Flash Player Buffer Overflow in Display List Handling

XLAB ID: XLAB-15-008     

CVE ID: CVE-2015-5124     

Patch Status: Fixed

Vulnerability Details:
The specific flaw exists within the handling of display list. By maniuplating DisplayObject’s properties attacker can force buffer overflow occuring in flash player. An attacker can leverage this vulnerability to execute code under the context of the current process.

Disclosure Timeline:

2015/05/12 Provide vulnerability detail to Adobe via psirt@adobe.com
2015/05/13 Adobe responded that they had opened case PSIRT-3670 for the issuse
2015/07/18 Adobe responded that they had assigned CVE-2015-5124 to the issue

This vulnerability was discovered by:   Kai Kang