Vulnerability Change Records for CVE-2015-5123

Change History

CVE Modified by Source 8/25/2015 10:2:51 PM

Action Type Old Value New Value
Added Reference

								
							
							
						
http://www.us-cert.gov/ncas/alerts/TA15-195A

CVE Modified by Source 8/17/2015 10:2:17 PM

Action Type Old Value New Value
Added Reference

								
							
							
						
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00028.html
Added Reference

								
							
							
						
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00029.html
Added Reference

								
							
							
						
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00032.html
Added Reference

								
							
							
						
http://rhn.redhat.com/errata/RHSA-2015-1235.html
Added Reference

								
							
							
						
https://helpx.adobe.com/security/products/flash-player/apsb15-18.html

CVE Modified by Source 7/13/2016 9:59:05 PM

Action Type Old Value New Value
Added Reference

								
							
							
						
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04796784

CVE Translated 7/17/2015 7:45:19 AM

Action Type Old Value New Value
Changed Translation
Vulnerabilidad en la implementación ActionScript 3 en Adobe Flash Player (CVE-2015-5123)
la implementación ActionScript 3 en Adobe Flash Player

CVE Modified by MITRE 11/28/2016 2:32:06 PM

Action Type Old Value New Value
Added Reference

								
							
							
						
http://www.securityfocus.com/bid/75710 [No Types Assigned]

CVE Modified by MITRE 12/27/2016 9:59:22 PM

Action Type Old Value New Value
Added Reference

								
							
							
						
http://www.securitytracker.com/id/1032890 [No Types Assigned]

CVE Modified by Source 8/22/2016 10:9:51 PM

Action Type Old Value New Value
Added Reference

								
							
							
						
http://marc.info/?l=bugtraq&m=144050155601375&w=2

Initial CVE Analysis 7/14/2015 10:42:07 AM

Action Type Old Value New Value

CVE Modified by MITRE 1/19/2017 9:59:03 PM

Action Type Old Value New Value
Changed Description
Use-after-free vulnerability in the BitmapData class in the ActionScript 3 (AS3) implementation in Adobe Flash Player 13.x through 13.0.0.302 on Windows and OS X, 14.x through 18.0.0.203 on Windows and OS X, 11.x through 11.2.202.481 on Linux, and 12.x through 18.0.0.204 on Linux Chrome installations allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Flash content that overrides a ValueOf function, as exploited in the wild in July 2015.
Use-after-free vulnerability in the BitmapData class in the ActionScript 3 (AS3) implementation in Adobe Flash Player 13.x through 13.0.0.302 on Windows and OS X, 14.x through 18.0.0.203 on Windows and OS X, 11.x through 11.2.202.481 on Linux, and 12.x through 18.0.0.204 on Linux Chrome installations allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Flash content that overrides a valueOf function, as exploited in the wild in July 2015.

Modified Analysis 7/14/2015 11:10:58 AM

Action Type Old Value New Value
Added CPE Configuration

								
							
							
						
Configuration 1
     AND
          OR
               *cpe:2.3:a:adobe:flash_player:11.1:*:*:*:*:*:*:*
               *cpe:2.3:a:adobe:flash_player:11.0.1.153:*:*:*:*:*:*:*
               *cpe:2.3:a:adobe:flash_player:11.2.202.451:*:*:*:*:*:*:*
               *cpe:2.3:a:adobe:flash_player:11.2.202.442:*:*:*:*:*:*:*
               *cpe:2.3:a:adobe:flash_player:11.2.202.440:*:*:*:*:*:*:*
               *cpe:2.3:a:adobe:flash_player:11.2.202.438:*:*:*:*:*:*:*
               *cpe:2.3:a:adobe:flash_player:11.2.202.429:*:*:*:*:*:*:*
               *cpe:2.3:a:adobe:flash_player:11.2.202.425:*:*:*:*:*:*:*
               *cpe:2.3:a:adobe:flash_player:11.2.202.424:*:*:*:*:*:*:*
               *cpe:2.3:a:adobe:flash_player:11.2.202.411:*:*:*:*:*:*:*
               *cpe:2.3:a:adobe:flash_player:11.2.202.394:*:*:*:*:*:*:*
               *cpe:2.3:a:adobe:flash_player:11.2.202.378:*:*:*:*:*:*:*
               *cpe:2.3:a:adobe:flash_player:11.2.202.359:*:*:*:*:*:*:*
               *cpe:2.3:a:adobe:flash_player:11.2.202.356:*:*:*:*:*:*:*
               *cpe:2.3:a:adobe:flash_player:11.2.202.350:*:*:*:*:*:*:*
               *cpe:2.3:a:adobe:flash_player:11.2.202.346:*:*:*:*:*:*:*
               *cpe:2.3:a:adobe:flash_player:11.2.202.341:*:*:*:*:*:*:*
               *cpe:2.3:a:adobe:flash_player:11.2.202.336:*:*:*:*:*:*:*
               *cpe:2.3:a:adobe:flash_player:11.2.202.335:*:*:*:*:*:*:*
               *cpe:2.3:a:adobe:flash_player:11.2.202.332:*:*:*:*:*:*:*
               *cpe:2.3:a:adobe:flash_player:11.2.202.327:*:*:*:*:*:*:*
               *cpe:2.3:a:adobe:flash_player:11.2.202.310:*:*:*:*:*:*:*
               *cpe:2.3:a:adobe:flash_player:11.2.202.297:*:*:*:*:*:*:*
               *cpe:2.3:a:adobe:flash_player:11.2.202.291:*:*:*:*:*:*:*
               *cpe:2.3:a:adobe:flash_player:11.2.202.285:*:*:*:*:*:*:*
               *cpe:2.3:a:adobe:flash_player:11.2.202.280:*:*:*:*:*:*:*
               *cpe:2.3:a:adobe:flash_player:11.2.202.275:*:*:*:*:*:*:*
               *cpe:2.3:a:adobe:flash_player:11.2.202.273:*:*:*:*:*:*:*
               *cpe:2.3:a:adobe:flash_player:11.2.202.270:*:*:*:*:*:*:*
               *cpe:2.3:a:adobe:flash_player:11.2.202.262:*:*:*:*:*:*:*
               *cpe:2.3:a:adobe:flash_player:11.2.202.261:*:*:*:*:*:*:*
               *cpe:2.3:a:adobe:flash_player:11.2.202.258:*:*:*:*:*:*:*
               *cpe:2.3:a:adobe:flash_player:11.2.202.251:*:*:*:*:*:*:*
               *cpe:2.3:a:adobe:flash_player:11.2.202.243:*:*:*:*:*:*:*
               *cpe:2.3:a:adobe:flash_player:11.2.202.238:*:*:*:*:*:*:*
               *cpe:2.3:a:adobe:flash_player:11.2.202.236:*:*:*:*:*:*:*
               *cpe:2.3:a:adobe:flash_player:11.2.202.235:*:*:*:*:*:*:*
               *cpe:2.3:a:adobe:flash_player:11.2.202.233:*:*:*:*:*:*:*
               *cpe:2.3:a:adobe:flash_player:11.2.202.228:*:*:*:*:*:*:*
               *cpe:2.3:a:adobe:flash_player:11.2.202.223:*:*:*:*:*:*:*
               *cpe:2.3:a:adobe:flash_player:11.1.115.81:*:*:*:*:*:*:*
               *cpe:2.3:a:adobe:flash_player:11.1.115.7:*:*:*:*:*:*:*
               *cpe:2.3:a:adobe:flash_player:11.1.115.69:*:*:*:*:*:*:*
               *cpe:2.3:a:adobe:flash_player:11.1.115.63:*:*:*:*:*:*:*
               *cpe:2.3:a:adobe:flash_player:11.1.115.59:*:*:*:*:*:*:*
               *cpe:2.3:a:adobe:flash_player:11.1.115.58:*:*:*:*:*:*:*
               *cpe:2.3:a:adobe:flash_player:11.1.115.54:*:*:*:*:*:*:*
               *cpe:2.3:a:adobe:flash_player:11.1.115.48:*:*:*:*:*:*:*
               *cpe:2.3:a:adobe:flash_player:11.1.115.34:*:*:*:*:*:*:*
               *cpe:2.3:a:adobe:flash_player:11.1.111.8:*:*:*:*:*:*:*
               *cpe:2.3:a:adobe:flash_player:11.1.111.73:*:*:*:*:*:*:*
               *cpe:2.3:a:adobe:flash_player:11.1.111.64:*:*:*:*:*:*:*
               *cpe:2.3:a:adobe:flash_player:11.1.111.54:*:*:*:*:*:*:*
               *cpe:2.3:a:adobe:flash_player:11.1.111.50:*:*:*:*:*:*:*
               *cpe:2.3:a:adobe:flash_player:11.1.111.44:*:*:*:*:*:*:*
               *cpe:2.3:a:adobe:flash_player:11.1.102.63:*:*:*:*:*:*:*
               *cpe:2.3:a:adobe:flash_player:11.1.102.62:*:*:*:*:*:*:*
               *cpe:2.3:a:adobe:flash_player:11.1.102.59:*:*:*:*:*:*:*
               *cpe:2.3:a:adobe:flash_player:11.2.202.468:*:*:*:*:*:*:* (and previous)
               *cpe:2.3:a:adobe:flash_player:18.0.0.204:*:*:*:*:*:*:* (and previous)
          OR
               cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
Configuration 2
     AND
          OR
               *cpe:2.3:a:adobe:flash_player:13.0.0.302:*:*:*:*:*:*:*
               *cpe:2.3:a:adobe:flash_player:13.0.0.292:*:*:*:*:*:*:*
               *cpe:2.3:a:adobe:flash_player:13.0.0.289:*:*:*:*:*:*:*
               *cpe:2.3:a:adobe:flash_player:13.0.0.264:*:*:*:*:*:*:*
               *cpe:2.3:a:adobe:flash_player:13.0.0.262:*:*:*:*:*:*:*
               *cpe:2.3:a:adobe:flash_player:13.0.0.260:*:*:*:*:*:*:*
               *cpe:2.3:a:adobe:flash_player:13.0.0.259:*:*:*:*:*:*:*
               *cpe:2.3:a:adobe:flash_player:13.0.0.258:*:*:*:*:*:*:*
               *cpe:2.3:a:adobe:flash_player:13.0.0.257:*:*:*:*:*:*:*
               *cpe:2.3:a:adobe:flash_player:13.0.0.250:*:*:*:*:*:*:*
               *cpe:2.3:a:adobe:flash_player:13.0.0.244:*:*:*:*:*:*:*
               *cpe:2.3:a:adobe:flash_player:13.0.0.241:*:*:*:*:*:*:*
               *cpe:2.3:a:adobe:flash_player:13.0.0.231:*:*:*:*:*:*:*
               *cpe:2.3:a:adobe:flash_player:13.0.0.223:*:*:*:*:*:*:*
               *cpe:2.3:a:adobe:flash_player:13.0.0.214:*:*:*:*:*:*:*
               *cpe:2.3:a:adobe:flash_player:13.0.0.206:*:*:*:*:*:*:*
               *cpe:2.3:a:adobe:flash_player:13.0.0.201:*:*:*:*:*:*:*
               *cpe:2.3:a:adobe:flash_player:13.0.0.182:*:*:*:*:*:*:*
               *cpe:2.3:a:adobe:flash_player:14.0.0.125:*:*:*:*:*:*:*
               *cpe:2.3:a:adobe:flash_player:14.0.0.145:*:*:*:*:*:*:*
               *cpe:2.3:a:adobe:flash_player:14.0.0.176:*:*:*:*:*:*:*
               *cpe:2.3:a:adobe:flash_player:14.0.0.179:*:*:*:*:*:*:*
               *cpe:2.3:a:adobe:flash_player:15.0.0.152:*:*:*:*:*:*:*
               *cpe:2.3:a:adobe:flash_player:15.0.0.167:*:*:*:*:*:*:*
               *cpe:2.3:a:adobe:flash_player:15.0.0.189:*:*:*:*:*:*:*
               *cpe:2.3:a:adobe:flash_player:15.0.0.223:*:*:*:*:*:*:*
               *cpe:2.3:a:adobe:flash_player:15.0.0.239:*:*:*:*:*:*:*
               *cpe:2.3:a:adobe:flash_player:15.0.0.246:*:*:*:*:*:*:*
               *cpe:2.3:a:adobe:flash_player:16.0.0.235:*:*:*:*:*:*:*
               *cpe:2.3:a:adobe:flash_player:16.0.0.257:*:*:*:*:*:*:*
               *cpe:2.3:a:adobe:flash_player:16.0.0.287:*:*:*:*:*:*:*
               *cpe:2.3:a:adobe:flash_player:16.0.0.296:*:*:*:*:*:*:*
               *cpe:2.3:a:adobe:flash_player:17.0.0.134:*:*:*:*:*:*:*
               *cpe:2.3:a:adobe:flash_player:17.0.0.169:*:*:*:*:*:*:*
               *cpe:2.3:a:adobe:flash_player:17.0.0.188:*:*:*:*:*:*:*
               *cpe:2.3:a:adobe:flash_player:17.0.0.190:*:*:*:*:*:*:*
               *cpe:2.3:a:adobe:flash_player:18.0.0.160:*:*:*:*:*:*:*
               *cpe:2.3:a:adobe:flash_player:18.0.0.194:*:*:*:*:*:*:*
               *cpe:2.3:a:adobe:flash_player:18.0.0.203:*:*:*:*:*:*:* (and previous)
          OR
               cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
               cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*
Added CVSS V2

								
							
							
						
(AV:N/AC:L/Au:N/C:C/I:C/A:C)
Added CWE

								
							
							
						
NVD-CWE-Other
Added Evaluator Description

								
							
							
						
<a href="http://cwe.mitre.org/data/definitions/416.html">CWE-416: Use After Free</a>
Changed Reference Type
http://www.kb.cert.org/vuls/id/918568 US Govt Resource
http://www.kb.cert.org/vuls/id/918568 Advisory, US Govt Resource
Changed Reference Type
https://helpx.adobe.com/security/products/flash-player/apsa15-04.html No Types Assigned
https://helpx.adobe.com/security/products/flash-player/apsa15-04.html Advisory

CVE Modified by MITRE 12/15/2016 9:59:03 PM

Action Type Old Value New Value
Changed Description
Use-after-free vulnerability in the BitmapData class in the ActionScript 3 (AS3) implementation in Adobe Flash Player 13.x through 13.0.0.302 on Windows and OS X, 14.x through 18.0.0.203 on Windows and OS X, 11.x through 11.2.202.481 on Linux, and 12.x through 18.0.0.204 on Linux Chrome installations allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Flash content that overrides a ValueOf function, as exploited in the wild in July 2015.
Use-after-free vulnerability in the BitmapData class in the ActionScript 3 (AS3) implementation in Adobe Flash Player 13.x through 13.0.0.302 on Windows and OS X, 14.x through 18.0.0.203 on Windows and OS X, 11.x through 11.2.202.481 on Linux, and 12.x through 18.0.0.204 on Linux Chrome installations allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Flash content that overrides a valueOf function, as exploited in the wild in July 2015.

CVE Translated 7/16/2015 5:45:00 AM

Action Type Old Value New Value
Added Translation

								
							
							
						
Vulnerabilidad de uso despu&eacute;s de liberaci&oacute;n descubierta en la implementaci&oacute;n de la clase BitmapData en el ActionScript (AS3) en Adobe Flash Player 13.x hasta 13.0.0.302 en Windows y en OS X, 14.x hasta 18.0.0.203 en Windows y en OS X, 11.x hasta 11.2.202.481 en Linux, y en 12.x hasta 18.0.0.204 en las intalaciones de Google Chorme en Linux permite a atacantes remotos ejecutar c&oacute;digo arbitrario o causar denegaci&oacute;n de servicio (corrupci&oacute;n de memoria) hasta contenido Flash manipulado que invalida un valor de funci&oacute;n, tal y como fue utilizado activamente en julio de 2015.
Removed Translation
Vulnerabilidad de uso despues de liberacion descubierta en la implementaci&oacute;n de la clase BitmapData en el ActionScript (AS3) en Adobe Flash Player 13.x a traves de 13.0.0.302 en Windows y en OS X, 14.x a traves de 18.0.0.203 en Windows y en OS X, 11.x a traves de 11.2.202.481 en Linux, y en 12.x a traves de 18.0.0.204 en las intalaciones de Google Chorme en Linux permite a atacantes remotos ejecutar codigo arbitrario o causar denegacion de servicio (corrupcion de memoria) a traves de contenido Flash manipulado que invalida un valor de funci&oacute;n, tal y como fue utilizado activamente en julio de 2015.

								
						

CVE Modified by MITRE 12/21/2016 9:59:58 PM

Action Type Old Value New Value
Added Reference

								
							
							
						
https://security.gentoo.org/glsa/201508-01 [No Types Assigned]