Oval Definition:oval:org.cisecurity:def:458
Revision Date:2016-06-09Version:44
Title:Use-after-free vulnerability in the BitmapData class in the ActionScript 3 (AS3) implementation in Adobe Flash Player 13.x through 13.0.0.302 on Windows (CVE-2015-5123)
Description:Use-after-free vulnerability in the BitmapData class in the ActionScript 3 (AS3) implementation in Adobe Flash Player 13.x through 13.0.0.302 on Windows and OS X, 14.x through 18.0.0.203 on Windows and OS X, 11.x through 11.2.202.481 on Linux, and 12.x through 18.0.0.204 on Linux Chrome installations allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Flash content that overrides a ValueOf function, as exploited in the wild in July 2015.
Family:windowsClass:vulnerability
Status:ACCEPTEDReference(s):CVE-2015-5123
Platform(s):Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows 8.1
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Microsoft Windows Vista
Microsoft Windows XP
Product(s):ActiveX Control
Adobe Flash Player
Pepper Flash
Definition Synopsis
  • Adobe Flash Player is installed + version (ESR)
  • Adobe Flash Player is installed
  • AND Check if Adobe Flash Player version is less than or equal to 13.0.0.302
  • OR Adobe Flash Player is installed + version
  • Adobe Flash Player is installed
  • AND Check for Adobe Flash Player version
  • Check if Adobe Flash Player version is less than or equal to 18.0.0.203
  • AND Check if Adobe Flash Player version is greater than or equal to 14.0.0.0
  • OR Pepper Flash for Google Chrome version
  • Google Chrome is installed
  • AND Check if Pepper Flash for Google Chrome version is less than or equal 18.0.0.203
  • OR ActiveX Control is installed + Flash*.ocx version
  • ActiveX Control is installed
  • AND Check for Flash*.ocx file version
  • Check for file version
  • Check if Flash*.ocx version is less than or equal to 13.0.0.302
  • AND Check if Flash*.ocx version is greater than or equal to 13.0.0.0
  • OR Check for file version
  • Check if Flash*.ocx version is less than or equal to to 18.0.0.203
  • AND Check if Flash*.ocx version is greater than or equal to 14.0.0.0
    • BACK