CVE-2015-5123: Use-after-free vulnerability in the BitmapData class in the ActionScript 3 (AS3) implementation in Adobe Flash Player 13.x through 13.0.0.302 on Windows and OS…

CVE-2015-5123 [CRITICAL] Adobe Flash Player 18.0.0.203/18.0.0.204 ActionScript 3 BitmapData use after free (APSA15-04 / VU#918568) A vulnerability categorized as critical has been discovered in Adobe Flash Player 18.0.0.203/18.0.0.204. This vulnerability affects the function BitmapData of the component ActionScript 3. Executing a manipulation can lead to use after free. This vulnerability is registered as CVE-2015-5123. It is possible to launch the attack remotely. Furthermore, an exploit is available. It is advisable to upgrade the affected component.

CVE-2015-5123 [HIGH] CWE-416 GHSA-6hpg-rw47-66vr: Use-after-free vulnerability in the BitmapData class in the ActionScript 3 (AS3) implementation in Adobe Flash Player 13 Use-after-free vulnerability in the BitmapData class in the ActionScript 3 (AS3) implementation in Adobe Flash Player 13.x through 13.0.0.302 on Windows and OS X, 14.x through 18.0.0.203 on Windows and OS X, 11.x through 11.2.202.481 on Linux, and 12.x through 18.0.0.204 on Linux Chrome installations allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Flash content that overrides a valueOf function, as exploited in the wild in July 2015.

CVE-2013-0765 [CRITICAL] Attacking ECMAScript Engines with Redefinition - Project Zero Posted by Natalie Silvanovich = function () { return n; } ECMAScript has a property where almost all functions and variables can be dynamically redefined. This can lead to vulnerabilities in situations where native code assumes a function or variable behaves a certain way when accessed or does not have certain side effects when it can in fact be redefined. Project Zero has discovered 24 vulnerabilities involving ECMAScript redefinition in Adobe Flash in the past few months and similar issues have also been discovered in the wild. This post describes how this class of bugs works, alongside some examples of interesting bugs that have been recently patched. ECMAScript Redefinition Being a dynamically typed language, ECMAScript allows all functions to be redefined. For example, the JavaSc

CVE-2015-5123 [CRITICAL] CVE-2015-5123: Use-after-free vulnerability in the BitmapData class in the ActionScript 3 (AS3) implementation in Adobe Flash Player 13 Use-after-free vulnerability in the BitmapData class in the ActionScript 3 (AS3) implementation in Adobe Flash Player 13.x through 13.0.0.302 on Windows and OS X, 14.x through 18.0.0.203 on Windows and OS X, 11.x through 11.2.202.481 on Linux, and 12.x through 18.0.0.204 on Linux Chrome installations allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Flash content that overrides a valueOf function, as exploited in the wild in July 2015.

CVE-2015-5123 [CRITICAL] CWE-416 Adobe Flash Player Use-After-Free Vulnerability Adobe Flash Player Use-After-Free Vulnerability Use-after-free vulnerability in the BitmapData class in the ActionScript 3 (AS3) implementation in Adobe Flash Player allows remote attackers to execute code or cause a denial-of-service (DoS). Affected: Adobe Flash Player Required Action: The impacted product is end-of-life and should be disconnected if still in use. Exploitation References: https://docs.google.com/spreadsheets/d/1lkNJ0uQwbeC1ZTRrxdtuPLCIl7mlUreoKfSIgajnSyY/edit; https://www.cve.org/CVERecord?id=CVE-2015-5123; https://resources.infosecinstitute.com/topic/the-hacking-team-hack-when-hackers-have-become-the-target/; https://www.trendmicro.com/en_us/research/15/g/hacking-team-leak-uncovers-another-windows-zero-day-ms-releases-patch.html; https://www.scribd.com/document/51674

CVE-2015-5123 [CRITICAL] CWE-416 Adobe Flash Player Use-After-Free Vulnerability Vulnerability: Adobe Flash Player Use-After-Free Vulnerability Affected: Adobe Flash Player Use-after-free vulnerability in the BitmapData class in the ActionScript 3 (AS3) implementation in Adobe Flash Player allows remote attackers to execute code or cause a denial-of-service (DoS). Required Action: The impacted product is end-of-life and should be disconnected if still in use. Notes: https://nvd.nist.gov/vuln/detail/CVE-2015-5123 Remediation Due Date: 2022-05-04

CVE-2015-5123 [CRITICAL] flash-plugin: two code execution issues in APSA15-04 / APSB15-18 flash-plugin: two code execution issues in APSA15-04 / APSB15-18 Use-after-free vulnerability in the BitmapData class in the ActionScript 3 (AS3) implementation in Adobe Flash Player 13.x through 13.0.0.302 on Windows and OS X, 14.x through 18.0.0.203 on Windows and OS X, 11.x through 11.2.202.481 on Linux, and 12.x through 18.0.0.204 on Linux Chrome installations allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Flash content that overrides a valueOf function, as exploited in the wild in July 2015.

CVE-2015-5123 [CRITICAL] Third Hacking Team Flash Zero-Day Found For the third time in a week, researchers have discovered a zero-day vulnerability in Adobe’s Flash Player browser plugin. Like the previous two discoveries, this one came to light only after hackers dumped online huge troves of documents stolen from Hacking Team — an Italian security firm that sells software exploits to governments around the world. News of the latest Flash flaw comes from Trend Micro, which said it reported the bug (CVE-2015-5123) to Adobe’s Security Team. Adobe confirmed that it is working on a patch for the two outstanding zero-day vulnerabilities exposed in the Hacking Team breach. We are likely to continue to see additional Flash zero day bugs surface as a result of this breach. Instead of waiting for Adobe to fix yet another flaw in Flash, please consider removing

[CRITICAL] Hacking Team Leak, Flash 0day, Exploit Payloads | Zscaler Provide users with seamless, secure, reliable access to applications and data. Build and run secure cloud apps, enable zero trust cloud connectivity, and protect workloads from data center to cloud. Provide zero trust connectivity for IoT and OT devices and secure remote access to OT systems. Provide zero trust site-to-site connectivity and reliable access to B2B apps for partners. Industry Report Zscaler: A Leader in the 2025 Gartner® Magic Quadrant™ for Security Service Edge (SSE) USE CASES INDUSTRY & MARKET SOLUTIONS PARTNERS TECHNOLOGY PARTNERS Resource Center Events & Trainings Security Research & Services Tools Community & Support CXO REVOLUTIONARIES Amplifying the voices of real-world digital and zero trust pioneers Discover how it began and where it’s going Meet o

CVE-2015-5123 [CRITICAL] Update5 - HackingTeam 0-day for Flash | Qualys Update5: Adobe has added a second vulnerability to APSA15-04, CVE-2015-5123, which TrendMicro has found. PoC code is available but not integrated into ExploitKits yet. Update4: Adobe has acknowledged in APSA15-04 another 0-day for Flash originating in the data dump from HackingTeam. Security researcher Webdevil documents his finding in a tweet. Adobe credits Dhanesh Kizhakkian from FireEye who documented the PoC found in the datadump and notified Adobe (first?). Adobe expects to address the vulnerability next week (during normal Patch Tuesday maybe?). According to @Kafeine the vulnerability is already in use in the Angler Exploit Kit. Update3: Adobe has released the patch for the HackingTeam 0-day, CVE-2015-5119. Beyond that vulnerability the update APSB15-16 also addresses 42 other vuln

CVE-2015-5123 [CRITICAL] Update5 - HackingTeam 0-day for Flash | Qualys Update5: Adobe has added a second vulnerability to APSA15-04 , CVE-2015-5123, which TrendMicro has found. PoC code is available but not integrated into ExploitKits yet. Update4: Adobe has acknowledged in APSA15-04 another 0-day for Flash originating in the data dump from HackingTeam. Security researcher Webdevil documents his finding in a tweet . Adobe credits Dhanesh Kizhakkian from FireEye who documented the PoC found in the datadump and notified Adobe (first?). Adobe expects to address the vulnerability next week (during normal Patch Tuesday maybe?). According to @Kafeine the vulnerability is already in use in the Angler Exploit Kit. Update3: Adobe has released the patch for the HackingTeam 0-day, CVE-2015-5119. Beyond that vulnerability the update APSB15-16 also addresses 42 other vu

CVE-2015-5123 [CRITICAL] Third Hacking Team Flash Zero-Day Found – Krebs on Security For the third time in a week, researchers have discovered a zero-day vulnerability in Adobe’s Flash Player browser plugin. Like the previous two discoveries, this one came to light only after hackers dumped online huge troves of documents stolen from Hacking Team — an Italian security firm that sells software exploits to governments around the world. News of the latest Flash flaw comes from Trend Micro , which said it reported the bug ( CVE-2015-5123 ) to Adobe’s Security Team. Adobe confirmed that it is working on a patch for the two outstanding zero-day vulnerabilities exposed in the Hacking Team breach. We are likely to continue to see additional Flash zero day bugs surface as a result of this breach. Instead of waiting for Adobe to fix yet another flaw in Flash, please consider remov

Analyzing Attack Vector Trends by Industry, Country, and More # Analyzing Attack Vector Trends by Industry, Country, and More Cyber security professionals are flooded with issues requiring their attention. Identifying the most significant risks can be challenging, which makes choosing where to allocate resources even more difficult. This applies to both short term tactical decisions (e.g., Which vulnerabilities do I prioritize this week?) and longer term strategic decisions (e.g., Where do I invest in technology?) for the organization. Recorded Future provides real-time situational awareness of trending information security topics to support those critical choices. This is done by analyzing millions of documents from the Web daily. The unstructured text from security blogs, threat researchers, mainstream media, and much more is mined and given stru

Analyzing Attack Vector Trends by Industry, Country, and More ## Analyzing Attack Vector Trends by Industry, Country, and More Cyber security professionals are flooded with issues requiring their attention. Identifying the most significant risks can be challenging, which makes choosing where to allocate resources even more difficult. This applies to both short term tactical decisions (e.g., Which vulnerabilities do I prioritize this week?) and longer term strategic decisions (e.g., Where do I invest in technology?) for the organization. Recorded Future provides real-time situational awareness of trending information security topics to support those critical choices. This is done by analyzing millions of documents from the Web daily. The unstructured text from security blogs, threat researchers, mainstream media, and much more is mined and given str

Zscaler discovers Flash Player Vulnerabilities | 07-21-2015 Provide users with seamless, secure, reliable access to applications and data. Build and run secure cloud apps, enable zero trust cloud connectivity, and protect workloads from data center to cloud. Provide zero trust connectivity for IoT and OT devices and secure remote access to OT systems. Provide zero trust site-to-site connectivity and reliable access to B2B apps for partners. Industry Report Zscaler: A Leader in the 2025 Gartner® Magic Quadrant™ for Security Service Edge (SSE) USE CASES INDUSTRY & MARKET SOLUTIONS PARTNERS TECHNOLOGY PARTNERS Resource Center Events & Trainings Security Research & Services Tools Community & Support CXO REVOLUTIONARIES Amplifying the voices of real-world digital and zero trust pioneers Discover how it began and where it’s going Meet o

CVE-2026-20929 [HIGH] Falcon Zero-Day Flash Detection STARDUST CHOLLIMA Likely Compromises Axios npm Package Apr 01, 2026 Falcon for IT Supports Windows Secure Boot Certificate Lifecycle Management Apr 01, 2026 Detecting CVE-2026-20929: Kerberos Authentication Relay via CNAME Abuse Mar 31, 2026 How Charlotte AI AgentWorks Fuels Security's Agentic Ecosystem Mar 25, 2026 STARDUST CHOLLIMA Likely Compromises Axios npm Package Apr 01, 2026 Falcon for IT Supports Windows Secure Boot Certificate Lifecycle Management Apr 01, 2026 Detecting CVE-2026-20929: Kerberos Authentication Relay via CNAME Abuse Mar 31, 2026 How Charlotte AI AgentWorks Fuels Security's Agentic Ecosystem Mar 25, 2026 Video Highlights the 4 Key Steps to Successful Incident Response Dec 02, 2019 Helping Non-Security Stakeholders Understand ATT&CK in 10 Minutes or Less [VI

CVE-2015-5122 [CRITICAL] CVE-2015-5122 CVE-2015-5123 flash-plugin: two code execution issues in APSA15-04 / APSB15-18 CVE-2015-5122 CVE-2015-5123 flash-plugin: two code execution issues in APSA15-04 / APSB15-18 Adobe Security Advisory APSA15-04 for Adobe Flash Player documents two flaws that can possibly lead to arbitrary code execution when Flash Player is used to play a specially crafted SWF file. Quoting from the APSA15-04: Critical vulnerabilities (CVE-2015-5122, CVE-2015-5123) have been identified in Adobe Flash Player 18.0.0.204 and earlier versions for Windows, Macintosh and Linux. Successful exploitation could cause a crash and potentially allow an attacker to take control of the affected system. Adobe is aware of reports that exploits targeting these vulnerabilities have been published publicly. Adobe expects to make updates available during the week of July 12, 2015. https://helpx.adobe.com