Flash Player Use-After-Free in Display List Handling

XLAB ID: XLAB-15-006     

CVE ID: CVE-2015-5581     

Patch Status: Fixed

Vulnerability Details:
The specific flaw exists within the DisplayObject’s mask property. By maniuplating display list attacker can force a dangling pointer to be reuesed after it has been freed. An attacker can leverage this vulnerability to execute code under the context of the current process.

Disclosure Timeline:

2015/05/07 Provide vulnerability detail to Adobe via psirt@adobe.com
2015/05/09 Adobe responded that they had opened case PSIRT-3665 for the issuse
2015/09/18 Adobe responded that they had assigned CVE-2015-5581 to the issue

This vulnerability was discovered by:   Kai Kang