VulnerableCode Vulnerability Details

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-5qe5-pke2-sbc7

Essentials
Severities (48)
References (24)
Severity details (40)
Exploits (3)
EPSS
History (1)

Vulnerability ID	VCID-5qe5-pke2-sbc7
Aliases	CVE-2015-5122
Summary	Multiple vulnerabilities have been found in Adobe Flash Player, the worst of which allows remote attackers to execute arbitrary code.
Status	Published
Exploitability	2.0
Weighted Severity	7.0
Risk	10.0
Affected and Fixed Packages	Package Details

Weaknesses (0)

There are no known CWE.

System	Score	Found at
cvssv3.1	7.8	http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00028.html
ssvc	Attend	http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00028.html
cvssv3.1	7.8	http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00029.html
ssvc	Attend	http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00029.html
cvssv3.1	7.8	http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00032.html
ssvc	Attend	http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00032.html
cvssv3.1	7.8	http://marc.info/?l=bugtraq&m=144050155601375&w=2
ssvc	Attend	http://marc.info/?l=bugtraq&m=144050155601375&w=2
cvssv3.1	7.8	http://packetstormsecurity.com/files/132663/Adobe-Flash-opaqueBackground-Use-After-Free.html
ssvc	Attend	http://packetstormsecurity.com/files/132663/Adobe-Flash-opaqueBackground-Use-After-Free.html
cvssv3.1	7.8	http://rhn.redhat.com/errata/RHSA-2015-1235.html
ssvc	Attend	http://rhn.redhat.com/errata/RHSA-2015-1235.html
epss	0.9278	https://api.first.org/data/v1/epss?cve=CVE-2015-5122
epss	0.9278	https://api.first.org/data/v1/epss?cve=CVE-2015-5122
epss	0.9278	https://api.first.org/data/v1/epss?cve=CVE-2015-5122
epss	0.9278	https://api.first.org/data/v1/epss?cve=CVE-2015-5122
epss	0.9278	https://api.first.org/data/v1/epss?cve=CVE-2015-5122
epss	0.9278	https://api.first.org/data/v1/epss?cve=CVE-2015-5122
epss	0.9278	https://api.first.org/data/v1/epss?cve=CVE-2015-5122
epss	0.9278	https://api.first.org/data/v1/epss?cve=CVE-2015-5122
cvssv3.1	7.8	https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04796784
ssvc	Attend	https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04796784
cvssv3.1	7.8	https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04952467
ssvc	Attend	https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04952467
cvssv3.1	7.8	https://helpx.adobe.com/security/products/flash-player/apsa15-04.html
ssvc	Attend	https://helpx.adobe.com/security/products/flash-player/apsa15-04.html
cvssv3.1	7.8	https://helpx.adobe.com/security/products/flash-player/apsb15-18.html
ssvc	Attend	https://helpx.adobe.com/security/products/flash-player/apsb15-18.html
cvssv3.1	7.8	https://perception-point.io/2018/04/11/breaking-cfi-cve-2015-5122-coop/
ssvc	Attend	https://perception-point.io/2018/04/11/breaking-cfi-cve-2015-5122-coop/
cvssv3.1	7.8	https://perception-point.io/new/breaking-cfi.php
ssvc	Attend	https://perception-point.io/new/breaking-cfi.php
cvssv3.1	7.8	https://security.gentoo.org/glsa/201508-01
ssvc	Attend	https://security.gentoo.org/glsa/201508-01
cvssv3.1	7.8	https://www.exploit-db.com/exploits/37599/
ssvc	Attend	https://www.exploit-db.com/exploits/37599/
cvssv3.1	7.8	https://www.fireeye.com/blog/threat-research/2015/07/cve-2015-5122_-_seco.html
ssvc	Attend	https://www.fireeye.com/blog/threat-research/2015/07/cve-2015-5122_-_seco.html
cvssv3.1	7.8	http://www.kb.cert.org/vuls/id/338736
ssvc	Attend	http://www.kb.cert.org/vuls/id/338736
cvssv3.1	7.8	http://www.rapid7.com/db/modules/exploit/multi/browser/adobe_flash_opaque_background_uaf
ssvc	Attend	http://www.rapid7.com/db/modules/exploit/multi/browser/adobe_flash_opaque_background_uaf
cvssv3.1	7.8	http://www.securityfocus.com/bid/75712
ssvc	Attend	http://www.securityfocus.com/bid/75712
cvssv3.1	7.8	http://www.securitytracker.com/id/1032890
ssvc	Attend	http://www.securitytracker.com/id/1032890
cvssv3.1	7.8	http://www.us-cert.gov/ncas/alerts/TA15-195A
ssvc	Attend	http://www.us-cert.gov/ncas/alerts/TA15-195A

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5122.json
		https://api.first.org/data/v1/epss?cve=CVE-2015-5122
1032890		http://www.securitytracker.com/id/1032890
1242216		https://bugzilla.redhat.com/show_bug.cgi?id=1242216
338736		http://www.kb.cert.org/vuls/id/338736
37599		https://www.exploit-db.com/exploits/37599/
75712		http://www.securityfocus.com/bid/75712
adobe_flash_opaque_background_uaf		http://www.rapid7.com/db/modules/exploit/multi/browser/adobe_flash_opaque_background_uaf
Adobe-Flash-opaqueBackground-Use-After-Free.html		http://packetstormsecurity.com/files/132663/Adobe-Flash-opaqueBackground-Use-After-Free.html
apsa15-04.html		https://helpx.adobe.com/security/products/flash-player/apsa15-04.html
apsb15-18.html		https://helpx.adobe.com/security/products/flash-player/apsb15-18.html
breaking-cfi-cve-2015-5122-coop		https://perception-point.io/2018/04/11/breaking-cfi-cve-2015-5122-coop/
breaking-cfi.php		https://perception-point.io/new/breaking-cfi.php
CVE-2015-5122;OSVDB-124416	Exploit	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/37599.rb
cve-2015-5122_-_seco.html		https://www.fireeye.com/blog/threat-research/2015/07/cve-2015-5122_-_seco.html
docDisplay?docId=emr_na-c04796784		https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04796784
docDisplay?docId=emr_na-c04952467		https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04952467
GLSA-201508-01		https://security.gentoo.org/glsa/201508-01
msg00028.html		http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00028.html
msg00029.html		http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00029.html
msg00032.html		http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00032.html
RHSA-2015:1235		https://access.redhat.com/errata/RHSA-2015:1235
RHSA-2015-1235.html		http://rhn.redhat.com/errata/RHSA-2015-1235.html
TA15-195A		http://www.us-cert.gov/ncas/alerts/TA15-195A

Data source	Metasploit
Description	This module exploits an use after free on Adobe Flash Player. The vulnerability, discovered by Hacking Team and made public as part of the July 2015 data leak, was described as an Use After Free while handling the opaqueBackground property 7 setter of the flash.display.DisplayObject class. This module is an early release tested on: Windows XP SP3, IE8 and Flash 18.0.0.194, Windows XP SP3, IE 8 and Flash 18.0.0.203, Windows XP SP3, Firefox and Flash 18.0.0.203, Windows Vista SP2 + IE 9 and Flash 18.0.0.203, Windows Vista SP2 + Firefox 39.0 and Flash 18.0.0.203, Windows 7 SP1 (32-bit), IE11 and Adobe Flash 18.0.0.203, Windows 7 SP1 (32-bit), Firefox 38.0.5 and Adobe Flash 18.0.0.194, Windows 7 SP1 (32-bit), IE9 and Adobe Flash 18.0.0.203, Windows 7 SP1 (32-bit), Firefox and Adobe Flash 18.0.0.194, Windows 8.1 (32-bit), IE11 and Adobe Flash 18.0.0.194, windows 8.1 (32-bit), Firefox and Adobe Flash 18.0.0.203, Windows 8.1 (32-bit), Firefox and Adobe Flash 18.0.0.160 and Windows 8.1 (32-bit), Firefox and Adobe Flash 18.0.0.194 Windows 10 Build 10240 (32-bit) IE11, Firefox 39.0 and Adobe Flash 18.0.0.203
Note	Reliability: - unknown-reliability Stability: - unknown-stability SideEffects: - unknown-side-effects
Ransomware campaign use	Unknown
Source publication date	July 6, 2015
Platform	Windows
Source URL	https://github.com/rapid7/metasploit-framework/tree/master/modules/exploits/multi/browser/adobe_flash_opaque_background_uaf.rb

Data source	KEV
Date added	April 13, 2022
Description	Use-after-free vulnerability in the DisplayObject class in the ActionScript 3 (AS3) implementation in Adobe Flash Player allows remote attackers to execute code or cause a denial-of-service (DoS).
Required action	The impacted product is end-of-life and should be disconnected if still in use.
Due date	May 4, 2022
Note	https://nvd.nist.gov/vuln/detail/CVE-2015-5122
Ransomware campaign use	Unknown

Data source	Exploit-DB
Date added	July 13, 2015
Description	Adobe Flash - opaqueBackground Use-After-Free (Metasploit)
Ransomware campaign use	Known
Source publication date	July 13, 2015
Exploit type	remote
Platform	windows
Source update date	July 24, 2015

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00028.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-11-17T19:49:02Z/ Found at http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00028.html

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00029.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-11-17T19:49:02Z/ Found at http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00029.html

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00032.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-11-17T19:49:02Z/ Found at http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00032.html

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at http://marc.info/?l=bugtraq&m=144050155601375&w=2

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-11-17T19:49:02Z/ Found at http://marc.info/?l=bugtraq&m=144050155601375&w=2

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at http://packetstormsecurity.com/files/132663/Adobe-Flash-opaqueBackground-Use-After-Free.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-11-17T19:49:02Z/ Found at http://packetstormsecurity.com/files/132663/Adobe-Flash-opaqueBackground-Use-After-Free.html

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at http://rhn.redhat.com/errata/RHSA-2015-1235.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-11-17T19:49:02Z/ Found at http://rhn.redhat.com/errata/RHSA-2015-1235.html

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04796784

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-11-17T19:49:02Z/ Found at https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04796784

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04952467

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-11-17T19:49:02Z/ Found at https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04952467

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://helpx.adobe.com/security/products/flash-player/apsa15-04.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-11-17T19:49:02Z/ Found at https://helpx.adobe.com/security/products/flash-player/apsa15-04.html

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://helpx.adobe.com/security/products/flash-player/apsb15-18.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-11-17T19:49:02Z/ Found at https://helpx.adobe.com/security/products/flash-player/apsb15-18.html

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://perception-point.io/2018/04/11/breaking-cfi-cve-2015-5122-coop/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-11-17T19:49:02Z/ Found at https://perception-point.io/2018/04/11/breaking-cfi-cve-2015-5122-coop/

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://perception-point.io/new/breaking-cfi.php

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-11-17T19:49:02Z/ Found at https://perception-point.io/new/breaking-cfi.php

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://security.gentoo.org/glsa/201508-01

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-11-17T19:49:02Z/ Found at https://security.gentoo.org/glsa/201508-01

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://www.exploit-db.com/exploits/37599/

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-11-17T19:49:02Z/ Found at https://www.exploit-db.com/exploits/37599/

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://www.fireeye.com/blog/threat-research/2015/07/cve-2015-5122_-_seco.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-11-17T19:49:02Z/ Found at https://www.fireeye.com/blog/threat-research/2015/07/cve-2015-5122_-_seco.html

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at http://www.kb.cert.org/vuls/id/338736

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-11-17T19:49:02Z/ Found at http://www.kb.cert.org/vuls/id/338736

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at http://www.rapid7.com/db/modules/exploit/multi/browser/adobe_flash_opaque_background_uaf

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-11-17T19:49:02Z/ Found at http://www.rapid7.com/db/modules/exploit/multi/browser/adobe_flash_opaque_background_uaf

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at http://www.securityfocus.com/bid/75712

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-11-17T19:49:02Z/ Found at http://www.securityfocus.com/bid/75712

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at http://www.securitytracker.com/id/1032890

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-11-17T19:49:02Z/ Found at http://www.securitytracker.com/id/1032890

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at http://www.us-cert.gov/ncas/alerts/TA15-195A

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-11-17T19:49:02Z/ Found at http://www.us-cert.gov/ncas/alerts/TA15-195A

Exploit Prediction Scoring System (EPSS)

Percentile	0.99757
EPSS Score	0.9278
Published At	April 1, 2026, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2026-04-01T13:12:27.082614+00:00	Gentoo Importer	Import	https://security.gentoo.org/glsa/201508-01	38.0.0