Zero-day vulnerability in Adobe Flash Player

Security bypass
CVE-2015-0310

The vulnerability was discovered and reported by security researcher Kafeine.
The vulnerability was used in attacks against older versions of Flash Player.

Known malware:

Angler EK.

Vulnerability details

Advisory: SB2015011401 - Security bypass in Adobe Flash Player

Vulnerable component: Adobe Flash Player

CVE-ID: CVE-2015-0310

CVSSv3 score: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N/E:H/RL:O/RC:C

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Description:

The vulnerability allows a remote attacker to circumvent memory address randomization on the target system.

The weakness exists due to memory leak error. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption, bypass memory address randomization on the Windows platform and obtain sensitive information.

Note: the vulnerability was being actively exploited.