Zero-day vulnerability in Adobe Flash Player

Security bypass

The vulnerability was discovered and reported by security researcher Kafeine.
The vulnerability was used in attacks against older versions of Flash Player.

Known malware:

Angler EK.

Vulnerability details

Advisory: SB2015011401 - Security bypass in Adobe Flash Player

Vulnerable component: Adobe Flash Player

CVE-ID: CVE-2015-0310

CVSSv3 score: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N/E:H/RL:O/RC:C

CWE-ID: CWE-401 - Improper Release of Memory Before Removing Last Reference ('Memory Leak')


The vulnerability allows a remote attacker to circumvent memory address randomization on the target system.

The weakness exists due to memory leak error. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption, bypass memory address randomization on the Windows platform and obtain sensitive information.

Note: the vulnerability was being actively exploited.