CVE-2015-5122

ENISA EUVD: EUVD-2015-5137 ↗
Exploited in the Wild ✓ Confirmed 0-Day ★ Google Project Zero
Triaged: March 5, 2026 2 articles Published: 2015-07-14
VulnLookup ↗ NVD ↗ EUVD ↗ MITRE ↗ Advisory ↗ P0 Sheet ↗ CISA KEV ↗

EPSS Score

Source: FIRST.org · 2026-05-23
92.7%
probability
This CVE has a 92.7% probability of being exploited in the next 30 days.
0% Top 99.8th percentile of all CVEs 100%

CVSS v3.1

Source: VulnerabilityLookup (CIRCL)
7.8
HIGH
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS v2 (legacy)

10.0
HIGH
Access Vector
Network
Access Complexity
Low
Authentication
None
Confidentiality
Complete
Integrity
Complete
Availability
Complete
AV:N/AC:L/Au:N/C:C/I:C/A:C

Description

VulnerabilityLookup (CNA)
Use-after-free vulnerability in the DisplayObject class in the ActionScript 3 (AS3) implementation in Adobe Flash Player 13.x through 13.0.0.302 on Windows and OS X, 14.x through 18.0.0.203 on Windows and OS X, 11.x through 11.2.202.481 on Linux, and 12.x through 18.0.0.204 on Linux Chrome installations allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Flash content that leverages improper handling of the opaqueBackground property, as exploited in the wild in July 2015.

Affected Products

n/a
n/a

Attack Intelligence

Google Project Zero

Discovered
July 5, 2015
Patched
July 14, 2015
Reported by
Dhanesh Kizhakkinan of FireEye
Root Cause Analysis
???

Exploits & PoC

Signal Intelligence

Confidence
95%
EPSS 92.7%
CVSS v3.1 7.8
Mentions 2
Last Seen Jul 14, 2015

CNA Information

CNA Assigner
adobe

Analyst Note

Auto-imported from Google Project Zero — confirmed zero-day by definition.

Threat Actors 1

Hacking Team
apt_group 🇮🇹 IT

Triage Info

Decided atMar 05, 2026
Published DateJul 14, 2015