cbcvebase.
CVE-2015-7648
published 2015-10-18

CVE-2015-7648: Adobe Flash Player before 18.0.0.255 and 19.x before 19.0.0.226 on Windows and OS X and before 11.2.202.540 on Linux allows attackers to execute arbitrary code…

PriorityP267critical10CVSS 2.0
AVNACLAuNCCICAC
EXPLOIT
EPSS
29.53%
98.0th percentile
Adobe Flash Player before 18.0.0.255 and 19.x before 19.0.0.226 on Windows and OS X and before 11.2.202.540 on Linux allows attackers to execute arbitrary code by leveraging an unspecified "type confusion," a different vulnerability than CVE-2015-7647.

Affected

2 ranges
VendorProductVersion rangeFixed in
adobeflash_player<= 11.2.202.535
adobeflash_player<= 19.0.0.207

Detection & IOCsextracted from sources · hover to see the quote

urlhttps://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/38970.zip
filenameobjectencoding.swf
  • Detect SWF files exploiting type confusion via ObjectEncoder.dynamicPropertyWriter overridden with a non-function value — look for bytecode where 'writeDynamicProperties' is patched (e.g., string 'writeDocumentProperties' replacing 'triteDocumentProperties' in decompressed SWF).
  • Flag ActionScript/SWF payloads that set flash.net.ObjectEncoding.dynamicPropertyWriter to a non-function object and then call ByteArray.writeObject() on a dynamic-property-bearing object, as this triggers the type confusion code path.
  • Monitor for decompressed (flasm -x) SWF files in transit or on disk, as the PoC requires the SWF to be decompressed and manually modified at the bytecode level to bypass compiler type checks.
  • ·The type confusion is not triggerable via normal ActionScript compilation — the SWF bytecode must be manually modified post-compilation to override writeDynamicProperties with a non-function, meaning standard static AS3 analysis will miss this variant.
  • ·Affected versions span multiple platforms: Flash Player before 18.0.0.255 and 19.x before 19.0.0.226 on Windows/OS X, and before 11.2.202.540 on Linux — detections should account for all three platform version ranges.

CVSS provenance

nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
osv10.0CRITICAL
vendor_redhat10.0CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.