CVE-2015-5122
Summary
| CVE | CVE-2015-5122 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2015-07-14 10:59:00 UTC |
| Updated | 2023-05-08 13:29:00 UTC |
| Description | Use-after-free vulnerability in the DisplayObject class in the ActionScript 3 (AS3) implementation in Adobe Flash Player 13.x through 13.0.0.302 on Windows and OS X, 14.x through 18.0.0.203 on Windows and OS X, 11.x through 11.2.202.481 on Linux, and 12.x through 18.0.0.204 on Linux Chrome installations allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Flash content that leverages improper handling of the opaqueBackground property, as exploited in the wild in July 2015. |
Risk And Classification
EPSS: 0.927800000 probability, percentile 0.997570000 (date 2026-04-01)
CISA KEV: Listed on 2022-04-13; due 2022-05-04; ransomware use Unknown
Problem Types: NVD-CWE-Other
CISA Known Exploited Vulnerability
| Vendor | Adobe |
|---|---|
| Product | Flash Player |
| Name | Adobe Flash Player Use-After-Free Vulnerability |
| Required Action | The impacted product is end-of-life and should be disconnected if still in use. |
| Notes | https://nvd.nist.gov/vuln/detail/CVE-2015-5122 |
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Adobe | Flash Player | All | All | All | All |
| Application | Adobe | Flash Player | All | All | All | All |
| Application | Adobe | Flash Player | All | All | All | All |
| Application | Adobe | Flash Player | All | All | All | All |
| Application | Adobe | Flash Player | All | All | All | All |
| Application | Adobe | Flash Player | All | All | All | All |
| Application | Adobe | Flash Player Desktop Runtime | All | All | All | All |
| Operating System | Apple | Macos | - | All | All | All |
| Operating System | Apple | Mac Os | - | All | All | All |
| Operating System | Apple | Mac Os | - | All | All | All |
| Operating System | Linux | Linux Kernel | - | All | All | All |
| Operating System | Linux | Linux Kernel | - | All | All | All |
| Operating System | Microsoft | Windows | - | All | All | All |
| Operating System | Microsoft | Windows | - | All | All | All |
| Operating System | Microsoft | Windows 8 | - | All | All | All |
| Operating System | Microsoft | Windows 8.0 | - | All | All | All |
| Operating System | Microsoft | Windows 8.0 | - | All | All | All |
| Operating System | Microsoft | Windows 8.1 | - | All | All | All |
| Operating System | Microsoft | Windows 8.1 | - | All | All | All |
| Operating System | Opensuse | Evergreen | 11.4 | All | All | All |
| Operating System | Opensuse | Evergreen | 11.4 | All | All | All |
| Operating System | Redhat | Enterprise Linux Desktop | 5.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux Desktop | 6.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux Desktop | 5.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux Desktop | 6.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server | 5.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server | 6.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server | 5.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server | 6.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server Eus | 6.6 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server Eus | 6.6 | All | All | All |
| Operating System | Redhat | Enterprise Linux Workstation | 5.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux Workstation | 6.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux Workstation | 5.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux Workstation | 6.0 | All | All | All |
| Operating System | Suse | Linux Enterprise Desktop | 11 | sp3 | All | All |
| Operating System | Suse | Linux Enterprise Desktop | 11 | sp4 | All | All |
| Operating System | Suse | Linux Enterprise Desktop | 12 | All | All | All |
| Operating System | Suse | Linux Enterprise Desktop | 11 | sp3 | All | All |
| Operating System | Suse | Linux Enterprise Desktop | 11 | sp4 | All | All |
| Operating System | Suse | Linux Enterprise Desktop | 12 | All | All | All |
| Operating System | Suse | Linux Enterprise Workstation Extension | 12 | All | All | All |
| Operating System | Suse | Linux Enterprise Workstation Extension | 12 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Adobe Flash Player Use-After-Free Memory Flaw Lets Remote Users Execute Arbitrary Code - SecurityTracker | SECTRACK | www.securitytracker.com | Third Party Advisory, VDB Entry |
| [security-announce] openSUSE-SU-2015:1267-1: critical: flash-player | SUSE | lists.opensuse.org | Mailing List, Third Party Advisory |
| Red Hat Customer Portal | REDHAT | rhn.redhat.com | Third Party Advisory |
| Page not found - Perception Point | MISC | perception-point.io | Third Party Advisory |
| [security-announce] SUSE-SU-2015:1258-1: critical: Security update for f | SUSE | lists.opensuse.org | Mailing List, Third Party Advisory |
| Adobe Flash opaqueBackground Use After Free - Exploits Database | EXPLOIT-DB | www.exploit-db.com | Third Party Advisory, VDB Entry |
| '[security bulletin] HPSBMU03409 rev.1 - HP Matrix Operating Environment, Multiple Vulnerabilities' - MARC | HP | marc.info | Mailing List, Third Party Advisory |
| Adobe Flash and Microsoft Windows Vulnerabilities | US-CERT | CERT | www.us-cert.gov | Third Party Advisory, US Government Resource |
| Gentoo Security | GENTOO | security.gentoo.org | Third Party Advisory |
| Adobe Security Bulletin | CONFIRM | helpx.adobe.com | Vendor Advisory |
| Document Display | HPE Support Center | CONFIRM | h20564.www2.hpe.com | Third Party Advisory |
| Adobe Security Bulletin | CONFIRM | helpx.adobe.com | Vendor Advisory |
| CVE-2015-5122 - Second Adobe Flash Zero-Day in HackingTeam Leak « Threat Research | FireEye Inc | MISC | www.fireeye.com | Third Party Advisory |
| Adobe Flash opaqueBackground Use After Free ≈ Packet Storm | MISC | packetstormsecurity.com | Third Party Advisory, VDB Entry |
| CVE-2015-5122 Adobe Flash opaqueBackground Use After Free | Rapid7 | MISC | www.rapid7.com | Third Party Advisory |
| Vulnerability Note VU#338736 - Adobe Flash ActionScript 3 opaqueBackground use-after-free vulnerability | CERT-VN | www.kb.cert.org | Third Party Advisory, US Government Resource |
| Adobe Flash Player CVE-2015-5122 Use After Free Remote Memory Corruption Vulnerability | BID | www.securityfocus.com | Third Party Advisory, VDB Entry |
| [security-announce] SUSE-SU-2015:1255-1: critical: Security update for f | SUSE | lists.opensuse.org | Mailing List, Third Party Advisory |
| Perception Point | Breaking CFI | MISC | perception-point.io | Third Party Advisory |
| HPSBHF03509 | HP | h20564.www2.hp.com | Third Party Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
| CISA Known Exploited Vulnerabilities catalog | CISA | www.cisa.gov | kev |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.