Flash Player Use-After-Free in Display List Handling
XLAB ID: XLAB-15-006
CVE ID: CVE-2015-5581
Patch Status: Fixed
Vulnerability Details:
The specific flaw exists within the DisplayObject’s mask property. By maniuplating display list attacker can force a dangling pointer to be reuesed after it has been freed. An attacker can leverage this vulnerability to execute code under the context of the current process.
Disclosure Timeline:
| 2015/05/07 | Provide vulnerability detail to Adobe via psirt@adobe.com |
|---|---|
| 2015/05/09 | Adobe responded that they had opened case PSIRT-3665 for the issuse |
| 2015/09/18 | Adobe responded that they had assigned CVE-2015-5581 to the issue |
Credit:
This vulnerability was discovered by: Kai Kang