Zero-day vulnerability in Adobe Flash Player

Use-after-free error

The vulnerability was discovered by French security researcher тАЬKafeineтАЭ.
It was actively being exploited in the wild via drive-by-download attacks against systems running Internet Explorer and Firefox on Windows 8.1 and below. It was used by Angler EK and infected at least 1,800 known domains.

Known malware:

Trojan.Swifi (Symantec)
Angler EK

Vulnerability details

Advisory: SB2015012201 - Remote code execution in Adobe Flash Player

Vulnerable component: Adobe Flash Player

CVE-ID: CVE-2015-0311

CVSSv3 score: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:H/RL:O/RC:C

CWE-ID: CWE-416 - Use After Free


The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to use-after-free error when processing .swf files. A remote attacker can create a specially crafted Web site, trick the victim into visiting it, trigger memory corruption and execute arbitrary code with privileges of the current user.

Successful exploitation results in arbitrary code execution on the vulnerable system.

Note: the vulnerability was being actively exploited.

Public Exploits: