FILE-FLASH Adobe Flash Player Selection.SetSelection use-after-free attempt
This event is generated when, an attempt to exploit Adobe Flash Player using memory already released, is detected.
Attempted User Privilege Gain
CVSS base score 10.0
CVSS impact score 10.0
CVSS exploitability score 10.0
Confidentiality Impact COMPLETE
Integrity Impact COMPLETE
Availability Impact COMPLETE
This crafted SWF file exploits a remote code execution vulnerability in Adobe Flash Player. The vulnerability is due to a Use-After-Free in the Selection.SetSelection function. An attacker can entice a target to open a specially crafted flash file to trigger the vulnerability. Successful exploitation may result in execution of arbitrary code or abnormal termination of the flash process.
CVE-2015-8413: Use-after-free vulnerability in Adobe Flash Player before 126.96.36.1998 and 19.x and 20.x before 188.8.131.52 on Windows and OS X and before 184.108.40.2064 on Linux, Adobe AIR before 220.127.116.11, Adobe AIR SDK before 18.104.22.168, and Adobe AIR SDK & Compiler before 22.214.171.124 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-8048, CVE-2015-8049, CVE-2015-8050, CVE-2015-8055, CVE-2015-8056, CVE-2015-8057, CVE-2015-8058, CVE-2015-8059, CVE-2015-8061, CVE-2015-8062, CVE-2015-8063, CVE-2015-8064, CVE-2015-8065, CVE-2015-8066, CVE-2015-8067, CVE-2015-8068, CVE-2015-8069, CVE-2015-8070, CVE-2015-8071, CVE-2015-8401, CVE-2015-8402, CVE-2015-8403, CVE-2015-8404, CVE-2015-8405, CVE-2015-8406, CVE-2015-8410, CVE-2015-8411, CVE-2015-8412, CVE-2015-8414, CVE-2015-8420, CVE-2015-8421, CVE-2015-8422, CVE-2015-8423, CVE-2015-8424, CVE-2015-8425, CVE-2015-8426, CVE-2015-8427, CVE-2015-8428, CVE-2015-8429, CVE-2015-8430, CVE-2015-8431, CVE-2015-8432, CVE-2015-8433, CVE-2015-8434, CVE-2015-8435, CVE-2015-8436, CVE-2015-8437, CVE-2015-8441, CVE-2015-8442, CVE-2015-8447, CVE-2015-8448, CVE-2015-8449, CVE-2015-8450, CVE-2015-8452, and CVE-2015-8454.
- adobe air 126.96.36.199
- adobe air_sdk 188.8.131.52
- adobe airsdk&_compiler 184.108.40.206
- adobe flash_player 220.127.116.118
- adobe flash_player 18.104.22.1681
- adobe flash_player 22.214.171.124
- adobe flash_player 126.96.36.199
- adobe flash_player 188.8.131.52
- adobe flash_player 184.108.40.206
Ease of attack
Upgrade to Adobe Flash Player 220.127.116.118 or 20.0.0 to address the vulnerability
- Cisco's Talos Intelligence Group