Lucene search
BiloulehibouH1:47232HistoryFeb 09, 2015 - 6:44 p.m.
Internet Bug Bounty: Use after free during the StageVideoAvailabilityEvent can result in arbitrary code execution
2015-02-0918:44:09
biloulehibou
hackerone.com
28
0.043 Low
EPSS
Percentile
92.3%
An attacker can register the StageVideoAvailabilityEvent and have the SWF movie reloaded at the same time with LoadMovie. During this process, an object may be freed allowing the attacker to take control of the code flow.
Identified as CVE-2015-0315, and reported to Adobe via Chrome VRP:
https://helpx.adobe.com/security/products/flash-player/apsb15-04.html
Original report with an exploit for Chrome:
https://code.google.com/p/chromium/issues/detail?id=429276
Related
checkpoint_advisories
checkpoint_advisories
Adobe Flash Use After Free Code Execution (APSB15-04: CVE-2015-0315)
2015-02-15 00:00:00
ubuntucve
ubuntucve
nvd
nvd
cve
cve
prion
prion
Design/Logic Flaw
2015-02-06 00:59:00
Design/Logic Flaw
2015-02-06 00:59:00
Design/Logic Flaw
2015-02-02 19:59:00
cvelist
cvelist
attackerkb
attackerkb
nessus
nessus
suse
suse
update for flash-player (critical)
2015-02-07 14:04:53
Security update for flash-player, flash-player-gnome, flash-player-kde4 (critical)
2015-02-07 19:07:55
Security update for flash-player (critical)
2015-02-07 10:04:51
mageia
mageia
Updated flash-player-plugin packages fix security vulnerabilities
2015-02-06 19:51:41
redhat
redhat
(RHSA-2015:0140) Critical: flash-plugin security update
2015-02-06 00:00:00
openvas
openvas
SUSE: Security Advisory for flash-player (SUSE-SU-2015:0236-1)
2015-10-16 00:00:00
SUSE: Security Advisory for flash-player (SUSE-SU-2015:0239-1)
2015-10-16 00:00:00
Mageia: Security Advisory (MGASA-2015-0054)
2022-01-28 00:00:00
archlinux
archlinux
flashplugin: remote code execution
2015-02-06 00:00:00
altlinux
altlinux
gentoo
gentoo
Adobe Flash Player: Multiple vulnerabilities
2015-02-06 00:00:00