| Revision Date: | 2016-05-27 | Version: | 42 |
| Title: | Use-after-free vulnerability in the DisplayObject class in the ActionScript 3 (AS3) implementation in Adobe Flash Player 13.x through 13.0.0.302 and 14.x through 18.0.0.203 - CVE-2015-5122 |
| Description: | Use-after-free vulnerability in the DisplayObject class in the ActionScript 3 (AS3) implementation in Adobe Flash Player 13.x through 13.0.0.302 on Windows and OS X, 14.x through 18.0.0.203 on Windows and OS X, 11.x through 11.2.202.481 on Linux, and 12.x through 18.0.0.204 on Linux Chrome installations allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Flash content that leverages improper handling of the opaqueBackground property, as exploited in the wild in July 2015. |
| Family: | windows | Class: | vulnerability |
| Status: | ACCEPTED | Reference(s): | CVE-2015-5122
|
| Platform(s): | Microsoft Windows 10
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows 8.1
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
Microsoft Windows Vista
Microsoft Windows XP
| Product(s): | ActiveX Control
Adobe Flash Player
Google Chrome
Pepper Flash
|
| Definition Synopsis |
| Check if Adobe Flash Player + vulnerable version Adobe Flash Player is installed
AND Check if vulnerable version of Adobe Flash Player is installed
Check if the Adobe Flash Player is less than 13.0.0.309
OR Adobe Flash Player 14 is installed
OR Adobe Flash Player 15 is installed
OR Adobe Flash Player 16 is installed
OR Adobe Flash Player 17 is installed
OR Vulnerable version of Adobe Flash Player 18 is installed
Check if the Adobe Flash version is less than 18.0.0.209
AND Adobe Flash Player 18 is installed
OR Google Check pepperflash version for Google Chrome
Google Chrome is installed
AND Check if the version of Pepper Flash Player for Google Chrome is less than 18.0.0.209
OR Check if the version of ActiveX Control is less than 18.0.0.209
|