CVE-2015-5122

Name of the Vulnerable Software and Affected Versions Adobe Flash Player versions 11.x through 11.2.202.481 Adobe Flash Player versions 12.x through 18.0.0.204 Adobe Flash Player versions 13.x through 13.0.0.302 Adobe Flash Player versions 14.x through 18.0.0.203

Description The issue is related to a use-after-free vulnerability in the DisplayObject class in the ActionScript 3 implementation. This vulnerability allows remote attackers to execute arbitrary code or cause a denial of service via crafted Flash content that leverages improper handling of the opaqueBackground property. The vulnerability has been exploited in the wild.

Recommendations For Adobe Flash Player versions 11.x through 11.2.202.481, update to a version later than 11.2.202.481 to resolve the issue. For Adobe Flash Player versions 12.x through 18.0.0.204, update to a version later than 18.0.0.204 to resolve the issue. For Adobe Flash Player versions 13.x through 13.0.0.302, update to a version later than 13.0.0.302 to resolve the issue. For Adobe Flash Player versions 14.x through 18.0.0.203, update to a version later than 18.0.0.203 to resolve the issue. As a temporary workaround, consider disabling the use of crafted Flash content that leverages the opaqueBackground property until a patch is available.