CVE-2015-5123

Name of the Vulnerable Software and Affected Versions Adobe Flash Player versions 11.x through 11.2.202.481 Adobe Flash Player versions 12.x through 18.0.0.204 Adobe Flash Player versions 13.x through 13.0.0.302 Adobe Flash Player versions 14.x through 18.0.0.203

Description The issue is related to a use-after-free vulnerability in the BitmapData class in the ActionScript 3 implementation. This vulnerability can be exploited by remote attackers to execute arbitrary code or cause a denial of service via crafted Flash content that overrides a valueOf function. The vulnerability was exploited in the wild in July 2015.

Recommendations For Adobe Flash Player versions 11.x through 11.2.202.481, update to a version that contains a fix for this issue. For Adobe Flash Player versions 12.x through 18.0.0.204, update to a version that contains a fix for this issue. For Adobe Flash Player versions 13.x through 13.0.0.302, update to a version that contains a fix for this issue. For Adobe Flash Player versions 14.x through 18.0.0.203, update to a version that contains a fix for this issue. As a temporary workaround, consider disabling the use of crafted Flash content that overrides the valueOf function until a patch is available.