Two more Flash 0-days as a result of HackingTeam data leak

By

As we discusses in our previous blog on recent Adobe 0-day(CVE-2015-5119), there are two more vulnerabilities that surfaced from the same HackingTeam data leak:

  • CVE-2015-5122: Adobe Flash ActionScript3 opaqueBackground Use After Free Vulnerability
  • CVE-2015-5123: Adobe Flash Player BitmapData Remote Code Execution Vulnerability

All three vulnerabilities are use-after-free vulnerabilities; although they occur in different classes. These vulnerabilities trigger the bug by overriding the ‘valueOf()’ function of these classes. During the override, the associated object is either freed or relocated. This makes the associated address invalid which inadvertantly triggers the vulnerability.

Here’s an example of CVE-2015-5123 where a ‘BitmapData’ object is created and disposed by overriding ‘valueOf()’ function:

Sonicwall team has written following signature that protect our customers from these exploits:

  • 15380.CVE-2015-5119.B_3 Exploit
  • 15392.CVE-2015-5119.A Exploit
  • 15398.CVE-2015-5119.DH_2 Exploit
  • 15399.CVE-2015-5119.A_2 Exploit
  • 15400.CVE-2015-5119.B Exploit
  • 15404.CVE-2015-5119.C Exploit
  • 15410.CVE-2015-5119.C_2 Exploit
  • 15413.CVE-2015-5119.A_4 Exploit
  • 15415.CVE-2015-5119.A_5 Exploit
  • 15416.CVE2015-5119.SW Exploit
  • 15418.CVE-2015-5119.A_6 Exploit
  • 15419.CVE-2015-5119.TTY Exploit
  • 15420.CVE-2015-5119.A_7 Exploit
  • 15423.CVE-2015-5119.A_10 Exploit
  • 15424.CVE-2015-5119.A_11 Exploit
  • 15426.CVE-2015-5119.A_12 Exploit
  • 15550.CVE-2015-5122.SW Exploit
  • 15553.CVE-2015-5122 Exploit
  • 15670.CVE-2015-5123.A Exploit
Security News
The SonicWall Capture Labs Threat Research Team gathers, analyzes and vets cross-vector threat information from the SonicWall Capture Threat network, consisting of global devices and resources, including more than 1 million security sensors in nearly 200 countries and territories. The research team identifies, analyzes, and mitigates critical vulnerabilities and malware daily through in-depth research, which drives protection for all SonicWall customers. In addition to safeguarding networks globally, the research team supports the larger threat intelligence community by releasing weekly deep technical analyses of the most critical threats to small businesses, providing critical knowledge that defenders need to protect their networks.