *cpe:2.3:a:adobe:flash_player_desktop_runtime:*:*:*:*:*:*:*:* versions from (including) 18.0 up to (including) 18.0.0.203
     OR
          cpe:2.3:o:apple:mac_os:-:*:*:*:*:*:*:*
          cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
Added CPE Configuration

								
							
							
						
OR
     *cpe:2.3:o:opensuse:evergreen:11.4:*:*:*:*:*:*:*
     *cpe:2.3:o:suse:linux_enterprise_desktop:11:sp3:*:*:*:*:*:*
     *cpe:2.3:o:suse:linux_enterprise_desktop:11:sp4:*:*:*:*:*:*
     *cpe:2.3:o:suse:linux_enterprise_desktop:12:*:*:*:*:*:*:*
     *cpe:2.3:o:suse:linux_enterprise_workstation_extension:12:*:*:*:*:*:*:*
Added CPE Configuration

								
							
							
						
OR
     *cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*
     *cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
     *cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*
     *cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
     *cpe:2.3:o:redhat:enterprise_linux_server_eus:6.6:*:*:*:*:*:*:*
     *cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*
     *cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
Changed CPE Configuration
AND
     OR
          *cpe:2.3:a:adobe:flash_player:13.0.0.182:*:*:*:*:*:*:*
          *cpe:2.3:a:adobe:flash_player:13.0.0.201:*:*:*:*:*:*:*
          *cpe:2.3:a:adobe:flash_player:13.0.0.206:*:*:*:*:*:*:*
          *cpe:2.3:a:adobe:flash_player:13.0.0.214:*:*:*:*:*:*:*
          *cpe:2.3:a:adobe:flash_player:13.0.0.223:*:*:*:*:*:*:*
          *cpe:2.3:a:adobe:flash_player:13.0.0.231:*:*:*:*:*:*:*
          *cpe:2.3:a:adobe:flash_player:13.0.0.241:*:*:*:*:*:*:*
          *cpe:2.3:a:adobe:flash_player:13.0.0.244:*:*:*:*:*:*:*
          *cpe:2.3:a:adobe:flash_player:13.0.0.250:*:*:*:*:*:*:*
          *cpe:2.3:a:adobe:flash_player:13.0.0.257:*:*:*:*:*:*:*
          *cpe:2.3:a:adobe:flash_player:13.0.0.258:*:*:*:*:*:*:*
          *cpe:2.3:a:adobe:flash_player:13.0.0.259:*:*:*:*:*:*:*
          *cpe:2.3:a:adobe:flash_player:13.0.0.260:*:*:*:*:*:*:*
          *cpe:2.3:a:adobe:flash_player:13.0.0.262:*:*:*:*:*:*:*
          *cpe:2.3:a:adobe:flash_player:13.0.0.264:*:*:*:*:*:*:*
          *cpe:2.3:a:adobe:flash_player:13.0.0.289:*:*:*:*:*:*:*
          *cpe:2.3:a:adobe:flash_player:13.0.0.292:*:*:*:*:*:*:*
          *cpe:2.3:a:adobe:flash_player:13.0.0.302:*:*:*:*:*:*:*
          *cpe:2.3:a:adobe:flash_player:14.0.0.125:*:*:*:*:*:*:*
          *cpe:2.3:a:adobe:flash_player:14.0.0.145:*:*:*:*:*:*:*
          *cpe:2.3:a:adobe:flash_player:14.0.0.176:*:*:*:*:*:*:*
          *cpe:2.3:a:adobe:flash_player:14.0.0.179:*:*:*:*:*:*:*
          *cpe:2.3:a:adobe:flash_player:15.0.0.152:*:*:*:*:*:*:*
          *cpe:2.3:a:adobe:flash_player:15.0.0.167:*:*:*:*:*:*:*
          *cpe:2.3:a:adobe:flash_player:15.0.0.189:*:*:*:*:*:*:*
          *cpe:2.3:a:adobe:flash_player:15.0.0.223:*:*:*:*:*:*:*
          *cpe:2.3:a:adobe:flash_player:15.0.0.239:*:*:*:*:*:*:*
          *cpe:2.3:a:adobe:flash_player:15.0.0.246:*:*:*:*:*:*:*
          *cpe:2.3:a:adobe:flash_player:16.0.0.235:*:*:*:*:*:*:*
          *cpe:2.3:a:adobe:flash_player:16.0.0.257:*:*:*:*:*:*:*
          *cpe:2.3:a:adobe:flash_player:16.0.0.287:*:*:*:*:*:*:*
          *cpe:2.3:a:adobe:flash_player:16.0.0.296:*:*:*:*:*:*:*
          *cpe:2.3:a:adobe:flash_player:17.0.0.134:*:*:*:*:*:*:*
          *cpe:2.3:a:adobe:flash_player:17.0.0.169:*:*:*:*:*:*:*
          *cpe:2.3:a:adobe:flash_player:17.0.0.188:*:*:*:*:*:*:*
          *cpe:2.3:a:adobe:flash_player:17.0.0.190:*:*:*:*:*:*:*
          *cpe:2.3:a:adobe:flash_player:18.0.0.160:*:*:*:*:*:*:*
          *cpe:2.3:a:adobe:flash_player:18.0.0.194:*:*:*:*:*:*:*
          *cpe:2.3:a:adobe:flash_player:18.0.0.203:*:*:*:*:*:*:*
     OR
          cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*
          cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
AND
     OR
          *cpe:2.3:a:adobe:flash_player:*:*:*:*:*:chrome:*:* versions from (including) 18.0 up to (including) 18.0.0.204
     OR
          cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
Changed CPE Configuration
AND
     OR
          *cpe:2.3:a:adobe:flash_player:11.0.1.153:*:*:*:*:*:*:*
          *cpe:2.3:a:adobe:flash_player:11.1:*:*:*:*:*:*:*
          *cpe:2.3:a:adobe:flash_player:11.1.102.59:*:*:*:*:*:*:*
          *cpe:2.3:a:adobe:flash_player:11.1.102.62:*:*:*:*:*:*:*
          *cpe:2.3:a:adobe:flash_player:11.1.102.63:*:*:*:*:*:*:*
          *cpe:2.3:a:adobe:flash_player:11.1.111.8:*:*:*:*:*:*:*
          *cpe:2.3:a:adobe:flash_player:11.1.111.44:*:*:*:*:*:*:*
          *cpe:2.3:a:adobe:flash_player:11.1.111.50:*:*:*:*:*:*:*
          *cpe:2.3:a:adobe:flash_player:11.1.111.54:*:*:*:*:*:*:*
          *cpe:2.3:a:adobe:flash_player:11.1.111.64:*:*:*:*:*:*:*
          *cpe:2.3:a:adobe:flash_player:11.1.111.73:*:*:*:*:*:*:*
          *cpe:2.3:a:adobe:flash_player:11.1.115.7:*:*:*:*:*:*:*
          *cpe:2.3:a:adobe:flash_player:11.1.115.34:*:*:*:*:*:*:*
          *cpe:2.3:a:adobe:flash_player:11.1.115.48:*:*:*:*:*:*:*
          *cpe:2.3:a:adobe:flash_player:11.1.115.54:*:*:*:*:*:*:*
          *cpe:2.3:a:adobe:flash_player:11.1.115.58:*:*:*:*:*:*:*
          *cpe:2.3:a:adobe:flash_player:11.1.115.59:*:*:*:*:*:*:*
          *cpe:2.3:a:adobe:flash_player:11.1.115.63:*:*:*:*:*:*:*
          *cpe:2.3:a:adobe:flash_player:11.1.115.69:*:*:*:*:*:*:*
          *cpe:2.3:a:adobe:flash_player:11.1.115.81:*:*:*:*:*:*:*
          *cpe:2.3:a:adobe:flash_player:11.2.202.223:*:*:*:*:*:*:*
          *cpe:2.3:a:adobe:flash_player:11.2.202.228:*:*:*:*:*:*:*
          *cpe:2.3:a:adobe:flash_player:11.2.202.233:*:*:*:*:*:*:*
          *cpe:2.3:a:adobe:flash_player:11.2.202.235:*:*:*:*:*:*:*
          *cpe:2.3:a:adobe:flash_player:11.2.202.236:*:*:*:*:*:*:*
          *cpe:2.3:a:adobe:flash_player:11.2.202.238:*:*:*:*:*:*:*
          *cpe:2.3:a:adobe:flash_player:11.2.202.243:*:*:*:*:*:*:*
          *cpe:2.3:a:adobe:flash_player:11.2.202.251:*:*:*:*:*:*:*
          *cpe:2.3:a:adobe:flash_player:11.2.202.258:*:*:*:*:*:*:*
          *cpe:2.3:a:adobe:flash_player:11.2.202.261:*:*:*:*:*:*:*
          *cpe:2.3:a:adobe:flash_player:11.2.202.262:*:*:*:*:*:*:*
          *cpe:2.3:a:adobe:flash_player:11.2.202.270:*:*:*:*:*:*:*
          *cpe:2.3:a:adobe:flash_player:11.2.202.273:*:*:*:*:*:*:*
          *cpe:2.3:a:adobe:flash_player:11.2.202.275:*:*:*:*:*:*:*
          *cpe:2.3:a:adobe:flash_player:11.2.202.280:*:*:*:*:*:*:*
          *cpe:2.3:a:adobe:flash_player:11.2.202.285:*:*:*:*:*:*:*
          *cpe:2.3:a:adobe:flash_player:11.2.202.291:*:*:*:*:*:*:*
          *cpe:2.3:a:adobe:flash_player:11.2.202.297:*:*:*:*:*:*:*
          *cpe:2.3:a:adobe:flash_player:11.2.202.310:*:*:*:*:*:*:*
          *cpe:2.3:a:adobe:flash_player:11.2.202.327:*:*:*:*:*:*:*
          *cpe:2.3:a:adobe:flash_player:11.2.202.332:*:*:*:*:*:*:*
          *cpe:2.3:a:adobe:flash_player:11.2.202.335:*:*:*:*:*:*:*
          *cpe:2.3:a:adobe:flash_player:11.2.202.336:*:*:*:*:*:*:*
          *cpe:2.3:a:adobe:flash_player:11.2.202.341:*:*:*:*:*:*:*
          *cpe:2.3:a:adobe:flash_player:11.2.202.346:*:*:*:*:*:*:*
          *cpe:2.3:a:adobe:flash_player:11.2.202.350:*:*:*:*:*:*:*
          *cpe:2.3:a:adobe:flash_player:11.2.202.356:*:*:*:*:*:*:*
          *cpe:2.3:a:adobe:flash_player:11.2.202.359:*:*:*:*:*:*:*
          *cpe:2.3:a:adobe:flash_player:11.2.202.378:*:*:*:*:*:*:*
          *cpe:2.3:a:adobe:flash_player:11.2.202.394:*:*:*:*:*:*:*
          *cpe:2.3:a:adobe:flash_player:11.2.202.411:*:*:*:*:*:*:*
          *cpe:2.3:a:adobe:flash_player:11.2.202.424:*:*:*:*:*:*:*
          *cpe:2.3:a:adobe:flash_player:11.2.202.425:*:*:*:*:*:*:*
          *cpe:2.3:a:adobe:flash_player:11.2.202.429:*:*:*:*:*:*:*
          *cpe:2.3:a:adobe:flash_player:11.2.202.438:*:*:*:*:*:*:*
          *cpe:2.3:a:adobe:flash_player:11.2.202.440:*:*:*:*:*:*:*
          *cpe:2.3:a:adobe:flash_player:11.2.202.442:*:*:*:*:*:*:*
          *cpe:2.3:a:adobe:flash_player:11.2.202.451:*:*:*:*:*:*:*
          *cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:* versions up to (including) 11.2.202.468
          *cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:* versions up to (including) 18.0.0.204
     OR
          cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
AND
     OR
          *cpe:2.3:a:adobe:flash_player:*:*:*:*:*:internet_explorer_10:*:* versions from (including) 18.0 up to (including) 18.0.0.203
          *cpe:2.3:a:adobe:flash_player:*:*:*:*:*:internet_explorer_11:*:* versions from (including) 18.0 up to (including) 18.0.0.203
     OR
          cpe:2.3:o:microsoft:windows_8.0:-:*:*:*:*:*:*:*
          cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*
Changed Evaluator Description
<a href="http://cwe.mitre.org/data/definitions/416.html">CWE-416: Use After Free</a>
<a href="http://cwe.mitre.org/data/definitions/416.html" rel="nofollow">CWE-416: Use After Free</a>
Changed Reference Type
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00028.html No Types Assigned
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00028.html Mailing List, Third Party Advisory
Changed Reference Type
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00029.html No Types Assigned
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00029.html Mailing List, Third Party Advisory
Changed Reference Type
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00032.html No Types Assigned
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00032.html Mailing List, Third Party Advisory
Changed Reference Type
http://marc.info/?l=bugtraq&m=144050155601375&w=2 No Types Assigned
http://marc.info/?l=bugtraq&m=144050155601375&w=2 Mailing List, Third Party Advisory
Changed Reference Type
http://packetstormsecurity.com/files/132663/Adobe-Flash-opaqueBackground-Use-After-Free.html No Types Assigned
http://packetstormsecurity.com/files/132663/Adobe-Flash-opaqueBackground-Use-After-Free.html Third Party Advisory, VDB Entry
Changed Reference Type
http://rhn.redhat.com/errata/RHSA-2015-1235.html No Types Assigned
http://rhn.redhat.com/errata/RHSA-2015-1235.html Third Party Advisory
Changed Reference Type
http://www.rapid7.com/db/modules/exploit/multi/browser/adobe_flash_opaque_background_uaf No Types Assigned
http://www.rapid7.com/db/modules/exploit/multi/browser/adobe_flash_opaque_background_uaf Third Party Advisory
Changed Reference Type
http://www.securityfocus.com/bid/75712 No Types Assigned
http://www.securityfocus.com/bid/75712 Third Party Advisory, VDB Entry
Changed Reference Type
http://www.securitytracker.com/id/1032890 No Types Assigned
http://www.securitytracker.com/id/1032890 Third Party Advisory, VDB Entry
Changed Reference Type
http://www.us-cert.gov/ncas/alerts/TA15-195A US Government Resource
http://www.us-cert.gov/ncas/alerts/TA15-195A Third Party Advisory, US Government Resource
Changed Reference Type
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04796784 No Types Assigned
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04796784 Third Party Advisory
Changed Reference Type
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04952467 No Types Assigned
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04952467 Third Party Advisory
Changed Reference Type
https://helpx.adobe.com/security/products/flash-player/apsb15-18.html No Types Assigned
https://helpx.adobe.com/security/products/flash-player/apsb15-18.html Vendor Advisory
Changed Reference Type
https://perception-point.io/2018/04/11/breaking-cfi-cve-2015-5122-coop/ No Types Assigned
https://perception-point.io/2018/04/11/breaking-cfi-cve-2015-5122-coop/ Third Party Advisory
Changed Reference Type
https://perception-point.io/new/breaking-cfi.php No Types Assigned
https://perception-point.io/new/breaking-cfi.php Third Party Advisory
Changed Reference Type
https://security.gentoo.org/glsa/201508-01 No Types Assigned
https://security.gentoo.org/glsa/201508-01 Third Party Advisory
Changed Reference Type
https://www.exploit-db.com/exploits/37599/ No Types Assigned
https://www.exploit-db.com/exploits/37599/ Third Party Advisory, VDB Entry
Changed Reference Type
https://www.fireeye.com/blog/threat-research/2015/07/cve-2015-5122_-_seco.html No Types Assigned
https://www.fireeye.com/blog/threat-research/2015/07/cve-2015-5122_-_seco.html Third Party Advisory

CVE Modified by Source 8/19/2016 10:0:03 PM

Action Type Old Value New Value
Added Reference

								
							
							
						
http://marc.info/?l=bugtraq&m=145404611816294&w=2

CVE Modified by MITRE 11/28/2016 2:32:04 PM

Action Type Old Value New Value
Added Reference

								
							
							
						
http://www.securityfocus.com/bid/75712 [No Types Assigned]

CVE Modified by Source 8/17/2015 10:2:14 PM

Action Type Old Value New Value
Added Reference

								
							
							
						
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00028.html
Added Reference

								
							
							
						
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00029.html
Added Reference

								
							
							
						
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00032.html
Added Reference

								
							
							
						
http://rhn.redhat.com/errata/RHSA-2015-1235.html
Added Reference

								
							
							
						
https://helpx.adobe.com/security/products/flash-player/apsb15-18.html

CVE Modified by MITRE 12/07/2016 1:15:49 PM

Action Type Old Value New Value
Added Reference

								
							
							
						
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04952467 [No Types Assigned]
Removed Reference
http://marc.info/?l=bugtraq&m=145404611816294&w=2 [No Types Assigned]