Use-after-free vulnerability in the ByteArray class in the ActionScript 3 (AS3) implementation in Adobe Flash Player 13.x through 13.0.0.296 and 14.x through 18.0.0.194 on Windows and OS X and 11.x through 11.2.202.468 on Linux allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Flash content that overrides a valueOf function, as exploited in the wild in July 2015.
| Capability ID | Capability Description | Mapping Type | ATT&CK ID | ATT&CK Name | Notes |
|---|---|---|---|---|---|
| CVE-2015-5119 | Adobe Flash Player Use-After-Free Vulnerability | secondary_impact | T1071.001 | Web Protocols |
Comments
To exploit this vulnerability, adversaries sent spearphishing emails with URLs to webpages with maliciously crafted javascript. The adversaries then download a payload.
References
|
| CVE-2015-5119 | Adobe Flash Player Use-After-Free Vulnerability | secondary_impact | T1055.001 | Dynamic-link Library Injection |
Comments
This vulnerability has been exploited in the wild by multiple different threat actors. Threat groups send phishing emails with URLs where maliciously-crafted javascript is hosted. This CVE has many mappable exploitation techniques and impacts.
These adversaries using this exploit to deliver malicious payloads to the target machines establish DLL backdoors.
References
|
| CVE-2015-5119 | Adobe Flash Player Use-After-Free Vulnerability | primary_impact | T1105 | Ingress Tool Transfer |
Comments
To exploit this vulnerability, adversaries sent spearphishing emails with URLs to webpages with maliciously crafted javascript. The adversaries then download a payload.
References
|
| CVE-2015-5119 | Adobe Flash Player Use-After-Free Vulnerability | exploitation_technique | T1203 | Exploitation for Client Execution |
Comments
This vulnerability has been exploited in the wild by multiple different threat actors. Threat groups send phishing emails with URLs where maliciously-crafted javascript is hosted. This CVE has many mappable exploitation techniques and impacts.
These adversaries using this exploit to deliver malicious payloads to the target machines establish DLL backdoors.
References
|
| CVE-2015-5119 | Adobe Flash Player Use-After-Free Vulnerability | exploitation_technique | T1204.001 | Malicious Link |
Comments
To exploit this vulnerability, adversaries sent spearphishing emails with URLs to webpages with maliciously crafted javascript. The adversaries then download a payload.
References
|
| CVE-2015-5119 | Adobe Flash Player Use-After-Free Vulnerability | exploitation_technique | T1059.007 | JavaScript |
Comments
To exploit this vulnerability, adversaries sent spearphishing emails with URLs to webpages with maliciously crafted javascript. The adversaries then download a payload.
References
|
| CVE-2015-5119 | Adobe Flash Player Use-After-Free Vulnerability | exploitation_technique | T1566.002 | Spearphishing Link |
Comments
To exploit this vulnerability, adversaries sent spearphishing emails with URLs to webpages with maliciously crafted javascript. The adversaries then download a payload.
References
|