Oval Definition:	oval:org.cisecurity:def:465
Revision Date: 2016-05-27 Version: 42 Title: Use-after-free vulnerability in the DisplayObject class in the ActionScript 3 (AS3) implementation in Adobe Flash Player 13.x through 13.0.0.302 and 14.x through 18.0.0.203 - CVE-2015-5122 Description: Use-after-free vulnerability in the DisplayObject class in the ActionScript 3 (AS3) implementation in Adobe Flash Player 13.x through 13.0.0.302 on Windows and OS X, 14.x through 18.0.0.203 on Windows and OS X, 11.x through 11.2.202.481 on Linux, and 12.x through 18.0.0.204 on Linux Chrome installations allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Flash content that leverages improper handling of the opaqueBackground property, as exploited in the wild in July 2015. Family: windows Class: vulnerability Status: ACCEPTED Reference(s): CVE-2015-5122 Platform(s): Microsoft Windows 10 Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 Microsoft Windows Vista Microsoft Windows XP Product(s): ActiveX Control Adobe Flash Player Google Chrome Pepper Flash Definition Synopsis Check if Adobe Flash Player + vulnerable version Adobe Flash Player is installed AND Check if vulnerable version of Adobe Flash Player is installed Check if the Adobe Flash Player is less than 13.0.0.309 OR Adobe Flash Player 14 is installed OR Adobe Flash Player 15 is installed OR Adobe Flash Player 16 is installed OR Adobe Flash Player 17 is installed OR Vulnerable version of Adobe Flash Player 18 is installed Check if the Adobe Flash version is less than 18.0.0.209 AND Adobe Flash Player 18 is installed OR Google Check pepperflash version for Google Chrome Google Chrome is installed AND Check if the version of Pepper Flash Player for Google Chrome is less than 18.0.0.209 OR Check if the version of ActiveX Control is less than 18.0.0.209
BACK