FILE-FLASH Adobe Flash Player Selection.SetSelection use-after-free attempt
This event is generated when, an attempt to exploit Adobe Flash Player using memory already released, is detected.
Attempted User Privilege Gain
CVSS base score 10.0
CVSS impact score 10.0
CVSS exploitability score 10.0
Confidentiality Impact COMPLETE
Integrity Impact COMPLETE
Availability Impact COMPLETE
This crafted SWF file exploits a remote code execution vulnerability in Adobe Flash Player. The vulnerability is due to a Use-After-Free in the Selection.SetSelection function. An attacker can entice a target to open a specially crafted flash file to trigger the vulnerability. Successful exploitation may result in execution of arbitrary code or abnormal termination of the flash process.
CVE-2015-8413: Use-after-free vulnerability in Adobe Flash Player before 220.127.116.118 and 19.x and 20.x before 18.104.22.168 on Windows and OS X and before 22.214.171.1244 on Linux, Adobe AIR before 126.96.36.199, Adobe AIR SDK before 188.8.131.52, and Adobe AIR SDK & Compiler before 184.108.40.206 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-8048, CVE-2015-8049, CVE-2015-8050, CVE-2015-8055, CVE-2015-8056, CVE-2015-8057, CVE-2015-8058, CVE-2015-8059, CVE-2015-8061, CVE-2015-8062, CVE-2015-8063, CVE-2015-8064, CVE-2015-8065, CVE-2015-8066, CVE-2015-8067, CVE-2015-8068, CVE-2015-8069, CVE-2015-8070, CVE-2015-8071, CVE-2015-8401, CVE-2015-8402, CVE-2015-8403, CVE-2015-8404, CVE-2015-8405, CVE-2015-8406, CVE-2015-8410, CVE-2015-8411, CVE-2015-8412, CVE-2015-8414, CVE-2015-8420, CVE-2015-8421, CVE-2015-8422, CVE-2015-8423, CVE-2015-8424, CVE-2015-8425, CVE-2015-8426, CVE-2015-8427, CVE-2015-8428, CVE-2015-8429, CVE-2015-8430, CVE-2015-8431, CVE-2015-8432, CVE-2015-8433, CVE-2015-8434, CVE-2015-8435, CVE-2015-8436, CVE-2015-8437, CVE-2015-8441, CVE-2015-8442, CVE-2015-8447, CVE-2015-8448, CVE-2015-8449, CVE-2015-8450, CVE-2015-8452, and CVE-2015-8454.
- adobe air 220.127.116.11
- adobe air_sdk 18.104.22.168
- adobe airsdk&_compiler 22.214.171.124
- adobe flash_player 126.96.36.1998
- adobe flash_player 188.8.131.521
- adobe flash_player 184.108.40.206
- adobe flash_player 220.127.116.11
- adobe flash_player 18.104.22.168
- adobe flash_player 22.214.171.124
Ease of attack
Upgrade to Adobe Flash Player 126.96.36.1998 or 20.0.0 to address the vulnerability
- Cisco's Talos Intelligence Group