cve/2015/CVE-2015-5119.md

### [CVE-2015-5119](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5119)
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)

### Description

Use-after-free vulnerability in the ByteArray class in the ActionScript 3 (AS3) implementation in Adobe Flash Player 13.x through 13.0.0.296 and 14.x through 18.0.0.194 on Windows and OS X and 11.x through 11.2.202.468 on Linux allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Flash content that overrides a valueOf function, as exploited in the wild in July 2015.

### POC

#### Reference
- http://blog.trendmicro.com/trendlabs-security-intelligence/unpatched-flash-player-flaws-more-pocs-found-in-hacking-team-leak/
- https://packetstormsecurity.com/files/132600/Adobe-Flash-Player-ByteArray-Use-After-Free.html

#### Github
- https://github.com/ARPSyndicate/cvemon
- https://github.com/Advisory-Emulations/APT-37
- https://github.com/CVEDB/PoC-List
- https://github.com/CVEDB/awesome-cve-repo
- https://github.com/CVEDB/top
- https://github.com/ChennaCSP/APT37-Emulation-plan
- https://github.com/CiscoCXSecurity/CVE-2015-5119_walkthrough
- https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections
- https://github.com/GhostTroops/TOP
- https://github.com/JERRY123S/all-poc
- https://github.com/Ostorlab/KEV
- https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors
- https://github.com/Parist0nH1ll/Vulnerabilities-Write-Ups
- https://github.com/Xattam1/Adobe-Flash-Exploits_17-18
- https://github.com/cyberanand1337x/bug-bounty-2022
- https://github.com/dangokyo/CVE-2015-5119
- https://github.com/emtee40/APT_CyberCriminal_Campagin_Collections
- https://github.com/emtuls/Awesome-Cyber-Security-List
- https://github.com/eric-erki/APT_CyberCriminal_Campagin_Collections
- https://github.com/hktalent/TOP
- https://github.com/iwarsong/apt
- https://github.com/jbmihoub/all-poc
- https://github.com/jvazquez-r7/CVE-2015-5119
- https://github.com/jvdroit/APT_CyberCriminal_Campagin_Collections
- https://github.com/likescam/APT_CyberCriminal_Campagin_Collections
- https://github.com/likescam/CyberMonitor-APT_CyberCriminal_Campagin_Collections
- https://github.com/lnick2023/nicenice
- https://github.com/mdsecactivebreach/CVE-2018-4878
- https://github.com/qazbnm456/awesome-cve-poc
- https://github.com/sumas/APT_CyberCriminal_Campagin_Collections
- https://github.com/ukncsc/stix-cvebuilder
- https://github.com/weeka10/-hktalent-TOP
- https://github.com/xbl3/awesome-cve-poc_qazbnm456
Update Sun May 26 14:27:04 CEST 2024 2024-05-26 14:27:05 +02:00			`### [CVE-2015-5119](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5119)`
			`![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)`
			`![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)`
			`![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)`

			`### Description`

			`Use-after-free vulnerability in the ByteArray class in the ActionScript 3 (AS3) implementation in Adobe Flash Player 13.x through 13.0.0.296 and 14.x through 18.0.0.194 on Windows and OS X and 11.x through 11.2.202.468 on Linux allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Flash content that overrides a valueOf function, as exploited in the wild in July 2015.`

			`### POC`

			`#### Reference`
			`- http://blog.trendmicro.com/trendlabs-security-intelligence/unpatched-flash-player-flaws-more-pocs-found-in-hacking-team-leak/`
			`- https://packetstormsecurity.com/files/132600/Adobe-Flash-Player-ByteArray-Use-After-Free.html`

			`#### Github`
			`- https://github.com/ARPSyndicate/cvemon`
			`- https://github.com/Advisory-Emulations/APT-37`
			`- https://github.com/CVEDB/PoC-List`
			`- https://github.com/CVEDB/awesome-cve-repo`
			`- https://github.com/CVEDB/top`
			`- https://github.com/ChennaCSP/APT37-Emulation-plan`
			`- https://github.com/CiscoCXSecurity/CVE-2015-5119_walkthrough`
			`- https://github.com/CyberMonitor/APT_CyberCriminal_Campagin_Collections`
			`- https://github.com/GhostTroops/TOP`
			`- https://github.com/JERRY123S/all-poc`
			`- https://github.com/Ostorlab/KEV`
			`- https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors`
			`- https://github.com/Parist0nH1ll/Vulnerabilities-Write-Ups`
			`- https://github.com/Xattam1/Adobe-Flash-Exploits_17-18`
			`- https://github.com/cyberanand1337x/bug-bounty-2022`
			`- https://github.com/dangokyo/CVE-2015-5119`
			`- https://github.com/emtee40/APT_CyberCriminal_Campagin_Collections`
			`- https://github.com/emtuls/Awesome-Cyber-Security-List`
			`- https://github.com/eric-erki/APT_CyberCriminal_Campagin_Collections`
			`- https://github.com/hktalent/TOP`
			`- https://github.com/iwarsong/apt`
			`- https://github.com/jbmihoub/all-poc`
			`- https://github.com/jvazquez-r7/CVE-2015-5119`
			`- https://github.com/jvdroit/APT_CyberCriminal_Campagin_Collections`
			`- https://github.com/likescam/APT_CyberCriminal_Campagin_Collections`
			`- https://github.com/likescam/CyberMonitor-APT_CyberCriminal_Campagin_Collections`
			`- https://github.com/lnick2023/nicenice`
			`- https://github.com/mdsecactivebreach/CVE-2018-4878`
			`- https://github.com/qazbnm456/awesome-cve-poc`
			`- https://github.com/sumas/APT_CyberCriminal_Campagin_Collections`
			`- https://github.com/ukncsc/stix-cvebuilder`
			`- https://github.com/weeka10/-hktalent-TOP`
			`- https://github.com/xbl3/awesome-cve-poc_qazbnm456`