CVE-2015-7645
Adobe Flash Player Arbitrary Code Execution Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
YesDecision
Descriptions
Adobe Flash Player 18.x through 18.0.0.252 and 19.x through 19.0.0.207 on Windows and OS X and 11.x through 11.2.202.535 on Linux allows remote attackers to execute arbitrary code via a crafted SWF file, as exploited in the wild in October 2015.
Adobe Flash Player 18.x hasta la versión 18.0.0.252 y 19.x hasta la versión 19.0.0.207 en Windows y OS X y 11.x hasta la versión 11.2.202.535 en Linux permite a atacantes remotos ejecutar código arbitrario a través de un archivo SWF manipulado, como se explotó activamente en octubre de 2015.
If IExternalizable.writeExternal is overridden with a value that is not a function, Flash assumes it is a function even though it is not one. This leads to execution of a 'method' outside of the ActionScript object's ActionScript vtable, leading to memory corruption.
Adobe Flash Player allows remote attackers to execute arbitrary code via a crafted SWF file.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2015-10-01 CVE Reserved
- 2015-10-15 CVE Published
- 2022-03-03 Exploited in Wild
- 2022-03-24 KEV Due Date
- 2024-07-17 EPSS Updated
- 2024-08-06 CVE Updated
- 2024-08-06 First Exploit
CWE
CAPEC
References (16)
| URL | Tag | Source |
|---|---|---|
| http://blog.trendmicro.com/trendlabs-security-intelligence/new-adobe-flash-zero-day-used-in-pawn-storm-campaign | X_refsource_misc | |
| http://packetstormsecurity.com/files/134009/Adobe-Flash-IExternalizable.writeExternal-Type-Confusion.html | X_refsource_misc |
|
| http://www.securityfocus.com/bid/77081 | Vdb Entry | |
| http://www.securitytracker.com/id/1033850 | Vdb Entry | |
| https://helpx.adobe.com/security/products/flash-player/apsb15-27.html | X_refsource_confirm |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/38490 | 2024-08-06 |
| URL | Date | SRC |
|---|---|---|
| https://helpx.adobe.com/security/products/flash-player/apsa15-05.html | 2017-07-01 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Adobe Search vendor "Adobe" | Flash Player Search vendor "Adobe" for product "Flash Player" | <= 19.0.0.207 Search vendor "Adobe" for product "Flash Player" and version " <= 19.0.0.207" | - |
Affected
| in | Apple Search vendor "Apple" | Mac Os X Search vendor "Apple" for product "Mac Os X" | - | - |
Safe
|
| Adobe Search vendor "Adobe" | Flash Player Search vendor "Adobe" for product "Flash Player" | <= 19.0.0.207 Search vendor "Adobe" for product "Flash Player" and version " <= 19.0.0.207" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | - | - |
Safe
|
| Adobe Search vendor "Adobe" | Flash Player Search vendor "Adobe" for product "Flash Player" | <= 11.2.202.535 Search vendor "Adobe" for product "Flash Player" and version " <= 11.2.202.535" | - |
Affected
| in | Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | - | - |
Safe
|