Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2015-0336Adobe Flash Player vulnerability

17 documents13 sources
Severity
9.3CRITICALNVD
EPSS
88.7%
top 0.49%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Adobe Flash Player
Timeline
PublishedMar 13
Latest updateAug 14

Description

Adobe Flash Player before 13.0.0.277 and 14.x through 17.x before 17.0.0.134 on Windows and OS X and before 11.2.202.451 on Linux allows attackers to execute arbitrary code by leveraging an unspecified "type confusion," a different vulnerability than CVE-2015-0334.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages1 packages

NVDadobe/flash_player13.0.0.264+16

Patches

Patch: helpx.adobe.comPatch: helpx.adobe.com

🔴Vulnerability Details

6
GHSA
GHSA-vf82-rw34-q9xr: Adobe Flash Player before 132022-05-17
GHSA
GHSA-x9gp-g79c-8994: Adobe Flash Player before 132022-05-17
Project0
A Tale of Two Exploits - Project Zero2015-04-01
OSV
CVE-2015-0336: Adobe Flash Player before 132015-03-13
OSV
CVE-2015-0334: Adobe Flash Player before 132015-03-13

💥Exploits & PoCs

2
Exploit-DB
Adobe Flash Player - NetConnection Type Confusion (Metasploit)2015-05-08
Metasploit
Adobe Flash Player NetConnection Type Confusion

📋Vendor Advisories

2
Red Hat
flash-plugin: multiple code execution issues fixed in APSB15-052015-03-12
Red Hat
flash-plugin: multiple code execution issues fixed in APSB15-052015-03-12

🕵️Threat Intelligence

3
Microsoft
Understanding type confusion vulnerabilities: CVE-2015-0336 | Microsoft Security Blog2015-06-17
Zscaler
Angler EK Utilizing 302 Cushioning & Domain Shadowing | Blog2015-04-03
Huntress
What Is Type Confusion and How Does It Work? | Huntress

📄Research Papers

1
arXiv
Uplifted Attackers, Human Defenders: The Cyber Offense-Defense Balance for Trailing-Edge Organizations2025-08-14

💬Community

1
Bugzilla
flash-plugin: multiple code execution issues fixed in APSB15-052015-03-13