Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Trend Micro Products and the Hacking Team Flash Zero-Day (CVE-2015-5119)

    • Updated:
    • 24 Nov 2016
    • Product/Version:
    • Deep Security 9.6
    • OfficeScan 11.0
    • Platform:
    • Windows 2003 Small Business Server
    • Windows 2003 Standard
    • Windows 2008 Datacenter
    • Windows 2008 Enterprise
    • Windows 2008 Standard
    • Windows Server 2012

Trend Micro is aware of the recently discovered critical vulnerability (CVE-2015-5119) that has been found to affect all currently available versions of Adobe Flash, and wherein successful exploitation could cause a crash and potentially allow an attacker to take control of the affected system. 

Adobe has issued a security bulletin and has released version Version to address this vunerabilty. 

In terms of known exploits of this vulnerability, feedback from the Trend Micro Smart Protection Network has allowed us to learn that the Angler Exploit Kit and Nuclear Exploit Pack have been updated to include the recent Hacking Team Flash zero-day. In addition, Neutrino Exploit Kit is also said to include this zero-day.

Update (07 July 2015): Trend Micro is now aware of two (2) new additional Adobe Flash zero-day vulnerabilities connected with the widely reported Hacking Team breach. Information on the newly found vulnerabilities can be found in the following Trend Micro Security Blog postings: 

The two new Adobe Flash (CVE-2015-5122 and CVE-2015-5123) vulnerabilities have not been patched yet. Proof of concept (PoC) code exists for both of these, but there have not been active attacks against any of these to our knowledge, nor have any of these been included in exploit kits yet. 

Adobe has promised to fix these newly discovered vulnerabilities the week of July 12, 2015.


Trend Micro Products and Protection

Trend Micro’s Vulnerability Response and Service Engineering teams are investigating to see what, if any, products and services may be affected and/or vulnerable. At the conclusion of this investigation we will take appropriate steps to address any issues that are identified. 

If any Trend Micro product and services are affected, this Knowledge Base article will be updated to contain the most up-to-date list of products that have been tested for this vulnerability. This list will continually be updated as the investigation on additional products are completed, as well as information for any patches or solutions required if necessary. 

In addition, Trend Micro has some solutions that already provide protection against this threat: 

  • Trend Micro Deep Security and Vulnerability Protection (formerly the IDF plug-in for OfficeScan) customers with the latest rules also have an additional layer of protection against this vulnerability. Specifically, Trend Micro has released the following rule for proactive protection: 
    • Deep Packet Inspection (DPI) rule 10068241 – Adobe Flash ActionScript3 ByteArray Use After Free Vulnerability (CVE-2015-5119)
    • Deep Packet Inspection (DPI) rule 1006858 – Adobe Flash ActionScript3 opaqueBackground Use After Free Vulnerability (CVE-2015-5122)
    • Deep Packet Inspection (DPI) rule 1006859 – Adobe Flash Player BitmapData Remote Code Execution Vulnerability (CVE-2015-5123)
  • The existing Sandbox with Script Analyzer engine, which is part of Trend Micro Deep Discovery, can be used to detect this threat by its behavior without any engine or pattern updates. 
  • The Browser Exploit Prevention (BEP) feature in our endpoint products such as Trend Micro Security and OfficeScan blocks the exploit once the user accesses the URL it is hosted in. Browser Exploit Prevention protects against exploits that target browsers or related plugins. 
Trend Micro always highly recommends that vendor critical patches are applied as soon as possible upon release. Customers and partners who may need some additional information or have questions are encouraged to contact their authorized Trend Micro technical support representative for further assistance


Remove a Malware / Virus
Solution Id:
Did this article help you?

Thank you for your feedback!

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.