CVE-2015-7645
Adobe Flash Player Arbitrary Code Execution Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
2Exploited in Wild
YesDecision
Descriptions
Adobe Flash Player 18.x through 18.0.0.252 and 19.x through 19.0.0.207 on Windows and OS X and 11.x through 11.2.202.535 on Linux allows remote attackers to execute arbitrary code via a crafted SWF file, as exploited in the wild in October 2015.
Adobe Flash Player 18.x hasta la versión 18.0.0.252 y 19.x hasta la versión 19.0.0.207 en Windows y OS X y 11.x hasta la versión 11.2.202.535 en Linux permite a atacantes remotos ejecutar código arbitrario a través de un archivo SWF manipulado, como se explotó activamente en octubre de 2015.
The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash Player web browser plug-in. This update fixes three vulnerabilities in Adobe Flash Player. These vulnerabilities, detailed in the Adobe Security Bulletin APSB15-27 listed in the References section, could allow an attacker to create a specially crafted SWF file that would cause flash-plugin to crash, execute arbitrary code, or disclose sensitive information when the victim loaded a page containing the malicious SWF content.
Adobe Flash Player allows remote attackers to execute arbitrary code via a crafted SWF file.
CVSS Scores
SSVC
- Decision:Act
Timeline
- 2015-10-01 CVE Reserved
- 2015-10-15 CVE Published
- 2015-10-18 First Exploit
- 2022-03-03 Exploited in Wild
- 2022-03-24 KEV Due Date
- 2025-02-04 CVE Updated
- 2025-03-30 EPSS Updated
CWE
CAPEC
References (17)
| URL | Tag | Source |
|---|---|---|
| http://blog.trendmicro.com/trendlabs-security-intelligence/new-adobe-flash-zero-day-used-in-pawn-storm-campaign | X_refsource_misc | |
| http://packetstormsecurity.com/files/134009/Adobe-Flash-IExternalizable.writeExternal-Type-Confusion.html | X_refsource_misc |
|
| http://www.securityfocus.com/bid/77081 | Vdb Entry | |
| http://www.securitytracker.com/id/1033850 | Vdb Entry | |
| https://helpx.adobe.com/security/products/flash-player/apsb15-27.html | X_refsource_confirm |
| URL | Date | SRC |
|---|---|---|
| https://packetstorm.news/files/id/134009 | 2015-10-18 | |
| https://www.exploit-db.com/exploits/38490 | 2025-02-04 |
| URL | Date | SRC |
|---|---|---|
| https://helpx.adobe.com/security/products/flash-player/apsa15-05.html | 2017-07-01 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Adobe Search vendor "Adobe" | Flash Player Search vendor "Adobe" for product "Flash Player" | <= 19.0.0.207 Search vendor "Adobe" for product "Flash Player" and version " <= 19.0.0.207" | - |
Affected
| in | Apple Search vendor "Apple" | Mac Os X Search vendor "Apple" for product "Mac Os X" | - | - |
Safe
|
| Adobe Search vendor "Adobe" | Flash Player Search vendor "Adobe" for product "Flash Player" | <= 19.0.0.207 Search vendor "Adobe" for product "Flash Player" and version " <= 19.0.0.207" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | - | - |
Safe
|
| Adobe Search vendor "Adobe" | Flash Player Search vendor "Adobe" for product "Flash Player" | <= 11.2.202.535 Search vendor "Adobe" for product "Flash Player" and version " <= 11.2.202.535" | - |
Affected
| in | Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | - | - |
Safe
|