Vulnerability Change Records for CVE-2015-5122

Change History

CVE Modified by MITRE 12/21/2016 9:59:58 PM

Action Type Old Value New Value
Added Reference

								
							
							
						
http://www.rapid7.com/db/modules/exploit/multi/browser/adobe_flash_opaque_background_uaf [No Types Assigned]
Added Reference

								
							
							
						
https://security.gentoo.org/glsa/201508-01 [No Types Assigned]

CVE Modified by Source 8/19/2016 10:0:03 PM

Action Type Old Value New Value
Added Reference

								
							
							
						
http://marc.info/?l=bugtraq&m=145404611816294&w=2

CVE Modified by Source 8/22/2016 10:9:50 PM

Action Type Old Value New Value
Added Reference

								
							
							
						
http://marc.info/?l=bugtraq&m=144050155601375&w=2

CVE Modified by Source 8/17/2015 10:2:14 PM

Action Type Old Value New Value
Added Reference

								
							
							
						
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00028.html
Added Reference

								
							
							
						
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00029.html
Added Reference

								
							
							
						
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00032.html
Added Reference

								
							
							
						
http://rhn.redhat.com/errata/RHSA-2015-1235.html
Added Reference

								
							
							
						
https://helpx.adobe.com/security/products/flash-player/apsb15-18.html

CVE Modified by Source 8/25/2015 10:2:50 PM

Action Type Old Value New Value
Added Reference

								
							
							
						
http://www.us-cert.gov/ncas/alerts/TA15-195A

CVE Translated 7/16/2015 5:45:01 AM

Action Type Old Value New Value
Added Translation

								
							
							
						
Vulnerabilidad de uso después de liberación descubierta en la implementación de la clase DisplayObject en el ActionScript (AS3) en Adobe Flash Player 13.x hasta 13.0.0.302 en Windows y en OS X, 14.x hasta 18.0.0.203 en Windows y en OS X, 11.x hasta 11.2.202.481 en Linux, y en 12.x hasta 18.0.0.204 en las intalaciones de Google Chorme en Linux permite a atacantes remotos ejecutar código arbitrario o causar denegación de servicio (corrupción de memoria) hasta contenido Flash manipulado que aprovecha el manejo inadecuado de la propiedad opaqueBackground, tal y como fue utilizado activamente en julio de 2015.
Removed Translation
Vulnerabilidad de uso despues de liberacion descubierta en la implementación de la clase DisplayObject en el ActionScript (AS3) en Adobe Flash Player 13.x a traves de 13.0.0.302 en Windows y en OS X, 14.x a traves de 18.0.0.203 en Windows y en OS X, 11.x a traves de 11.2.202.481 en Linux, y en 12.x a traves de 18.0.0.204 en las intalaciones de Google Chorme en Linux permite a atacantes remotos ejecutar codigo arbitrario o causar denegacion de servicio (corrupcion de memoria) a traves de contenido Flash manipulado que aprovecha el manejo inadecuado de la propiedad opaqueBackground, tal y como fue utilizado activamente en julio de 2015.

								
						

Modified Analysis 7/14/2015 10:39:18 AM

Action Type Old Value New Value
Added CPE Configuration

								
							
							
						
Configuration 1
     AND
          OR
               *cpe:2.3:a:adobe:flash_player:13.0.0.302:*:*:*:*:*:*:*
               *cpe:2.3:a:adobe:flash_player:13.0.0.292:*:*:*:*:*:*:*
               *cpe:2.3:a:adobe:flash_player:13.0.0.289:*:*:*:*:*:*:*
               *cpe:2.3:a:adobe:flash_player:13.0.0.264:*:*:*:*:*:*:*
               *cpe:2.3:a:adobe:flash_player:13.0.0.262:*:*:*:*:*:*:*
               *cpe:2.3:a:adobe:flash_player:13.0.0.260:*:*:*:*:*:*:*
               *cpe:2.3:a:adobe:flash_player:13.0.0.259:*:*:*:*:*:*:*
               *cpe:2.3:a:adobe:flash_player:13.0.0.258:*:*:*:*:*:*:*
               *cpe:2.3:a:adobe:flash_player:13.0.0.257:*:*:*:*:*:*:*
               *cpe:2.3:a:adobe:flash_player:13.0.0.250:*:*:*:*:*:*:*
               *cpe:2.3:a:adobe:flash_player:13.0.0.244:*:*:*:*:*:*:*
               *cpe:2.3:a:adobe:flash_player:13.0.0.241:*:*:*:*:*:*:*
               *cpe:2.3:a:adobe:flash_player:13.0.0.231:*:*:*:*:*:*:*
               *cpe:2.3:a:adobe:flash_player:13.0.0.223:*:*:*:*:*:*:*
               *cpe:2.3:a:adobe:flash_player:13.0.0.214:*:*:*:*:*:*:*
               *cpe:2.3:a:adobe:flash_player:13.0.0.206:*:*:*:*:*:*:*
               *cpe:2.3:a:adobe:flash_player:13.0.0.201:*:*:*:*:*:*:*
               *cpe:2.3:a:adobe:flash_player:13.0.0.182:*:*:*:*:*:*:*
               *cpe:2.3:a:adobe:flash_player:14.0.0.125:*:*:*:*:*:*:*
               *cpe:2.3:a:adobe:flash_player:14.0.0.145:*:*:*:*:*:*:*
               *cpe:2.3:a:adobe:flash_player:14.0.0.176:*:*:*:*:*:*:*
               *cpe:2.3:a:adobe:flash_player:14.0.0.179:*:*:*:*:*:*:*
               *cpe:2.3:a:adobe:flash_player:15.0.0.152:*:*:*:*:*:*:*
               *cpe:2.3:a:adobe:flash_player:15.0.0.167:*:*:*:*:*:*:*
               *cpe:2.3:a:adobe:flash_player:15.0.0.189:*:*:*:*:*:*:*
               *cpe:2.3:a:adobe:flash_player:15.0.0.223:*:*:*:*:*:*:*
               *cpe:2.3:a:adobe:flash_player:15.0.0.239:*:*:*:*:*:*:*
               *cpe:2.3:a:adobe:flash_player:15.0.0.246:*:*:*:*:*:*:*
               *cpe:2.3:a:adobe:flash_player:16.0.0.235:*:*:*:*:*:*:*
               *cpe:2.3:a:adobe:flash_player:16.0.0.257:*:*:*:*:*:*:*
               *cpe:2.3:a:adobe:flash_player:16.0.0.287:*:*:*:*:*:*:*
               *cpe:2.3:a:adobe:flash_player:16.0.0.296:*:*:*:*:*:*:*
               *cpe:2.3:a:adobe:flash_player:17.0.0.134:*:*:*:*:*:*:*
               *cpe:2.3:a:adobe:flash_player:17.0.0.169:*:*:*:*:*:*:*
               *cpe:2.3:a:adobe:flash_player:17.0.0.188:*:*:*:*:*:*:*
               *cpe:2.3:a:adobe:flash_player:17.0.0.190:*:*:*:*:*:*:*
               *cpe:2.3:a:adobe:flash_player:18.0.0.160:*:*:*:*:*:*:*
               *cpe:2.3:a:adobe:flash_player:18.0.0.194:*:*:*:*:*:*:*
               *cpe:2.3:a:adobe:flash_player:18.0.0.203:*:*:*:*:*:*:*
          OR
               cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
               cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*
Configuration 2
     AND
          OR
               *cpe:2.3:a:adobe:flash_player:11.1:*:*:*:*:*:*:*
               *cpe:2.3:a:adobe:flash_player:11.0.1.153:*:*:*:*:*:*:*
               *cpe:2.3:a:adobe:flash_player:11.2.202.451:*:*:*:*:*:*:*
               *cpe:2.3:a:adobe:flash_player:11.2.202.442:*:*:*:*:*:*:*
               *cpe:2.3:a:adobe:flash_player:11.2.202.440:*:*:*:*:*:*:*
               *cpe:2.3:a:adobe:flash_player:11.2.202.438:*:*:*:*:*:*:*
               *cpe:2.3:a:adobe:flash_player:11.2.202.429:*:*:*:*:*:*:*
               *cpe:2.3:a:adobe:flash_player:11.2.202.425:*:*:*:*:*:*:*
               *cpe:2.3:a:adobe:flash_player:11.2.202.424:*:*:*:*:*:*:*
               *cpe:2.3:a:adobe:flash_player:11.2.202.411:*:*:*:*:*:*:*
               *cpe:2.3:a:adobe:flash_player:11.2.202.394:*:*:*:*:*:*:*
               *cpe:2.3:a:adobe:flash_player:11.2.202.378:*:*:*:*:*:*:*
               *cpe:2.3:a:adobe:flash_player:11.2.202.359:*:*:*:*:*:*:*
               *cpe:2.3:a:adobe:flash_player:11.2.202.356:*:*:*:*:*:*:*
               *cpe:2.3:a:adobe:flash_player:11.2.202.350:*:*:*:*:*:*:*
               *cpe:2.3:a:adobe:flash_player:11.2.202.346:*:*:*:*:*:*:*
               *cpe:2.3:a:adobe:flash_player:11.2.202.341:*:*:*:*:*:*:*
               *cpe:2.3:a:adobe:flash_player:11.2.202.336:*:*:*:*:*:*:*
               *cpe:2.3:a:adobe:flash_player:11.2.202.335:*:*:*:*:*:*:*
               *cpe:2.3:a:adobe:flash_player:11.2.202.332:*:*:*:*:*:*:*
               *cpe:2.3:a:adobe:flash_player:11.2.202.327:*:*:*:*:*:*:*
               *cpe:2.3:a:adobe:flash_player:11.2.202.310:*:*:*:*:*:*:*
               *cpe:2.3:a:adobe:flash_player:11.2.202.297:*:*:*:*:*:*:*
               *cpe:2.3:a:adobe:flash_player:11.2.202.291:*:*:*:*:*:*:*
               *cpe:2.3:a:adobe:flash_player:11.2.202.285:*:*:*:*:*:*:*
               *cpe:2.3:a:adobe:flash_player:11.2.202.280:*:*:*:*:*:*:*
               *cpe:2.3:a:adobe:flash_player:11.2.202.275:*:*:*:*:*:*:*
               *cpe:2.3:a:adobe:flash_player:11.2.202.273:*:*:*:*:*:*:*
               *cpe:2.3:a:adobe:flash_player:11.2.202.270:*:*:*:*:*:*:*
               *cpe:2.3:a:adobe:flash_player:11.2.202.262:*:*:*:*:*:*:*
               *cpe:2.3:a:adobe:flash_player:11.2.202.261:*:*:*:*:*:*:*
               *cpe:2.3:a:adobe:flash_player:11.2.202.258:*:*:*:*:*:*:*
               *cpe:2.3:a:adobe:flash_player:11.2.202.251:*:*:*:*:*:*:*
               *cpe:2.3:a:adobe:flash_player:11.2.202.243:*:*:*:*:*:*:*
               *cpe:2.3:a:adobe:flash_player:11.2.202.238:*:*:*:*:*:*:*
               *cpe:2.3:a:adobe:flash_player:11.2.202.236:*:*:*:*:*:*:*
               *cpe:2.3:a:adobe:flash_player:11.2.202.235:*:*:*:*:*:*:*
               *cpe:2.3:a:adobe:flash_player:11.2.202.233:*:*:*:*:*:*:*
               *cpe:2.3:a:adobe:flash_player:11.2.202.228:*:*:*:*:*:*:*
               *cpe:2.3:a:adobe:flash_player:11.2.202.223:*:*:*:*:*:*:*
               *cpe:2.3:a:adobe:flash_player:11.1.115.81:*:*:*:*:*:*:*
               *cpe:2.3:a:adobe:flash_player:11.1.115.7:*:*:*:*:*:*:*
               *cpe:2.3:a:adobe:flash_player:11.1.115.69:*:*:*:*:*:*:*
               *cpe:2.3:a:adobe:flash_player:11.1.115.63:*:*:*:*:*:*:*
               *cpe:2.3:a:adobe:flash_player:11.1.115.59:*:*:*:*:*:*:*
               *cpe:2.3:a:adobe:flash_player:11.1.115.58:*:*:*:*:*:*:*
               *cpe:2.3:a:adobe:flash_player:11.1.115.54:*:*:*:*:*:*:*
               *cpe:2.3:a:adobe:flash_player:11.1.115.48:*:*:*:*:*:*:*
               *cpe:2.3:a:adobe:flash_player:11.1.115.34:*:*:*:*:*:*:*
               *cpe:2.3:a:adobe:flash_player:11.1.111.8:*:*:*:*:*:*:*
               *cpe:2.3:a:adobe:flash_player:11.1.111.73:*:*:*:*:*:*:*
               *cpe:2.3:a:adobe:flash_player:11.1.111.64:*:*:*:*:*:*:*
               *cpe:2.3:a:adobe:flash_player:11.1.111.54:*:*:*:*:*:*:*
               *cpe:2.3:a:adobe:flash_player:11.1.111.50:*:*:*:*:*:*:*
               *cpe:2.3:a:adobe:flash_player:11.1.111.44:*:*:*:*:*:*:*
               *cpe:2.3:a:adobe:flash_player:11.1.102.63:*:*:*:*:*:*:*
               *cpe:2.3:a:adobe:flash_player:11.1.102.62:*:*:*:*:*:*:*
               *cpe:2.3:a:adobe:flash_player:11.1.102.59:*:*:*:*:*:*:*
               *cpe:2.3:a:adobe:flash_player:11.2.202.468:*:*:*:*:*:*:* (and previous)
               *cpe:2.3:a:adobe:flash_player:18.0.0.204:*:*:*:*:*:*:* (and previous)
          OR
               cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
Added CVSS V2

								
							
							
						
(AV:N/AC:L/Au:N/C:C/I:C/A:C)
Added CWE

								
							
							
						
NVD-CWE-Other
Added Evaluator Description

								
							
							
						
<a href="http://cwe.mitre.org/data/definitions/416.html">CWE-416: Use After Free</a>
Changed Reference Type
http://www.kb.cert.org/vuls/id/338736 US Govt Resource
http://www.kb.cert.org/vuls/id/338736 Advisory, US Govt Resource
Changed Reference Type
https://helpx.adobe.com/security/products/flash-player/apsa15-04.html No Types Assigned
https://helpx.adobe.com/security/products/flash-player/apsa15-04.html Advisory

CVE Modified by MITRE 11/28/2016 2:32:04 PM

Action Type Old Value New Value
Added Reference

								
							
							
						
http://www.securityfocus.com/bid/75712 [No Types Assigned]

CVE Modified by MITRE 11/23/2018 12:29:01 AM

Action Type Old Value New Value
Added Reference

								
							
							
						
https://perception-point.io/new/breaking-cfi.php [No Types Assigned]

CVE Modified by MITRE 4/16/2018 5:58:04 AM

Action Type Old Value New Value
Added Reference

								
							
							
						
https://perception-point.io/2018/04/11/breaking-cfi-cve-2015-5122-coop/ [No Types Assigned]

CVE Modified by MITRE 12/07/2016 1:15:49 PM

Action Type Old Value New Value
Added Reference

								
							
							
						
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04952467 [No Types Assigned]
Removed Reference
http://marc.info/?l=bugtraq&m=145404611816294&w=2 [No Types Assigned]

								
						

CVE Translated 7/17/2015 7:45:30 AM

Action Type Old Value New Value
Changed Translation
Vulnerabilidad en la implementaci&oacute;n ActionScript 3 en Adobe Flash Player (CVE-2015-5122)
la implementaci&oacute;n ActionScript 3 en Adobe Flash Player

Initial CVE Analysis 7/14/2015 10:29:59 AM

Action Type Old Value New Value

CVE Modified by Source 7/13/2016 9:59:04 PM

Action Type Old Value New Value
Added Reference

								
							
							
						
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04796784

CVE Modified by MITRE 12/27/2016 9:59:22 PM

Action Type Old Value New Value
Added Reference

								
							
							
						
http://packetstormsecurity.com/files/132663/Adobe-Flash-opaqueBackground-Use-After-Free.html [No Types Assigned]
Added Reference

								
							
							
						
http://www.securitytracker.com/id/1032890 [No Types Assigned]
Added Reference

								
							
							
						
https://www.exploit-db.com/exploits/37599/ [No Types Assigned]