vendor:
Flash Player
by:
bilou, Unknown, hdarwin, juan vazquez
7.5
CVSS
HIGH
Use-After-Free
416
CWE
Product Name: Flash Player
Affected Version From: Flash 17.0.0.0
Affected Version To: Flash 17.0.0.134
Patch Exists: YES
Related CWE: CVE-2015-0359
CPE: a:adobe:flash_player
Metasploit:
https://www.rapid7.com/db/vulnerabilities/suse-cve-2015-0359/, https://www.rapid7.com/db/vulnerabilities/adobe-air-cve-2015-0359/, https://www.rapid7.com/db/vulnerabilities/linuxrpm-RHSA-2015-0813/, https://www.rapid7.com/db/vulnerabilities/adobe-air-cve-2015-0346/, https://www.rapid7.com/db/vulnerabilities/suse-cve-2015-0346/, https://www.rapid7.com/db/vulnerabilities/gentoo-linux-cve-2015-0346/, https://www.rapid7.com/db/vulnerabilities/gentoo-linux-cve-2015-0359/, https://www.rapid7.com/db/vulnerabilities/adobe-flash-apsb15-06-cve-2015-0346/, https://www.rapid7.com/db/vulnerabilities/adobe-flash-apsb15-06-cve-2015-0359/
Platforms Tested: Windows 7 SP1 (32-bit), IE 8 and IE11
2015
Adobe Flash Player domainMemory ByteArray Use After Free
This module exploits a use-after-free vulnerability in Adobe Flash Player. The vulnerability occurs when the ByteArray assigned to the current ApplicationDomain is freed from an ActionScript worker, when forcing a reallocation by copying more contents than the original capacity, but Flash forgets to update the domainMemory pointer, leading to a use-after-free situation when the main worker references the domainMemory again. This module has been tested successfully on Windows 7 SP1 (32-bit), IE 8 and IE11 with Flash 17.0.0.134.
Mitigation:
Apply the latest security updates from Adobe