FILE-FLASH Adobe Flash Player Selection.SetSelection use-after-free attempt
This event is generated when, an attempt to exploit Adobe Flash Player using memory already released, is detected.
Attempted User Privilege Gain
CVSS base score 10.0
CVSS impact score 10.0
CVSS exploitability score 10.0
Confidentiality Impact COMPLETE
Integrity Impact COMPLETE
Availability Impact COMPLETE
This crafted SWF file exploits a remote code execution vulnerability in Adobe Flash Player. The vulnerability is due to a Use-After-Free in the Selection.SetSelection function. An attacker can entice a target to open a specially crafted flash file to trigger the vulnerability. Successful exploitation may result in execution of arbitrary code or abnormal termination of the flash process.
CVE-2015-8413: Use-after-free vulnerability in Adobe Flash Player before 18.104.22.1688 and 19.x and 20.x before 22.214.171.124 on Windows and OS X and before 126.96.36.1994 on Linux, Adobe AIR before 188.8.131.52, Adobe AIR SDK before 184.108.40.206, and Adobe AIR SDK & Compiler before 220.127.116.11 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-8048, CVE-2015-8049, CVE-2015-8050, CVE-2015-8055, CVE-2015-8056, CVE-2015-8057, CVE-2015-8058, CVE-2015-8059, CVE-2015-8061, CVE-2015-8062, CVE-2015-8063, CVE-2015-8064, CVE-2015-8065, CVE-2015-8066, CVE-2015-8067, CVE-2015-8068, CVE-2015-8069, CVE-2015-8070, CVE-2015-8071, CVE-2015-8401, CVE-2015-8402, CVE-2015-8403, CVE-2015-8404, CVE-2015-8405, CVE-2015-8406, CVE-2015-8410, CVE-2015-8411, CVE-2015-8412, CVE-2015-8414, CVE-2015-8420, CVE-2015-8421, CVE-2015-8422, CVE-2015-8423, CVE-2015-8424, CVE-2015-8425, CVE-2015-8426, CVE-2015-8427, CVE-2015-8428, CVE-2015-8429, CVE-2015-8430, CVE-2015-8431, CVE-2015-8432, CVE-2015-8433, CVE-2015-8434, CVE-2015-8435, CVE-2015-8436, CVE-2015-8437, CVE-2015-8441, CVE-2015-8442, CVE-2015-8447, CVE-2015-8448, CVE-2015-8449, CVE-2015-8450, CVE-2015-8452, and CVE-2015-8454.
- adobe air 18.104.22.168
- adobe air_sdk 22.214.171.124
- adobe airsdk&_compiler 126.96.36.199
- adobe flash_player 188.8.131.528
- adobe flash_player 184.108.40.2061
- adobe flash_player 220.127.116.11
- adobe flash_player 18.104.22.168
- adobe flash_player 22.214.171.124
- adobe flash_player 126.96.36.199
Ease of attack
Upgrade to Adobe Flash Player 188.8.131.528 or 20.0.0 to address the vulnerability
- Cisco's Talos Intelligence Group