vendor:
Flash Player
by:
Google Security Research
7.5
CVSS
HIGH
Use after free
416
CWE
Product Name: Flash Player
Affected Version From: Flash 17.0.0.169
Affected Version To: Unknown
Patch Exists: YES
Related CWE: CVE-2015-3090
CPE: a:adobe:flash_player:17.0.0.169
Metasploit:
https://www.rapid7.com/db/vulnerabilities/gentoo-linux-cve-2015-3093/, https://www.rapid7.com/db/vulnerabilities/suse-cve-2015-3078/, https://www.rapid7.com/db/vulnerabilities/suse-cve-2015-3089/, https://www.rapid7.com/db/vulnerabilities/suse-cve-2015-3093/, https://www.rapid7.com/db/vulnerabilities/adobe-air-cve-2015-3078/, https://www.rapid7.com/db/vulnerabilities/adobe-air-cve-2015-3090/, https://www.rapid7.com/db/vulnerabilities/adobe-air-cve-2015-3093/, https://www.rapid7.com/db/vulnerabilities/linuxrpm-RHSA-2015-1005/, https://www.rapid7.com/db/vulnerabilities/adobe-air-cve-2015-3089/, https://www.rapid7.com/db/vulnerabilities/suse-cve-2015-3090/, https://www.rapid7.com/db/vulnerabilities/gentoo-linux-cve-2015-3078/, https://www.rapid7.com/db/vulnerabilities/gentoo-linux-cve-2015-3089/, https://www.rapid7.com/db/vulnerabilities/gentoo-linux-cve-2015-3090/, https://www.rapid7.com/db/vulnerabilities/freebsd-vid-e206df57-f97b-11e4-b799-c485083ca99c/, https://www.rapid7.com/db/vulnerabilities/adobe-flash-apsb15-09-cve-2015-3078/, https://www.rapid7.com/db/vulnerabilities/adobe-flash-apsb15-09-cve-2015-3089/, https://www.rapid7.com/db/vulnerabilities/adobe-flash-apsb15-09-cve-2015-3090/, https://www.rapid7.com/db/vulnerabilities/adobe-flash-apsb15-09-cve-2015-3093/
Platforms Tested: Windows 7 SP1
2015
Use after free vulnerability in Adobe Flash Player
When setting the scrollRect attribute of a MovieClip in AS2 with a custom Rectangle, it is possible to free the MovieClip while a reference remains in the stack. This can be exploited by creating a TextField with the same depth as the targeted MovieClip, leading to a use after free vulnerability and potentially causing Flash to crash.
Mitigation:
Update to the latest version of Adobe Flash Player.