1. Home
  2. Mapping Frameworks
  3. Known Exploited Vulnerabilities Home
  4. Adobe Flash Player Use-After-Free Vulnerability

Known Exploited Vulnerabilities CVE-2015-5119

Use-after-free vulnerability in the ByteArray class in the ActionScript 3 (AS3) implementation in Adobe Flash Player 13.x through 13.0.0.296 and 14.x through 18.0.0.194 on Windows and OS X and 11.x through 11.2.202.468 on Linux allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Flash content that overrides a valueOf function, as exploited in the wild in July 2015.

Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name Notes
CVE-2015-5119 Adobe Flash Player Use-After-Free Vulnerability secondary_impact T1071.001 Web Protocols
Comments
To exploit this vulnerability, adversaries sent spearphishing emails with URLs to webpages with maliciously crafted javascript. The adversaries then download a payload.
References
  1. https://cloud.google.com/blog/topics/threat-intelligence/demonstrating-hustle/
CVE-2015-5119 Adobe Flash Player Use-After-Free Vulnerability secondary_impact T1055.001 Dynamic-link Library Injection
Comments
This vulnerability has been exploited in the wild by multiple different threat actors. Threat groups send phishing emails with URLs where maliciously-crafted javascript is hosted. This CVE has many mappable exploitation techniques and impacts. These adversaries using this exploit to deliver malicious payloads to the target machines establish DLL backdoors.
References
  1. https://cloud.google.com/blog/topics/threat-intelligence/demonstrating-hustle/
CVE-2015-5119 Adobe Flash Player Use-After-Free Vulnerability primary_impact T1105 Ingress Tool Transfer
Comments
To exploit this vulnerability, adversaries sent spearphishing emails with URLs to webpages with maliciously crafted javascript. The adversaries then download a payload.
References
  1. https://cloud.google.com/blog/topics/threat-intelligence/demonstrating-hustle/
CVE-2015-5119 Adobe Flash Player Use-After-Free Vulnerability exploitation_technique T1203 Exploitation for Client Execution
Comments
This vulnerability has been exploited in the wild by multiple different threat actors. Threat groups send phishing emails with URLs where maliciously-crafted javascript is hosted. This CVE has many mappable exploitation techniques and impacts. These adversaries using this exploit to deliver malicious payloads to the target machines establish DLL backdoors.
References
  1. https://cloud.google.com/blog/topics/threat-intelligence/demonstrating-hustle/
CVE-2015-5119 Adobe Flash Player Use-After-Free Vulnerability exploitation_technique T1204.001 Malicious Link
Comments
To exploit this vulnerability, adversaries sent spearphishing emails with URLs to webpages with maliciously crafted javascript. The adversaries then download a payload.
References
  1. https://cloud.google.com/blog/topics/threat-intelligence/demonstrating-hustle/
CVE-2015-5119 Adobe Flash Player Use-After-Free Vulnerability exploitation_technique T1059.007 JavaScript
Comments
To exploit this vulnerability, adversaries sent spearphishing emails with URLs to webpages with maliciously crafted javascript. The adversaries then download a payload.
References
  1. https://cloud.google.com/blog/topics/threat-intelligence/demonstrating-hustle/
CVE-2015-5119 Adobe Flash Player Use-After-Free Vulnerability exploitation_technique T1566.002 Spearphishing Link
Comments
To exploit this vulnerability, adversaries sent spearphishing emails with URLs to webpages with maliciously crafted javascript. The adversaries then download a payload.
References
  1. https://cloud.google.com/blog/topics/threat-intelligence/demonstrating-hustle/