Trusted Design

• 重大度: Unknown
• 公開日: 2015-07-14
• 更新日: 2025-11-17

概要

Use-after-free vulnerability in the DisplayObject class in the ActionScript 3 (AS3) implementation in Adobe Flash Player 13.x through 13.0.0.302 on Windows and OS X, 14.x through 18.0.0.203 on Windows and OS X, 11.x through 11.2.202.481 on Linux, and 12.x through 18.0.0.204 on Linux Chrome installations allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Flash content that leverages improper handling of the opaqueBackground property, as exploited in the wild in July 2015.

このCVEに関連するMITRE ATT&CKテクニック

• T1583.007 - Serverless
• T1171 - LLMNR/NBT-NS Poisoning and Relay
• T1003.002 - Security Account Manager
• T1583.002 - DNS Server
• T1192 - Spearphishing Link
• T1121 - Regsvcs/Regasm
• T1652 - Device Driver Discovery
• T1484.002 - Trust Modification
• T1586.001 - Social Media Accounts
• T1070.002 - Clear Linux or Mac System Logs
• T1598.003 - Spearphishing Link
• T1583.005 - Botnet
• T1608.001 - Upload Malware
• T1190 - Exploit Public-Facing Application
• T1558 - Steal or Forge Kerberos Tickets
• T1070.008 - Clear Mailbox Data
• T1050 - New Service
• T1518.002 - Backup Software Discovery
• T1218.003 - CMSTP
• T1525 - Implant Internal Image
• T1181 - Extra Window Memory Injection
• T1562.004 - Disable or Modify System Firewall
• T1145 - Private Keys
• T1155 - AppleScript
• T1563 - Remote Service Session Hijacking
• T1547.003 - Time Providers
• T1179 - Hooking
• T1042 - Change Default File Association
• T1177 - LSASS Driver
• T1055.013 - Process Doppelgänging
• T1016 - System Network Configuration Discovery
• T1546.008 - Accessibility Features
• T1204.005 - Malicious Library
• T1083 - File and Directory Discovery
• T1649 - Steal or Forge Authentication Certificates
• T1051 - Shared Webroot
• T1586 - Compromise Accounts
• T1218.005 - Mshta
• T1608 - Stage Capabilities
• T1608.005 - Link Target
• T1071.002 - File Transfer Protocols
• T1679 - Selective Exclusion
• T1534 - Internal Spearphishing
• T1584.006 - Web Services
• T1068 - Exploitation for Privilege Escalation
• T1187 - Forced Authentication
• T1486 - Data Encrypted for Impact
• T1587.004 - Exploits
• T1203 - Exploitation for Client Execution
• T1562.011 - Spoof Security Alerting
• T1137.004 - Outlook Home Page
• T1184 - SSH Hijacking
• T1027.004 - Compile After Delivery
• T1213.003 - Code Repositories
• T1565.002 - Transmitted Data Manipulation
• T1194 - Spearphishing via Service
• T1556.005 - Reversible Encryption
• T1546.016 - Installer Packages
• T1159 - Launch Agent
• T1564.005 - Hidden File System
• T1136 - Create Account
• T1018 - Remote System Discovery
• T1518 - Software Discovery
• T1538 - Cloud Service Dashboard
• T1055.008 - Ptrace System Calls
• T1653 - Power Settings
• T1596.005 - Scan Databases
• T1173 - Dynamic Data Exchange
• T1001.002 - Steganography
• T1204.001 - Malicious Link
• T1601.002 - Downgrade System Image
• T1127 - Trusted Developer Utilities Proxy Execution

このCVEが関連しているPulses

• CVE-2015-5122 Exploited in Strategic Web Compromise
• Watering Hole Attack on Aerospace Firm Exploits CVE-2015-5122
• An analysis of exploit supply chains and digital quartermasters

CVEの関係性グラフ

---

← CVE一覧に戻る