1. Home
  2. Mapping Frameworks
  3. Known Exploited Vulnerabilities Home
  4. Adobe Flash Player Heap-Based Buffer Overflow Vulnerability

Known Exploited Vulnerabilities CVE-2015-3113 Mappings

Heap-based buffer overflow in Adobe Flash Player before 13.0.0.296 and 14.x through 18.x before 18.0.0.194 on Windows and OS X and before 11.2.202.468 on Linux allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in June 2015.

Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name Notes
CVE-2015-3113 Adobe Flash Player Heap-Based Buffer Overflow Vulnerability secondary_impact T1622 Debugger Evasion
Comments
This heap-based buffer overflow vulnerability is exploited by having a user open a maliciously-crafted file. In the wild, this exploitation has been used in order to establish command and control (over HTTP) with a target system. The command and control functionality has also been seen to employ debugging/sandboxing evasion.
References
  1. https://unit42.paloaltonetworks.com/ups-observations-on-cve-2015-3113-prior-zero-days-and-the-pirpi-payload/
  2. https://www.trendmicro.com/vinfo/us/threat-encyclopedia/vulnerability/4208/adobe-flash-player-heap-buffer-overflow-vulnerability-cve-2015-3113
CVE-2015-3113 Adobe Flash Player Heap-Based Buffer Overflow Vulnerability secondary_impact T1497 Virtualization/Sandbox Evasion
Comments
This heap-based buffer overflow vulnerability is exploited by having a user open a maliciously-crafted file. In the wild, this exploitation has been used in order to establish command and control (over HTTP) with a target system. The command and control functionality has also been seen to employ debugging/sandboxing evasion.
References
  1. https://unit42.paloaltonetworks.com/ups-observations-on-cve-2015-3113-prior-zero-days-and-the-pirpi-payload/
  2. https://www.trendmicro.com/vinfo/us/threat-encyclopedia/vulnerability/4208/adobe-flash-player-heap-buffer-overflow-vulnerability-cve-2015-3113
CVE-2015-3113 Adobe Flash Player Heap-Based Buffer Overflow Vulnerability primary_impact T1071.001 Web Protocols
Comments
This heap-based buffer overflow vulnerability is exploited by having a user open a maliciously-crafted file. In the wild, this exploitation has been used in order to establish command and control (over HTTP) with a target system. The command and control functionality has also been seen to employ debugging/sandboxing evasion.
References
  1. https://unit42.paloaltonetworks.com/ups-observations-on-cve-2015-3113-prior-zero-days-and-the-pirpi-payload/
  2. https://www.trendmicro.com/vinfo/us/threat-encyclopedia/vulnerability/4208/adobe-flash-player-heap-buffer-overflow-vulnerability-cve-2015-3113
CVE-2015-3113 Adobe Flash Player Heap-Based Buffer Overflow Vulnerability exploitation_technique T1204.002 Malicious File
Comments
This heap-based buffer overflow vulnerability is exploited by having a user open a maliciously-crafted file. In the wild, this exploitation has been used in order to establish command and control (over HTTP) with a target system. The command and control functionality has also been seen to employ debugging/sandboxing evasion.
References
  1. https://unit42.paloaltonetworks.com/ups-observations-on-cve-2015-3113-prior-zero-days-and-the-pirpi-payload/
  2. https://www.trendmicro.com/vinfo/us/threat-encyclopedia/vulnerability/4208/adobe-flash-player-heap-buffer-overflow-vulnerability-cve-2015-3113