cpe:/a:adobe:flash_player:11.2.202.468 cpe:/a:adobe:flash_player:13.0.0.292 cpe:/a:adobe:flash_player:14.0.0.125 cpe:/a:adobe:flash_player:14.0.0.145 cpe:/a:adobe:flash_player:14.0.0.176 cpe:/a:adobe:flash_player:14.0.0.179 cpe:/a:adobe:flash_player:15.0.0.152 cpe:/a:adobe:flash_player:15.0.0.167 cpe:/a:adobe:flash_player:15.0.0.189 cpe:/a:adobe:flash_player:15.0.0.223 cpe:/a:adobe:flash_player:15.0.0.239 cpe:/a:adobe:flash_player:15.0.0.246 cpe:/a:adobe:flash_player:16.0.0.235 cpe:/a:adobe:flash_player:16.0.0.257 cpe:/a:adobe:flash_player:16.0.0.287 cpe:/a:adobe:flash_player:16.0.0.296 cpe:/a:adobe:flash_player:17.0.0.134 cpe:/a:adobe:flash_player:17.0.0.169 cpe:/a:adobe:flash_player:17.0.0.188 cpe:/a:adobe:flash_player:18.0.0.161 cpe:/a:adobe:flash_player:18.0.0.194 CVE-2015-5119 2015-07-08T10:59:05.677-04:00 2017-01-19T21:59:03.013-05:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2016-12-28T09:36:59.117-05:00 SECTRACK 1032809 BID 75568 GENTOO GLSA-201507-13 REDHAT RHSA-2015:1214 SUSE SUSE-SU-2015:1211 SUSE SUSE-SU-2015:1214 CERT TA15-195A CERT-VN VU#561288 MISC http://blog.trendmicro.com/trendlabs-security-intelligence/unpatched-flash-player-flaws-more-pocs-found-in-hacking-team-leak/ MISC http://twitter.com/w3bd3vil/statuses/618168863708962816 MISC http://www.rapid7.com/db/modules/exploit/multi/browser/adobe_flash_hacking_team_uaf CONFIRM https://helpx.adobe.com/security/products/flash-player/apsa15-03.html CONFIRM https://helpx.adobe.com/security/products/flash-player/apsb15-16.html MISC https://packetstormsecurity.com/files/132600/Adobe-Flash-Player-ByteArray-Use-After-Free.html SUSE openSUSE-SU-2015:1207 SUSE openSUSE-SU-2015:1210 Use-after-free vulnerability in the ByteArray class in the ActionScript 3 (AS3) implementation in Adobe Flash Player 13.x through 13.0.0.296 and 14.x through 18.0.0.194 on Windows and OS X and 11.x through 11.2.202.468 on Linux allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Flash content that overrides a valueOf function, as exploited in the wild in July 2015.