⚠ Actively exploited in ransomware campaigns
This vulnerability is on the CISA Known Exploited Vulnerabilities list and has been used in known ransomware attacks. CISA required action: The impacted product is end-of-life and should be disconnected if still in use.. Due date: 2022-03-24.
CVE-2015-7645
11 documents10 sources
Severity
7.8HIGH
EPSS
85.3%
top 0.64%
CISA KEV
KEVRansomware
Added 2022-03-03
Due 2022-03-24
Exploit
Exploited in wild
Active exploitation observed
Affected products
Timeline
PublishedOct 15
KEV addedMar 3
KEV dueMar 24
Latest updateMay 17
CISA Required Action: The impacted product is end-of-life and should be disconnected if still in use.
Description
Adobe Flash Player 18.x through 18.0.0.252 and 19.x through 19.0.0.207 on Windows and OS X and 11.x through 11.2.202.535 on Linux allows remote attackers to execute arbitrary code via a crafted SWF file, as exploited in the wild in October 2015.
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9
Affected Packages9 packages
Also affects: Enterprise Linux 6.7, 5.0, 6.0
Patches
🔴Vulnerability Details
4💥Exploits & PoCs
1📋Vendor Advisories
2🕵️Threat Intelligence
2💬Community
1Bugzilla▶
CVE-2015-7645 CVE-2015-7647 CVE-2015-7648 flash-plugin: multiple code execution issue fixed in APSB15-27↗2015-10-15